Flow-based malware detection using convolutional neural network

Yeo, Matthew Sze‐Wei; Koo, Young Do; Yoon, Young-Gui; Hwang, Tae-Sung; Ryu, Jee An; Song, JiHyeon; Park, C.

doi:10.1109/icoin.2018.8343255

Cited by 56 publications

(21 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Convolutional Neural Networks (CNNs), a specific DL technique, have grown in popularity in recent times leading to major innovations in computer vision [6]- [8] and Natural Language Processing [9], as well as various niche areas such as protein binding prediction [10], [11], machine vibration analysis [12] and medical signal processing [13]. Whilst their use is still under-researched in cybersecurity generally, the application of CNNs has advanced the state-of-the-art in certain specific scenarios such as malware detection [14]- [17], code analysis [18], network traffic analysis [4], [19]- [21] and intrusion detection in industrial control systems [22]. These successes, combined with the benefits of CNN with respect to reduced feature engineering and high detection accuracy, motivate us to employ CNNs in our work.…”

Section: Introductionmentioning

confidence: 99%

Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Doriguzzi-Corin

Millar

Scott-Hayward

et al. 2020

IEEE Trans. Netw. Serv. Manage.

225

105

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks are one of the most harmful threats in today's Internet, disrupting the availability of essential services. The challenge of DDoS detection is the combination of attack approaches coupled with the volume of live traffic to be analysed. In this paper, we present a practical, lightweight deep learning DDoS detection system called LUCID, which exploits the properties of Convolutional Neural Networks (CNNs) to classify traffic flows as either malicious or benign. We make four main contributions; (1) an innovative application of a CNN to detect DDoS traffic with low processing overhead, (2) a dataset-agnostic preprocessing mechanism to produce traffic observations for online attack detection, (3) an activation analysis to explain LUCID's DDoS classification, and (4) an empirical validation of the solution on a resource-constrained hardware platform. Using the latest datasets, LUCID matches existing stateof-the-art detection accuracy whilst presenting a 40x reduction in processing time, as compared to the state-of-the-art. With our evaluation results, we prove that the proposed approach is suitable for effective DDoS detection in resource-constrained operational environments.

show abstract

Section: Introductionmentioning

confidence: 99%

Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Doriguzzi-Corin

Millar

Scott-Hayward

et al. 2020

IEEE Trans. Netw. Serv. Manage.

225

105

View full text Add to dashboard Cite

show abstract

“…Signatures can match the characteristic malware content [89], network protocols and packet payloads [90], but they can also identify suspicious behavior [91], [92], being an effective method for detecting well-known malware. The use of metadata [93] and connection attributes [94] made it possible to define new features and increase the level of efficiency enabling the detection of malicious network traffic. In addition, new signature types such as JA3/JA3S have added new capabilities to the signature-based engines, allowing the detection of threats in encrypted traffic [95].…”

Section: A Signature-based Methodsmentioning

confidence: 99%

Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection

Caviglione

Choraś

Corona³

et al. 2021

IEEE Access

View full text Add to dashboard Cite

“…The semi-supervised method obtained an accuracy of 86% in [599], whereas others achieved 95.9% accuracy with SVM [595]. SVM was further used for malware detection in [600,601]. Authors in [602] proposed a new method with an accuracy of 97.95% to detect unknown malware.…”

Section: ) Techniques and Methodsmentioning

confidence: 99%

A Survey on Machine Learning Techniques for Cyber Security in the Last Decade

et al. 2020

View full text Add to dashboard Cite

Pervasive growth and usage of the Internet and mobile applications have expanded cyberspace. The cyberspace has become more vulnerable to automated and prolonged cyberattacks. Cyber security techniques provide enhancements in security measures to detect and react against cyberattacks. The previously used security systems are no longer sufficient because cybercriminals are smart enough to evade conventional security systems. Conventional security systems lack efficiency in detecting previously unseen and polymorphic security attacks. Machine learning (ML) techniques are playing a vital role in numerous applications of cyber security. However, despite the ongoing success, there are significant challenges in ensuring the trustworthiness of ML systems. There are incentivized malicious adversaries present in the cyberspace that are willing to game and exploit such ML vulnerabilities. This paper aims to provide a comprehensive overview of the challenges that ML techniques face in protecting cyberspace against attacks, by presenting a literature on ML techniques for cyber security including intrusion detection, spam detection, and malware detection on computer networks and mobile networks in the last decade. It also provides brief descriptions of each ML method, frequently used security datasets, essential ML tools, and evaluation metrics to evaluate a classification model. It finally discusses the challenges of using ML techniques in cyber security. This paper provides the latest extensive bibliography and the current trends of ML in cyber security.

show abstract

Flow-based malware detection using convolutional neural network

Cited by 56 publications

References 4 publications

Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection

A Survey on Machine Learning Techniques for Cyber Security in the Last Decade

Contact Info

Product

Resources

About