A Deep Intrusion Detection Model for Network Traffic Payload Analysis

Sina Hojjatinia*, Mehrnoosh Monshizadeh, Vikramajeet Khatri

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

Abstract

Recently, many studies have focused on payload analysis. However, these studies mostly apply image-based deep classifiers for layer 7 traffic analysis and not specifically for intrusion detection. Furthermore, the proposed methods mostly focus on specific types of attacks. This paper introduces a Multi-deep classifier for Payload Intrusion Detection (McPID). The proposed architecture benefits from the generalization capability of deep algorithms in order to efficiently detect a wider range of payload-based attacks such as botnet communication, brute-force (SSH, FTPS, web-attack), and DoS. In order to evaluate the performance of the introduced architecture, three publicly available datasets such as CIC-IDS-2017, UNSW 2015, and CTU-2013 are applied in experimental results.

Original languageEnglish
Title of host publication2023 31st International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2023
EditorsDinko Begusic, Nikola Rozic, Josko Radic, Matko Saric
PublisherIEEE
Number of pages7
ISBN (Electronic)979-8-3503-0107-6
DOIs
Publication statusPublished - 2023
MoE publication typeA4 Conference publication
EventInternational Conference on Software, Telecommunications and Computer Networks - Split, Croatia
Duration: 21 Sept 202323 Sept 2023

Publication series

NameSoftCOM
ISSN (Electronic)1847-358X

Conference

ConferenceInternational Conference on Software, Telecommunications and Computer Networks
Abbreviated titleSoftCOM
Country/TerritoryCroatia
CitySplit
Period21/09/202323/09/2023

Keywords

  • anomaly detection
  • convolutional neural network.
  • data mining
  • deep learning
  • payload analysis
  • security

Fingerprint

Dive into the research topics of 'A Deep Intrusion Detection Model for Network Traffic Payload Analysis'. Together they form a unique fingerprint.

Cite this