A Deep Intrusion Detection Model for Network Traffic Payload Analysis

Sina Hojjatinia; Mehrnoosh Monshizadeh; Vikramajeet Khatri

doi:10.23919/SoftCOM58365.2023.10271641

A Deep Intrusion Detection Model for Network Traffic Payload Analysis

Sina Hojjatinia^*, Mehrnoosh Monshizadeh, Vikramajeet Khatri

^*Tämän työn vastaava kirjoittaja

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference article in proceedings › Scientific › vertaisarvioitu

1 Sitaatiot (Scopus)

5 Lataukset (Pure)

Abstrakti

Recently, many studies have focused on payload analysis. However, these studies mostly apply image-based deep classifiers for layer 7 traffic analysis and not specifically for intrusion detection. Furthermore, the proposed methods mostly focus on specific types of attacks. This paper introduces a Multi-deep classifier for Payload Intrusion Detection (McPID). The proposed architecture benefits from the generalization capability of deep algorithms in order to efficiently detect a wider range of payload-based attacks such as botnet communication, brute-force (SSH, FTPS, web-attack), and DoS. In order to evaluate the performance of the introduced architecture, three publicly available datasets such as CIC-IDS-2017, UNSW 2015, and CTU-2013 are applied in experimental results.

Alkuperäiskieli	Englanti
Otsikko	2023 31st International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2023
Toimittajat	Dinko Begusic, Nikola Rozic, Josko Radic, Matko Saric
Kustantaja	IEEE
Sivumäärä	7
ISBN (elektroninen)	979-8-3503-0107-6
DOI - pysyväislinkit	https://doi.org/10.23919/SoftCOM58365.2023.10271641
Tila	Julkaistu - 2023
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisussa
Tapahtuma	International Conference on Software, Telecommunications and Computer Networks - Split, Kroatia Kesto: 21 syysk. 2023 → 23 syysk. 2023

Julkaisusarja

Nimi	SoftCOM
ISSN (elektroninen)	1847-358X

Conference

Conference	International Conference on Software, Telecommunications and Computer Networks
Lyhennettä	SoftCOM
Maa/Alue	Kroatia
Kaupunki	Split
Ajanjakso	21/09/2023 → 23/09/2023

Pääsy asiakirjaan

10.23919/SoftCOM58365.2023.10271641

A Deep Intrusion Detection Model for Network Traffic Payload AnalysisAccepted author manuscript, 429 KB

Muut tiedostot ja linkit

Linkki julkaisuun Scopuksessa

Siteeraa tätä

@inproceedings{405abc8a232f4fbf9ea5cf1e5414dd15,

title = "A Deep Intrusion Detection Model for Network Traffic Payload Analysis",

abstract = "Recently, many studies have focused on payload analysis. However, these studies mostly apply image-based deep classifiers for layer 7 traffic analysis and not specifically for intrusion detection. Furthermore, the proposed methods mostly focus on specific types of attacks. This paper introduces a Multi-deep classifier for Payload Intrusion Detection (McPID). The proposed architecture benefits from the generalization capability of deep algorithms in order to efficiently detect a wider range of payload-based attacks such as botnet communication, brute-force (SSH, FTPS, web-attack), and DoS. In order to evaluate the performance of the introduced architecture, three publicly available datasets such as CIC-IDS-2017, UNSW 2015, and CTU-2013 are applied in experimental results.",

keywords = "anomaly detection, convolutional neural network., data mining, deep learning, payload analysis, security",

author = "Sina Hojjatinia and Mehrnoosh Monshizadeh and Vikramajeet Khatri",

note = "Publisher Copyright: {\textcopyright} 2023 University of Split, FESB.; International Conference on Software, Telecommunications and Computer Networks, SoftCOM ; Conference date: 21-09-2023 Through 23-09-2023",

year = "2023",

doi = "10.23919/SoftCOM58365.2023.10271641",

language = "English",

series = "SoftCOM",

publisher = "IEEE",

editor = "Dinko Begusic and Nikola Rozic and Josko Radic and Matko Saric",

booktitle = "2023 31st International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2023",

address = "United States",

}

Hojjatinia, S, Monshizadeh, M & Khatri, V 2023, A Deep Intrusion Detection Model for Network Traffic Payload Analysis. julkaisussa D Begusic, N Rozic, J Radic & M Saric (toim), 2023 31st International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2023. SoftCOM, IEEE, International Conference on Software, Telecommunications and Computer Networks, Split, Kroatia, 21/09/2023. https://doi.org/10.23919/SoftCOM58365.2023.10271641

A Deep Intrusion Detection Model for Network Traffic Payload Analysis. / Hojjatinia, Sina; Monshizadeh, Mehrnoosh; Khatri, Vikramajeet.
2023 31st International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2023. toim. / Dinko Begusic; Nikola Rozic; Josko Radic; Matko Saric. IEEE, 2023. (SoftCOM).

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference article in proceedings › Scientific › vertaisarvioitu

TY - GEN

T1 - A Deep Intrusion Detection Model for Network Traffic Payload Analysis

AU - Hojjatinia, Sina

AU - Monshizadeh, Mehrnoosh

AU - Khatri, Vikramajeet

PY - 2023

Y1 - 2023

N2 - Recently, many studies have focused on payload analysis. However, these studies mostly apply image-based deep classifiers for layer 7 traffic analysis and not specifically for intrusion detection. Furthermore, the proposed methods mostly focus on specific types of attacks. This paper introduces a Multi-deep classifier for Payload Intrusion Detection (McPID). The proposed architecture benefits from the generalization capability of deep algorithms in order to efficiently detect a wider range of payload-based attacks such as botnet communication, brute-force (SSH, FTPS, web-attack), and DoS. In order to evaluate the performance of the introduced architecture, three publicly available datasets such as CIC-IDS-2017, UNSW 2015, and CTU-2013 are applied in experimental results.

AB - Recently, many studies have focused on payload analysis. However, these studies mostly apply image-based deep classifiers for layer 7 traffic analysis and not specifically for intrusion detection. Furthermore, the proposed methods mostly focus on specific types of attacks. This paper introduces a Multi-deep classifier for Payload Intrusion Detection (McPID). The proposed architecture benefits from the generalization capability of deep algorithms in order to efficiently detect a wider range of payload-based attacks such as botnet communication, brute-force (SSH, FTPS, web-attack), and DoS. In order to evaluate the performance of the introduced architecture, three publicly available datasets such as CIC-IDS-2017, UNSW 2015, and CTU-2013 are applied in experimental results.

KW - anomaly detection

KW - convolutional neural network.

KW - data mining

KW - deep learning

KW - payload analysis

KW - security

UR - http://www.scopus.com/inward/record.url?scp=85174520889&partnerID=8YFLogxK

U2 - 10.23919/SoftCOM58365.2023.10271641

DO - 10.23919/SoftCOM58365.2023.10271641

M3 - Conference article in proceedings

AN - SCOPUS:85174520889

T3 - SoftCOM

BT - 2023 31st International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2023

A2 - Begusic, Dinko

A2 - Rozic, Nikola

A2 - Radic, Josko

A2 - Saric, Matko

PB - IEEE

T2 - International Conference on Software, Telecommunications and Computer Networks

Y2 - 21 September 2023 through 23 September 2023

ER -

A Deep Intrusion Detection Model for Network Traffic Payload Analysis

Abstrakti

Julkaisusarja

Conference

Pääsy asiakirjaan

Muut tiedostot ja linkit

Sormenjälki

Siteeraa tätä