Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

A Systematic Framework for Malicious Traffic Detection Based on Feature Repository

  • Conference paper
  • First Online:
Human Centered Computing (HCC 2018)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11354))

Included in the following conference series:

  • 1211 Accesses

Abstract

Machine learning becomes an effective method to detect malicious traffic. With the proliferation of network traffic, malicious traffic categories are greatly increased, which puts forward higher requirements for the computation time and detection accuracy of machine learning. A feature selection framework is proposed to balance the computation time and detection accuracy. First, we construct a feature repository of traffic information with high dimensions. In order to reduce the computation time and minimize the loss of accuracy, we investigate the feature selection algorithms. The algorithm based on chi-square test and xgboost algorithm are adopted to evaluate the proposal. The experiments on CTU dataset show that the proposal can reduce the computation time while ensuring the accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Yang, X.N., Wang, W., Xu, X.F., Pang, G.R., Zhang, C.L.: Research on the construction of a novel cyberspace security ecosystem. Engineering 4(1), 47–52 (2018)

    Article  Google Scholar 

  2. Kumar, S., Dharmapurikar, S., Yu, F., Crowley, P., Turner, J.: Algorithms to accelerate multiple regular expressions matching for deep packet inspection, vol. 36, pp. 339–350. ACM (2006)

    Google Scholar 

  3. Bujlow, T., Carela-Español, V., Barlet-Ros, P.: Independent comparison of popular dpi tools for traffic classification. Comput. Netw. 76, 75–89 (2015)

    Article  Google Scholar 

  4. Khan, S., Rahmani, H., Shah, S.A.A., Bennamoun, M.: A guide to convolutional neural networks for computer vision. Synth. Lect. Comput. Vis. 8(1), 1–207 (2018)

    Article  Google Scholar 

  5. Abdelaziz, A.H.: Comparing fusion models for dnn-based audiovisual continuous speech recognition. IEEE/ACM Trans. Audio Speech Lang. Process. 26(3), 475–484 (2018)

    Article  Google Scholar 

  6. Young, T., Hazarika, D., Poria, S., Cambria, E.: Recent trends in deep learning based natural language processing (review article). IEEE Comput. Intelli. Mag. 13(3), 55–75 (2018)

    Article  Google Scholar 

  7. Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2017)

    Article  Google Scholar 

  8. Nishani, L., Biba, M.: Machine learning for intrusion detection in manet: a state-of-the-art survey. J. Intell. Inf. Syst. 46(2), 391–407 (2016)

    Article  Google Scholar 

  9. Wang, M., Cui, Y., Wang, X., Xiao, S., Jiang, J.: Machine learning for networking: workflow, advances and opportunities. IEEE Network, PP(99), 1–8 (2017)

    Google Scholar 

  10. Wang, Y., Xiang, Y., Yu, S.Z.: An automatic application signature construction system for unknown traffic. Concurr. Comput. Pract. Exp. 22(13), 1927–1944 (2010)

    Article  Google Scholar 

  11. Moore, A.W., Papagiannaki, K.: Toward the accurate identification of network applications. In: Dovrolis, C. (ed.) PAM 2005. LNCS, vol. 3431, pp. 41–54. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31966-5_4

    Chapter  Google Scholar 

  12. Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of P2P traffic using application signatures. In: Proceedings of ACM WWW (2004)

    Google Scholar 

  13. Tongaonkar, A., Torres, R., Iliofotou, M., Keralapura, R., Nucci, A.: Towards self adaptive network traffic classification. Comput. Commun. 56, 35–46 (2015)

    Article  Google Scholar 

  14. Gomes, J.V., Pereira, M., Monteiro, P.P.: Detection and classification of peer-to-peer traffic:a survey. ACM Comput. Surv. 45(3), 1–40 (2013)

    Article  Google Scholar 

  15. Xu, C., Chen, S., Su, J., Yiu, S.M., Hui, L.C.K.: A survey on regular expression matching for deep packet inspection: applications, algorithms, and hardware platforms. IEEE Commun. Surv. Tutor. 18(4), 2991–3029 (2016)

    Article  Google Scholar 

  16. Rodrigues, G.P., et al.: Cybersecurity and network forensics: analysis of malicious traffic towards a honeynet with deep packet inspection. Appl. Sci. 7(10), 1082 (2017)

    Article  Google Scholar 

  17. Finamore, A., Mellia, M., Meo, M.: Mining unclassified traffic using automatic clustering techniques. In: Domingo-Pascual, J., Shavitt, Y., Uhlig, S. (eds.) TMA 2011. LNCS, vol. 6613, pp. 150–163. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20305-3_13

    Chapter  Google Scholar 

  18. Erman, J., Mahanti, A., Arlitt, M., Williamson, C.: Identifying and discriminating between web and peer-to-peer traffic in the network core. In: International Conference on World Wide Web, pp. 883–892. ACM (2007)

    Google Scholar 

  19. Xu, B., Chen, S., Zhang, H., Wu, T.: Incremental k-NN SVM method in intrusion detection. In: IEEE International Conference on Software Engineering and Service Science, pp. 712–717. IEEE (2017)

    Google Scholar 

  20. Yang, L.: Network anomaly traffic detection algorithm based on SVM. In: International Conference on Robots and Intelligent System, pp. 217–220. IEEE Computer Society (2017)

    Google Scholar 

  21. Ali, M.H., Mohammed, B.A.D.A., Ismail, M.A.B., Zolkipli, M.F.: A new intrusion detection system based on fast learning network and particle swarm optimization. IEEE Access, PP(99), 1–1 (2018)

    Google Scholar 

  22. Huang, G.B., Zhu, Q.Y., Siew, C.K.: Extreme learning machine: a new learning scheme of feedforward neural networks. In: Proceedings of IEEE International Joint Conference on Neural Networks, 2004, vol. 2, pp. 985–990. IEEE (2005)

    Google Scholar 

  23. Umer, M.F., Sher, M., Bi, Y.: A two-stage flow-based intrusion detection model for next-generation networks. Plos One 13(1), e0180945 (2018)

    Article  Google Scholar 

  24. Alshammari, R., Zincir-Heywood, A.N.: Identification of voip encrypted traffic using a machine learning approach. J. King Saud Univ. Comput. Inf. Sci. 27(1), 77–92 (2015)

    Google Scholar 

  25. Liu, Y., Chen, J., Chang, P., Yun, X.: A novel algorithm for encrypted traffic classification based on sliding window of flow’s first N packets. In: IEEE International Conference on Computational Intelligence and Applications, pp. 463–470. IEEE (2017)

    Google Scholar 

  26. Aceto, G., Ciuonzo, D., Montieri, A., Pescapé, A.: Multi-classification approaches for classifying mobile app traffic. J. Netw. Comput. Appl. 103, 131–145 (2017)

    Article  Google Scholar 

  27. Sperotto, A., Sadre, R., van Vliet, F., Pras, A.: A labeled data set for flow-based intrusion detection. In: Nunzi, G., Scoglio, C., Li, X. (eds.) IPOM 2009. LNCS, vol. 5843, pp. 39–50. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04968-2_4

    Chapter  Google Scholar 

Download references

Acknowledgements

The research is funded by the National Natural Science Foundation of China (Grant No. 61372117).

Author information

Authors and Affiliations

  1. Beijing University of Posts and Telecommunications, Beijing, China

    Shuai Liu, Yong Zhang, Lei Jin, Xiaojuan Wang, Mei Song & Da Guo

Authors
  1. Shuai Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yong Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lei Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiaojuan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mei Song
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Da Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yong Zhang .

Editor information

Editors and Affiliations

  1. South China Normal University, Guangzhou, China

    Yong Tang

  2. Wuhan University of Technology, Wuhan City, China

    Qiaohong Zu

  3. CINVESTAV, Mexico City, Mexico

    José G. Rodríguez García

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, S., Zhang, Y., Jin, L., Wang, X., Song, M., Guo, D. (2019). A Systematic Framework for Malicious Traffic Detection Based on Feature Repository. In: Tang, Y., Zu, Q., Rodríguez García, J. (eds) Human Centered Computing. HCC 2018. Lecture Notes in Computer Science(), vol 11354. Springer, Cham. https://doi.org/10.1007/978-3-030-15127-0_60

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-15127-0_60

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-15126-3

  • Online ISBN: 978-3-030-15127-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation