CNN and RNN based payload classification methods for attack detection

摘要

In recent years, machine learning has been widely applied to problems in detecting network attacks, particularly novel attacks. However, traditional machine learning methods depend heavily on feature engineering, and extracting features is often time-consuming and complex. Thus, it is impractical to detect attacks with traditional machine learning methods in real-time applications. To discover network attacks efficiently, we propose an end-to-end detection approach. We implement deep learning models to analyze payloads and propose a convolutional neural network-based payload classification approach (PL-CNN) and a recurrent neural network-based payload classification approach (PL-RNN) for use in attack detection. Our two approaches learn feature representations from original payloads without feature engineering and support end-to-end detection. These approaches achieve accuracies of 99.36% and 99.98% when applied to the DARPA1998 dataset, respectively; these accuracies are comparable to or better than those of state-of-the-art methods. In addition, our methods are efficient and practical.