Loading...

A Deep Learning-Based Network Traffic Classifier with the Ability to Detect Novelty

Ousat, Behzad | 2021

721 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 54346 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Jafari Siavoshani, Mahdi
  7. Abstract:
  8. Network traffic classification has been an essential element for security monitoring in the network security scope and also for quality of service purposes. Every now and then, new traffic classes are added to the available groups which are unknown to the system. In an security scope, the novelties are actually the zero-day attacks which can have huge effects on the system environment. There have been many methods developed for traffic classification which are able to distinguish known traffic using signatures or learning-based methods. In a real world scenario, The primary challenge that new traffic classifiers face, is to detect novelty and separate them from the previously known labels. For an IDS to work properly, it should be able to classify new threats along with the previously known attacks and notify the user.In this research, we have developed different methods which are able to classify known traffic and also mark unknown samples (new traffic groups) using the capabilities of deep learning to detect novelties. Furthermore, we setup a clustering mechanism in order to cluster the detected novelties which can later be labeled by an expert and used to update the model with new groups. The main challenge is to setup proper parameters and architecture which is able to detect novelties correctly without decreasing the known classification accuracy. We used DOC and OpenMax frameworks as an open set recognition module and proposed a new DOC++ method in order to increase the performance of the system. We also setup a new AutoSVM method which takes advantage of autoencoder and SVMs for novelty detection. Finally, we used Intrusion Detection Evaluation Dataset (CIC-IDS), which contains both benign and different malicious traffic classes, to evaluate the framework and discuss some of our observations from the dataset
  9. Keywords:
  10. Deep Learning ; Traffic Identification ; Traffic Classification ; Novel Data ; Dynamic Network Traffic ; Attack Detection

 Digital Object List

 Bookmark

...see more