Gonzalo Marín scite author profile

With the ever-growing occurrence of networking attacks, robust network security systems are essential to prevent and mitigate their harming effects. In recent years, machine learning-based systems have gain popularity for network security applications, usually considering the application of shallow models, where a set of expert handcrafted features are needed to pre-process the data before training. The main problem with this approach is that handcrafted features can fail to perform well given different kinds of scenarios and problems. Deep Learning models can solve this kind of issues using their ability to learn feature representations from input raw or basic, non-processed data. In this paper we explore the power of deep learning models on the specific problem of detection and classification of malware network traffic, using different representations for the input data. As a major advantage as compared to the state of the art, we consider raw measurements coming directly from the stream of monitored bytes as the input to the proposed models, and evaluate different raw-traffic feature representations, including packet and flow-level ones. Our results suggest that deep learning models can better capture the underlying statistics of malicious traffic as compared to classical, shallow-like models, even while operating in the dark, i.e., without any sort of expert handcrafted inputs.

show abstract

DeepSec meets RawPower - Deep Learning for Detection of Network Attacks Using Raw Representations

Marín

Casas

Capdehourat

2019

SIGMETRICS Perform. Eval. Rev.

View full text Add to dashboard Cite

The application of machine learning models to the analysis of network traffic measurements has largely grown in recent years. In the networking domain, shallow models are usually applied, where a set of expert handcrafted features are needed to fix the data before training. There are two main problems associated with this approach: firstly, it requires expert domain knowledge to select the input features, and secondly, different sets of custom-made input features are generally needed according to the specific target (e.g., network security, anomaly detection, traffic classification). On the other hand, the power of machine learning models using deep architectures (i.e., deep learning) for networking has not been yet highly explored. In this paper we explore the power of deep learning models on the specific problem of detection of network attacks, using different representations for the input data. As a mayor advantage as compared to the state of the art, we consider raw measurements coming directly from the stream of monitored bytes as the input to the proposed models, and evaluate different raw-traffic feature representations, including packet and flow-level ones.

show abstract

MLSEC - Benchmarking Shallow and Deep Machine Learning Models for Network Security

Casas

Marín

Capdehourat

et al. 2019

View full text Add to dashboard Cite

Network security represents a keystone to ISPs, who need to cope with an increasing number of network attacks that put the network's integrity at risk. The high-dimensionality of network data provided by current network monitoring systems opens the door to the massive application of Machine Learning (ML) approaches to improve the detection and classification of network attacks. In recent years, machine learning-based systems have gained popularity for network security applications, usually considering the application of shallow models, where a set of expert handcrafted features are needed to pre-process the data before training. Deep Learning (DL) models can alleviate the need of domain expert knowledge by relying on their ability to learn feature representations from input raw or basic, nonprocessed data. Still, it is not clear today which is the best model or best model-category to manage network security, as in general, only adhoc and tailored approaches have been proposed and evaluated so far. In this paper we train and benchmark different ML models for detection of network attacks in different real network data. We consider an extensive battery of supervised ML models, including both shallow and deep models, taking as input either pre-computed domain-knowledge based input features, or raw, byte-stream inputs. Proposed models are evaluated either using real, in the wild network measurements coming from the WIDE backbone network -the well-known MAWILab dataset, and through publicly available datasets. Results suggest that deep learning models can provide similar results to the bestperforming shallow models, but without any sort of expert handcrafted inputs.

show abstract

RawPower

Marín¹,

Casas

Capdehourat

2018

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Gonzalo Marín

DeepMAL - Deep Learning Models for Malware Traffic Detection and Classification

Deep in the Dark - Deep Learning-Based Malware Traffic Detection Without Expert Knowledge

DeepSec meets RawPower - Deep Learning for Detection of Network Attacks Using Raw Representations

MLSEC - Benchmarking Shallow and Deep Machine Learning Models for Network Security

RawPower

Contact Info

Product

Resources

About