Payload-Byte: A Tool for Extracting and Labeling Packet Capture Files of Modern Network Intrusion Detection Datasets

Farrukh, Yasir Ali; Khan, Irfan; Wali, Syed; Bierbrauer, David; Pavlik, John A.; Bastian, Nathaniel D.

doi:10.1109/bdcat56447.2022.00015

Cited by 28 publications

(8 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To handle this, we used Payload-Byte to extract and label the PCAP files of the two NIDS datasets mentioned above. 15 This tool takes raw PCAP data and parses the data into bytes and packet header features. Bytes that do not reach the default size of 1500 are padded with zeros.…”

Section: Datamentioning

confidence: 99%

See 1 more Smart Citation

Graph representation learning for context-aware network intrusion detection

Premkumar,

Schneider,

Spivey

et al. 2023

Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications V

View full text Add to dashboard Cite

Detecting malicious activity using a network intrusion detection system (NIDS) is an ongoing battle for the cyber defender. Increasingly, cyber-attacks are sophisticated and occur rapidly, necessitating the use of machine/deep learning (ML/DL) techniques for network intrusion detection. Traditional ML/DL techniques for NIDS classifiers, however, are often unable to sufficiently find context-driven similarities between the various network flows and/or packet captures. In this work, we leverage graph representation learning (GRL) techniques to successfully detect adversarial intrusions by exploiting the graph structure of NIDS data to derive context awareness, as graphs are a universal language for describing entities and their relationships. We explore several methods for NIDS data graph representation at both the network flow and packet level utilizing the CIC-IDS2017 dataset. We leverage graph neural networks and graph embedding algorithms to create a context-aware network intrusion detection system. Results indicate that adding context derived from GRL improves performance for detecting attacks. Our highest-scoring classifier incorporated both GNN embeddings and flow-level features and achieved an accuracy of 99.9%. Adding GRL methods to augment the flow/packet features improved accuracy by as much as 52.41%.

show abstract

Section: Datamentioning

confidence: 99%

“…The other features included are time-to-live, protocol, and time between packets. 15 As such, we are able to consider both packet and flow information in this work.…”

Section: Datamentioning

confidence: 99%

Graph representation learning for context-aware network intrusion detection

Premkumar,

Schneider,

Spivey

et al. 2023

Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications V

View full text Add to dashboard Cite

show abstract

“…The research in [37] and [9] influences our work, introducing a method for converting network traffic packets into images. By expending this innovative approach, we utilize a single DL model that autonomously learns features, resulting in significant time savings.…”

Section: Related Workmentioning

confidence: 99%

“…To address this challenge, researchers propose innovative techniques. For instance, in [38], [37], [9], the authors introduce novel methods to convert packets from PCAP files into images to use data representation techniques from the computer vision field for malware traffic classification. Similarly, NLP techniques are employed to extract features from textual descriptions like log files, as demonstrated in [19], [10], [12], [20].…”

Section: Related Workmentioning

confidence: 99%

Enhancing IoT Security via Automatic Network Traffic Analysis: The Transition from Machine Learning to Deep Learning

Hamidouche,

Popko,

Ouni

2023

Proceedings of the International Conference on the Internet of Things

View full text Add to dashboard Cite

This work provides a comparative analysis illustrating how Deep Learning (DL) surpasses Machine Learning (ML) in addressing tasks within Internet of Things (IoT), such as attack classification and device-type identification. Our approach involves training and evaluating a DL model using a range of diverse IoT-related datasets, allowing us to gain valuable insights into how adaptable and practical these models can be when confronted with various IoT configurations. We initially convert the unstructured network traffic data from IoT networks, stored in PCAP files, into images by processing the packet data. This conversion process adapts the data to meet the criteria of DL classification methods. The experiments showcase the ability of DL to surpass the constraints tied to manually engineered features, achieving superior results in attack detection and maintaining comparable outcomes in device-type identification. Additionally, a notable feature extraction time difference becomes evident in the experiments: traditional methods require around 29 milliseconds per data packet, while DL accomplishes the same task in just 2.9 milliseconds. The significant time gap, DL's superior performance, and the recognized limitations of manually engineered features, presents a compelling call to action within the IoT community. This encourages us to shift from exploring new IoT features for each dataset to addressing the challenges of integrating DL into IoT, making it a more efficient solution for real-world IoT scenarios.

show abstract

“…Recognizing the growing need for standardized approaches in modern network intrusion detection datasets, Farrukh et al (2022) introduced Payload-Byte. This versatile tool streamlines dataset curation and establishes a standardized foundation for future research.…”

Section: Salo Et Al Introduce a Hybrid Dimensionality Reduction Techn...mentioning

confidence: 99%

Network intrusion detection system by learning jointly from tabular and text‐based features

Düzgün,

Çayır,

Ünal

et al. 2023

Expert Systems

View full text Add to dashboard Cite

Network intrusion detection systems (NIDS) play a critical role in maintaining the security and integrity of computer networks. These systems are designed to detect and respond to anomalous activities that may indicate malicious intent or unauthorized access. The need for robust NIDS solutions has never been more pressing in today's digital landscape, characterized by constantly evolving cyber threats. Deploying effective NIDS can be challenging, particularly in accurately identifying network anomalies amid the ever‐increasing sophisticated and difficult‐to‐detect cyber threats. The motivation for our research stems from the recognition that while NIDS studies have made significant strides, there remains a crucial need for more effective and accurate methods to detect network anomalies. Commonly used features in NIDS studies include network logs, with some studies exploring text‐based features such as payload. However, traditional machine and deep learning models may need to be improved in learning jointly from tabular and text‐based features. Here, we present a new approach that integrates both tabular and text‐based features to improve the performance of NIDS. Our research aims to address the existing limitations of NIDS and contribute to the development of more reliable and efficient network security solutions by introducing more effective and accurate methods for detecting network anomalies. Our internal experiments have revealed that the deep learning approach utilizing tabular features produces favourable results, whereas the pre‐trained transformer approach needs to perform sufficiently. Hence, our proposed approach, which integrates both feature types using deep learning and pre‐trained transformer approaches, achieves superior performance. These findings indicate that integrating both feature types using deep learning and pre‐trained transformer approaches can significantly improve the accuracy of network anomaly detection. Moreover, our proposed approach outperforms the state‐of‐the‐art methods in terms of accuracy, F1‐score, and recall on commonly used NIDS datasets consisting of ISCX‐IDS2012, UNSW‐NB15, and CIC‐IDS2017, with F1‐scores of 99.80%, 92.37%, and 99.69%, respectively, indicating its effectiveness in detecting network anomalies.

show abstract

Payload-Byte: A Tool for Extracting and Labeling Packet Capture Files of Modern Network Intrusion Detection Datasets

Cited by 28 publications

References 38 publications

Graph representation learning for context-aware network intrusion detection

Graph representation learning for context-aware network intrusion detection

Enhancing IoT Security via Automatic Network Traffic Analysis: The Transition from Machine Learning to Deep Learning

Network intrusion detection system by learning jointly from tabular and text‐based features

Contact Info

Product

Resources

About