Using Convolutional Neural Networks for Classifying Malicious Network Traffic

  • Kyle MillarEmail author
  • Adriel Cheng
  • Hong Gunn Chew
  • Cheng-Chew Lim
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


As the reliance on the Internet and its constituent applications increase, so too does the value in exploiting these networking systems. Methods to detect and mitigate these threats can no longer rely on singular facets of information, they must be able to adapt to new threats by learning from a diverse range of information. For its ability to learn complex inferences from large data sources, deep learning has become one of the most publicised techniques of machine learning in recent years. This chapter aims to investigate a deep learning technique typically used for image classification, the convolutional neural network (CNN), and how its methodology can be adapted to detect and classify malicious network traffic.


Convolutional neural networks Deep learning with GPUs Malware classification and detection Analysis and similarity 


  1. 1.
    Wang W, Zhu M, Wang J, Zeng X, Yang Z (2017) End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE international conference on Intelligence and Security Informatics (ISI). IEEE, Piscataway, pp 43–48CrossRefGoogle Scholar
  2. 2.
    Krizhevsky A, Sutskever I, Hinton G (2012) ImageNet classification with deep convolutional neural networks. Adv Neural Inf Process Syst 2:1097–1105Google Scholar
  3. 3.
    Russakovsky O et al (2015) ImageNet large scale visual recognition challenge. Int J Comput Vis 115(3):211–252MathSciNetCrossRefGoogle Scholar
  4. 4.
    Yoshioka T, Karita S, Nakatani T (2015) Far-field speech recognition using CNN-DNN-HMM with convolution in time. In: 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, Piscataway, pp 4360–4364CrossRefGoogle Scholar
  5. 5.
    Abdel-Hamid O, Mohamed A-R, Jiang H, Penn G (2012) Applying convolutional neural networks concepts to hybrid NN-HMM model for speech recognition. In: 2012 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, Piscataway, pp 4277–4280CrossRefGoogle Scholar
  6. 6.
    Zhang X, LeCun Y (2017) Which encoding is the best for text classification in Chinese, English, Japanese and Korean? arXiv preprint arXiv:1708.02657Google Scholar
  7. 7.
    Zhang X, Zhao J, LeCun Y (2015) Character-level convolutional networks for text classification. Adv Neural Inf Process Syst 2015:649–657Google Scholar
  8. 8.
    Hershey S et al (2017) CNN architectures for large-scale audio classification. In: 2017 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, Piscataway, pp 131–135CrossRefGoogle Scholar
  9. 9.
    Romaszko L (2015) Signal correlation prediction using convolutional neural networks. In: Neural connectomics workshop, pp 45–56Google Scholar
  10. 10.
    Chen Z, He K, Li J, Geng Y (2017) Seq2Img: a sequence-to-image based approach towards IP traffic classification using convolutional neural networks. In: 2017 IEEE international conference on big data (big data). IEEE, Piscataway, pp 1271–1276CrossRefGoogle Scholar
  11. 11.
    Zhou H, Wang Y, Lei X, Liu Y (2017) A method of improved CNN traffic classification. In: 2017 13th international conference on Computational Intelligence and Security (CIS). IEEE, Piscataway, pp 177–181CrossRefGoogle Scholar
  12. 12.
    Wang W, Zhu M, Zeng X, Ye X, Sheng Y (2017) Malware traffic classification using convolutional neural network for representation learning. In: 2017 International Conference on Information Networking (ICOIN). IEEE, Piscataway, pp 712–717CrossRefGoogle Scholar
  13. 13.
    Millar K, Cheng A, Chew HG, Lim C-C (2018) Deep learning for classifying malicious network traffic. Presented at the Pacific-Asia conference on knowledge discovery and data mining, Melbourne, AustraliaGoogle Scholar
  14. 14.
    LeCun Y, Bengio Y, Hinton G (2015) Deep learning. Nature 521(7553):436–444CrossRefGoogle Scholar
  15. 15.
    LeCun Y, Bottou L, Bengio Y, Haffner P (1998) Gradient-based learning applied to document recognition. Proc IEEE 86(11):2278–2324CrossRefGoogle Scholar
  16. 16.
    LeCun Y, Bengio Y (1995) Convolutional networks for images, speech, and time series. Handb Brain Theory Neural Netw 3361(10)Google Scholar
  17. 17.
    Dumoulin V, Visin F (2016) A guide to convolution arithmetic for deep learningGoogle Scholar
  18. 18.
    Marpaung JAP, Sain M, Hoon-Jae L (2012) Survey on malware evasion techniques: state of the art and challenges. In: 2012 14th International Conference on Advanced Communication Technology (ICACT). IEEE, Piscataway, pp 744–749Google Scholar
  19. 19.
    Del Carlo C (2003) Intrusion detection evasion: how attackers get past the burglar alarm. SANS Great Lakes, ChicagoGoogle Scholar
  20. 20.
    Wang K, Stolfo SJ (2004) Anomalous payload-based network intrusion detection. In: International workshop on recent advances in intrusion detection. Springer, pp 203–222Google Scholar
  21. 21.
    Wang Z (2015) The applications of deep learning on traffic identification. Black Hat USAGoogle Scholar
  22. 22.
    Aceto G, Dainotti A, Donato WD, Pescape A (2010) PortLoad: taking the best of two worlds in traffic classification. In: 2010 INFOCOM IEEE conference on computer communications workshops. IEEE, Piscataway, pp 1–5Google Scholar
  23. 23.
    Smit D, Millar K, Page C, Cheng A, Chew HG, Lim C-C (2017) Looking deeper – using deep learning to identify internet communications traffic. Presented at the Australasian Conference of Undergraduate Research (ACUR), AdelaideGoogle Scholar
  24. 24.
    Bromley J, Guyon I, LeCun Y, Säckinger E, Shah R (1994) Signature verification using a “Siamese” time delay neural network. Adv Neural Inf Process Syst 6:737–744Google Scholar
  25. 25.
    Nour M, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS). EEE, PiscatawayGoogle Scholar
  26. 26.
    Nour M, Slay J (2016) The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 Sata set and the comparison with the KDD99 data set. In: Inf Secur J: Glob Perspect, pp 1–14Google Scholar
  27. 27.
    Martín A et al (2016) TensorFlow: a system for large-scale machine learning. OSDI 16: 265–283Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Kyle Millar
    • 1
    Email author
  • Adriel Cheng
    • 1
    • 2
  • Hong Gunn Chew
    • 1
  • Cheng-Chew Lim
    • 1
  1. 1.School of Electrical and Electronic EngineeringThe University of AdelaideAdelaideAustralia
  2. 2.Cyber and Electronic Warfare DivisionDefence Science & Technology GroupAdelaideAustralia

Personalised recommendations