Skip to main content
SpringerLink
Log in

DeepMAL - Deep Learning Models for Malware Traffic Detection and Classification

  • Conference paper
  • First Online:
Data Science – Analytics and Applications

Zusammenfassung

Robust network security systems are essential to prevent and mitigate the harming effects of the ever-growing occurrence of network attacks. In recent years, machine learning-based systems have gain popularity for network security applications, usually considering the application of shallow models, which rely on the careful engineering of expert, handcrafted input features. The main limitation of this approach is that handcrafted features can fail to perform well under different scenarios and types of attacks. Deep Learning (DL) models can solve this limitation using their ability to learn feature representations from raw, non-processed data. In this paper we explore the power of DL models on the specific problem of detection and classification of malware network traffic. As a major advantage with respect to the state of the art, we consider raw measurements coming directly from the stream of monitored bytes as input to the proposed models, and evaluate different raw-traffic feature representations, including packet and flow-level ones. We introduce DeepMAL, a DL model which is able to capture the underlying statistics of malicious traffic, without any sort of expert handcrafted features. Using publicly available traffic traces containing different families of malware traffic, we show that DeepMAL can detect and classify malware flows with high accuracy, outperforming traditional, shallow-like models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Literatur

  1. Simonyan, K., et al. Deep inside convolutional networks: Visualising image classification models and saliency maps. CoRR abs/1312.6034 (2013).

    Google Scholar 

  2. Bengio, Y., et al. Representation Learning: A Review and New Perspectives. IEEE Trans. P.A.M.I., 2013.

    Google Scholar 

  3. Boutaba, R., et al. A Comprehensive Survey on ML for Networking: Evolution, Applications and Research Opportunities. Journal of Internet Services and Applications, 9(1):16, 2018.

    Google Scholar 

  4. Ahmed, T., et al. ML Approaches to Network Anomaly Detection. In Proc. SYSML, 2007.

    Google Scholar 

  5. Bhuyan, M. H., et al. Network Anomaly Detection: Methods, Systems and Tools. In IEEE Comm. Sur. & Tut., vol. 16 (1), pp. 303–336, 2014.

    Google Scholar 

  6. Mohiuddin, A., et al. A Survey of Network Anomaly Detection Techniques. In J. of Net. and Comp. App., vol. 60, pp. 19–31, 2016.

    Google Scholar 

  7. Buczak, A. L., et al. A Survey of Data Mining and ML Methods for Cyber Security Intrusion Detection. In IEEE Communications Surveys & Tutorials, vol. 18 (2), pp. 1153–1176, 2008.

    Google Scholar 

  8. Nguyen, T. T., et al. A Survey of Techniques for Internet Traffic Classification using ML. In IEEE Communications Surveys & Tutorials, vol. 10 (4), pp. 56-76, 2008.

    Google Scholar 

  9. Casas, P., et al. (Semi)-supervised ML approaches for network security in high-dimensional network data. In Proc, ACM CCS, 2016.

    Google Scholar 

  10. García, S., et al. An empirical comparison of botnet detection methods. Comput. Secur. 45, 2014.

    Google Scholar 

  11. Lopez-Martin, M., et al. Network traffic classifier with convolutional and recurrent neural networks for internet of things. IEEE Access 5 (2017), 18042–18050.

    Google Scholar 

  12. Lotfollahi, M., et al. Deep packet: A novel approach for encrypted traffic classification using DL. CoRR abs/1709.02656 (2017).

    Google Scholar 

  13. Marín, G., et al. Rawpower: DL based anomaly detection from raw network traffic measurements. In Proc. ACM SIGCOMM SRC, poster, 2018.

    Google Scholar 

  14. Marín, G., et al. DeepSec meets RawPower - DL for Detection of Network Attacks Using Raw Representations. In ACM SIGMETRICS Performance Evaluation Review, vol. 46 (3), pp. 147-150, 2018.

    Google Scholar 

  15. Radford, B. J., et al. Network traffic anomaly detection using recurrent neural networks. CoRR abs/1803.10769.

    Google Scholar 

  16. L. Bernaille, et al. Traffic Classification On The Fly. ACM CCR, 36(2), pp. 23-26, 2006.

    Google Scholar 

  17. Wang, W., et al. End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In Proc. IEEE ISI, 2017.

    Google Scholar 

  18. T. Shapira, et al. FlowPic: Encrypted Internet Traffic Classification is as Easy as Image Recognition In Proc. IEEE INFOCOM Workshops, NI Workshop, 2019.

    Google Scholar 

  19. Wang, W., et al. Malware traffic classification using convolutional neural network for representation learning. In Proc. ICOIN, 2017.

    Google Scholar 

  20. Wang, Z. The applications of DL on traffic identification. In Black Hat USA, Las Vegas (2015).

    Google Scholar 

  21. G. Aceto, et al. Mobile Encrypted Traffic Classification Using DL: Experimental Evaluation, Lessons Learned, and Challenges. IEEE TNSM, 2019.

    Google Scholar 

  22. W. Wang, et al. HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6 (2018): 1792-1806.

    Google Scholar 

  23. G. Aceto, et al. Mobile encrypted traffic classification using DL. TMA Conference 2018.

    Google Scholar 

  24. Z. Li, et al. Intrusion detection using convolutional neural networks for representation learning. Int. Conf. on Neural Information Processing, 2017.

    Google Scholar 

  25. Z. Chen, et al. Seq2img: A sequence-to-image based approach towards IP traffic classification using convolutional neural networks. IEEE Big Data, 2017.

    Google Scholar 

  26. S. Z. Lin, et al. Character-Level Intrusion Detection Based on CNNs. IJCNN, 2018.

    Google Scholar 

  27. J. Cui, et al. WEDL-NIDS: Improving Network Intrusion Detection Using Word Embedding-Based DL Method. Int. Conf. on Modeling Decisions for AI, 2018.

    Google Scholar 

  28. H. Huang, et al. Automatic Multi-task Learning System for Abnormal Network Traffic Detection. Int. Jour. of Emerging Tech. in Learning (iJET), pp. 4–20, 2018.

    Google Scholar 

  29. O. Salman, et al. A Multi-level Internet Traffic Classifier Using DL. 9th NoF, 2018.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Tryo Labs, Universidad de la Republica, Montevideo, Uruguay

    Gonzalo Marín

  2. AIT GmbH, Wien, Österreich

    Pedro Caasas

  3. Plan Ceibal, Universidad de la Republica, Montevideo, Uruguay

    Germán Capdehourat

Authors
  1. Gonzalo Marín
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pedro Caasas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Germán Capdehourat
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gonzalo Marín .

Editor information

Editors and Affiliations

  1. Informationstechnik & System-Management, Fachhochschule Salzburg, Puch/Salzburg, Austria

    Peter Haber

  2. Donau-Universität Krems Center for E-Governance, Krems an der Donau, Austria

    Thomas Lampoltshammer

  3. Informationstechnik & System-Management, Fachhochschule Salzburg, Puch/Salzburg, Salzburg, Austria

    Manfred Mayr

  4. Campus V, Fachhochschule Vorarlberg GmbH, Dornbirn, Austria

    Kathrin Plankensteiner

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Der/die Autor(en), exklusiv lizenziert durch Springer Fachmedien Wiesbaden GmbH , ein Teil von Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Marín, G., Caasas, P., Capdehourat, G. (2021). DeepMAL - Deep Learning Models for Malware Traffic Detection and Classification. In: Haber, P., Lampoltshammer, T., Mayr, M., Plankensteiner, K. (eds) Data Science – Analytics and Applications. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-32182-6_16

Download citation

Publish with us

Policies and ethics

Search

Navigation