Cargando…

TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM

Traffic classification is the first step in network anomaly detection and is essential to network security. However, existing malicious traffic classification methods have several limitations; for example, statistical-based methods are vulnerable to hand-designed features, and deep learning-based me...

Descripción completa

Detalles Bibliográficos
Autores principales: Shi, Zhaolei, Luktarhan, Nurbol, Song, Yangyang, Yin, Huixin
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2023
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10216927/
https://www.ncbi.nlm.nih.gov/pubmed/37238576
http://dx.doi.org/10.3390/e25050821
_version_ 1785048413396533248
author Shi, Zhaolei
Luktarhan, Nurbol
Song, Yangyang
Yin, Huixin
author_facet Shi, Zhaolei
Luktarhan, Nurbol
Song, Yangyang
Yin, Huixin
author_sort Shi, Zhaolei
collection PubMed
description Traffic classification is the first step in network anomaly detection and is essential to network security. However, existing malicious traffic classification methods have several limitations; for example, statistical-based methods are vulnerable to hand-designed features, and deep learning-based methods are vulnerable to the balance and adequacy of data sets. In addition, the existing BERT-based malicious traffic classification methods only focus on the global features of traffic and ignore the time-series features of traffic. To address these problems, we propose a BERT-based Time-Series Feature Network (TSFN) model in this paper. The first is a Packet encoder module built by the BERT model, which completes the capture of global features of the traffic using the attention mechanism. The second is a temporal feature extraction module built by the LSTM model, which captures the time-series features of the traffic. Then, the global and time-series features of the malicious traffic are incorporated together as the final feature representation, which can better represent the malicious traffic. The experimental results show that the proposed approach can effectively improve the accuracy of malicious traffic classification on the publicly available USTC-TFC dataset, reaching an F1 value of 99.50%. This shows that the time-series features in malicious traffic can help improve the accuracy of malicious traffic classification.
format Online
Article
Text
id pubmed-10216927
institution National Center for Biotechnology Information
language English
publishDate 2023
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-102169272023-05-27 TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM Shi, Zhaolei Luktarhan, Nurbol Song, Yangyang Yin, Huixin Entropy (Basel) Article Traffic classification is the first step in network anomaly detection and is essential to network security. However, existing malicious traffic classification methods have several limitations; for example, statistical-based methods are vulnerable to hand-designed features, and deep learning-based methods are vulnerable to the balance and adequacy of data sets. In addition, the existing BERT-based malicious traffic classification methods only focus on the global features of traffic and ignore the time-series features of traffic. To address these problems, we propose a BERT-based Time-Series Feature Network (TSFN) model in this paper. The first is a Packet encoder module built by the BERT model, which completes the capture of global features of the traffic using the attention mechanism. The second is a temporal feature extraction module built by the LSTM model, which captures the time-series features of the traffic. Then, the global and time-series features of the malicious traffic are incorporated together as the final feature representation, which can better represent the malicious traffic. The experimental results show that the proposed approach can effectively improve the accuracy of malicious traffic classification on the publicly available USTC-TFC dataset, reaching an F1 value of 99.50%. This shows that the time-series features in malicious traffic can help improve the accuracy of malicious traffic classification. MDPI 2023-05-19 /pmc/articles/PMC10216927/ /pubmed/37238576 http://dx.doi.org/10.3390/e25050821 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Shi, Zhaolei
Luktarhan, Nurbol
Song, Yangyang
Yin, Huixin
TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM
title TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM
title_full TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM
title_fullStr TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM
title_full_unstemmed TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM
title_short TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM
title_sort tsfn: a novel malicious traffic classification method using bert and lstm
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10216927/
https://www.ncbi.nlm.nih.gov/pubmed/37238576
http://dx.doi.org/10.3390/e25050821
work_keys_str_mv AT shizhaolei tsfnanovelmalicioustrafficclassificationmethodusingbertandlstm
AT luktarhannurbol tsfnanovelmalicioustrafficclassificationmethodusingbertandlstm
AT songyangyang tsfnanovelmalicioustrafficclassificationmethodusingbertandlstm
AT yinhuixin tsfnanovelmalicioustrafficclassificationmethodusingbertandlstm