Cargando…
TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM
Traffic classification is the first step in network anomaly detection and is essential to network security. However, existing malicious traffic classification methods have several limitations; for example, statistical-based methods are vulnerable to hand-designed features, and deep learning-based me...
Autores principales: | , , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
MDPI
2023
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10216927/ https://www.ncbi.nlm.nih.gov/pubmed/37238576 http://dx.doi.org/10.3390/e25050821 |
_version_ | 1785048413396533248 |
---|---|
author | Shi, Zhaolei Luktarhan, Nurbol Song, Yangyang Yin, Huixin |
author_facet | Shi, Zhaolei Luktarhan, Nurbol Song, Yangyang Yin, Huixin |
author_sort | Shi, Zhaolei |
collection | PubMed |
description | Traffic classification is the first step in network anomaly detection and is essential to network security. However, existing malicious traffic classification methods have several limitations; for example, statistical-based methods are vulnerable to hand-designed features, and deep learning-based methods are vulnerable to the balance and adequacy of data sets. In addition, the existing BERT-based malicious traffic classification methods only focus on the global features of traffic and ignore the time-series features of traffic. To address these problems, we propose a BERT-based Time-Series Feature Network (TSFN) model in this paper. The first is a Packet encoder module built by the BERT model, which completes the capture of global features of the traffic using the attention mechanism. The second is a temporal feature extraction module built by the LSTM model, which captures the time-series features of the traffic. Then, the global and time-series features of the malicious traffic are incorporated together as the final feature representation, which can better represent the malicious traffic. The experimental results show that the proposed approach can effectively improve the accuracy of malicious traffic classification on the publicly available USTC-TFC dataset, reaching an F1 value of 99.50%. This shows that the time-series features in malicious traffic can help improve the accuracy of malicious traffic classification. |
format | Online Article Text |
id | pubmed-10216927 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2023 |
publisher | MDPI |
record_format | MEDLINE/PubMed |
spelling | pubmed-102169272023-05-27 TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM Shi, Zhaolei Luktarhan, Nurbol Song, Yangyang Yin, Huixin Entropy (Basel) Article Traffic classification is the first step in network anomaly detection and is essential to network security. However, existing malicious traffic classification methods have several limitations; for example, statistical-based methods are vulnerable to hand-designed features, and deep learning-based methods are vulnerable to the balance and adequacy of data sets. In addition, the existing BERT-based malicious traffic classification methods only focus on the global features of traffic and ignore the time-series features of traffic. To address these problems, we propose a BERT-based Time-Series Feature Network (TSFN) model in this paper. The first is a Packet encoder module built by the BERT model, which completes the capture of global features of the traffic using the attention mechanism. The second is a temporal feature extraction module built by the LSTM model, which captures the time-series features of the traffic. Then, the global and time-series features of the malicious traffic are incorporated together as the final feature representation, which can better represent the malicious traffic. The experimental results show that the proposed approach can effectively improve the accuracy of malicious traffic classification on the publicly available USTC-TFC dataset, reaching an F1 value of 99.50%. This shows that the time-series features in malicious traffic can help improve the accuracy of malicious traffic classification. MDPI 2023-05-19 /pmc/articles/PMC10216927/ /pubmed/37238576 http://dx.doi.org/10.3390/e25050821 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
spellingShingle | Article Shi, Zhaolei Luktarhan, Nurbol Song, Yangyang Yin, Huixin TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM |
title | TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM |
title_full | TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM |
title_fullStr | TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM |
title_full_unstemmed | TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM |
title_short | TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM |
title_sort | tsfn: a novel malicious traffic classification method using bert and lstm |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10216927/ https://www.ncbi.nlm.nih.gov/pubmed/37238576 http://dx.doi.org/10.3390/e25050821 |
work_keys_str_mv | AT shizhaolei tsfnanovelmalicioustrafficclassificationmethodusingbertandlstm AT luktarhannurbol tsfnanovelmalicioustrafficclassificationmethodusingbertandlstm AT songyangyang tsfnanovelmalicioustrafficclassificationmethodusingbertandlstm AT yinhuixin tsfnanovelmalicioustrafficclassificationmethodusingbertandlstm |