Deep Sequence Models for Packet Stream Analysis and Early Decisions
Abstract
The packet stream analysis is essential for the early identification of attack connections while in progress, enabling timely responses to protect system resources. However, there are several challenges for implementing effective analysis, including out-of-order packet sequences introduced due to network dynamics and class imbalance with a small fraction of attack connections available to characterize. To overcome these challenges, we present two deep sequence models: (i) a bidirectional recurrent structure designed for resilience to out-of-order packets, and (ii) a pre-training-enabled sequence-to-sequence structure designed for better dealing with unbalanced class distributions using self-supervised learning. We evaluate the presented models using a real network dataset created from month-long real traffic traces collected from backbone links with the associated intrusion log. The experimental results support the feasibility of the presented models with up to 94.8% in F1 score with the first five packets (k=5), outperforming baseline deep learning models.
Reference
Minji Kim, Dongeun Lee, Kookjin Lee, Doowon Kim, Sangman Lee, and and Jinoh Kim. 2022. Deep sequence models for packet stream analysis and early decisions. In Proceedings of the 2022 IEEE 47th Conference on Local Computer Networks (LCN). LCN'22.
Downloads