TY - GEN
T1 - Deep Sequence Models for Packet Stream Analysis and Early Decisions
AU - Kim, Minji
AU - Lee, Dongeun
AU - Lee, Kookjin
AU - Kim, Doowon
AU - Lee, Sangman
AU - Kim, Jinoh
N1 - Funding Information:
The authors would like to express our gratitude to the anonymous reviewers for their constructive feedback. This work was supported in part by the Texas A&M University Presidential GAR Initiative program.
Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - The packet stream analysis is essential for the early identification of attack connections while in progress, enabling timely responses to protect system resources. However, there are several challenges for implementing effective analysis, including out-of-order packet sequences introduced due to network dynamics and class imbalance with a small fraction of attack connections available to characterize. To overcome these challenges, we present two deep sequence models: (i) a bidirectional recurrent structure designed for resilience to out-of-order packets, and (ii) a pre-training-enabled sequence-to-sequence structure designed for better dealing with unbalanced class distributions using self-supervised learning. We evaluate the presented models using a real network dataset created from month-long real traffic traces collected from backbone links with the associated intrusion log. The experimental results support the feasibility of the presented models with up to 94.8% in F1 score with the first five packets (k=5), outperforming baseline deep learning models.
AB - The packet stream analysis is essential for the early identification of attack connections while in progress, enabling timely responses to protect system resources. However, there are several challenges for implementing effective analysis, including out-of-order packet sequences introduced due to network dynamics and class imbalance with a small fraction of attack connections available to characterize. To overcome these challenges, we present two deep sequence models: (i) a bidirectional recurrent structure designed for resilience to out-of-order packets, and (ii) a pre-training-enabled sequence-to-sequence structure designed for better dealing with unbalanced class distributions using self-supervised learning. We evaluate the presented models using a real network dataset created from month-long real traffic traces collected from backbone links with the associated intrusion log. The experimental results support the feasibility of the presented models with up to 94.8% in F1 score with the first five packets (k=5), outperforming baseline deep learning models.
UR - http://www.scopus.com/inward/record.url?scp=85143168971&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85143168971&partnerID=8YFLogxK
U2 - 10.1109/LCN53696.2022.9843272
DO - 10.1109/LCN53696.2022.9843272
M3 - Conference contribution
AN - SCOPUS:85143168971
T3 - Proceedings - Conference on Local Computer Networks, LCN
SP - 56
EP - 63
BT - Proceedings of the 47th IEEE Conference on Local Computer Networks, LCN 2022
A2 - Oteafy, Sharief
A2 - Bulut, Eyuphan
A2 - Tschorsch, Florian
PB - IEEE Computer Society
T2 - 47th IEEE Conference on Local Computer Networks, LCN 2022
Y2 - 26 September 2022 through 29 September 2022
ER -