Go to DBLP homepageIMTCDF: A Multi-Module-Based Internet Malicious Traffic Classification and Detection Framework
Abstract: Recently, research has shown that neural networks can be utilized for identifying malicious traffic. However, there are shortcomings in existing methods, such as detection rate bottleneck and fewer applicable scenarios. Furthermore, the time-consuming data preprocessing methods negatively impact efficiency of the models and the ability to learn feature information. Besides, the complex fingerprint extraction in traffic is required to solve urgently. Therefore, this paper proposes IMTCDF, a multi-module-based Internet Malicious Traffic Classification and Detection Framework, designed for fast and accurate classification and detection of malicious traffic. The preprocessing module adopts a segmentation method based on global threshold to simplify data processing. In the malicious traffic detection module, this paper designs a Depthwise Separable Convolution with Global Composite Attention Model (DSC-GCA model), benefiting from better capture and learning capability of feature information. We used the publicly available USTF-TFC2016 dataset and the TCD-2022 dataset obtained from autonomous collection in a real Internet environment for our experiments. Multiple groups of experiments show that IMTCDF has outstanding detection capabilities, and the performance remains stable in different scenarios. We selected some models and methods proposed in recent years, which are also used for malicious traffic detection tasks, as a control group for comparative experiments, and the results show that IMTCDF has lower time cost and significant progress in evaluation metrics such as accuracy, precision, recall, and F1-Score.
Loading