Open AccessDeep Learning Classification Methods Applied to Tabular Cybersecurity Benchmarks
Author(s) -
David Noever,
Samantha E. Miller Noever
Publication year - 2021
Publication title -
international journal of network security and its applications/international journal of network security and applications
Language(s) - English
Resource type - Journals
eISSN - 0975-2307
pISSN - 0974-9330
DOI - 10.5121/ijnsa.2021.13301
Subject(s) - computer science , thumbnail , convolutional neural network , executable , malware , random forest , artificial intelligence , deep learning , feature (linguistics) , image (mathematics) , grayscale , exploit , data mining , machine learning , computer security , operating system , linguistics , philosophy
This research recasts the network attack dataset from UNSW-NB15 as an intrusion detection problem in image space. Using one-hot-encodings, the resulting grayscale thumbnails provide a quarter-million examples for deep learning algorithms. Applying the MobileNetV2’s convolutional neural network architecture, the work demonstrates a 97% accuracy in distinguishing normal and attack traffic. Further class refinements to 9 individual attack families (exploits, worms, shellcodes) show an overall 54% accuracy. Using feature importance rank, a random forest solution on subsets shows the most important source-destination factors and the least important ones as mainly obscure protocols. It further extends the image classification problem to other cybersecurity benchmarks such as malware signatures extracted from binary headers, with an 80% overall accuracy to detect computer viruses as portable executable files (headers only). Both novel image datasets are available to the research community on Kaggle.