Automatic Multi-task Learning System for Abnormal Network Traffic Detection

Authors

  • He Huang National Network New Media Engineering Research Center, Institute of Acoustics, University of Chinese Academy of Science
  • Haojiang Deng National Network New Media Engineering Research Center, Institute of Acoustics, University of Chinese Academy of Science
  • Jun Chen National Network New Media Engineering Research Center, Institute of Acoustics, University of Chinese Academy of Science
  • Luchao Han National Network New Media Engineering Research Center, Institute of Acoustics, University of Chinese Academy of Science
  • Wei Wang Department of Automation, University of Science and Technology of China

DOI:

https://doi.org/10.3991/ijet.v13i04.8466

Keywords:

Machine learning, Automatic learning systems, Multi-task learning, End-to-end learning, Network anomaly detection

Abstract


Since the last decade of the 20th century, the Internet had become flourishing, which drew great interest in the detection of abnormal network traffic. Particular-ly, it’s impossible to manually detect the abnormal patterns from enormous traffic flow in real time. Therefore, multiple machine learning methods are adopted to solve this learning problem. Those methods differ in mathematical models, knowledge models, application scenarios and target flows. In recent years, as a consequence of the technological breakthrough of Web 3.0, the traditional types of traffic classifiers are getting outdated and people start to focus on deep learning methods. Deep learning provides the potential for end-to-end learning systems to automatically learn the abnormal patterns without massive feature engineering, saving plenty of detecting time. In this study, to further save both memory and times of learning systems, we propose a novel multi-task learning system based on convolutional neural network, which can simultaneously solve the tasks of malware detection, VPN-capsulation recognition and Trojan classification. To the best of our knowledge, it’s the first time to apply an end-to-end multi-task learn-ing system in traffic classification. In order to validate this method, we establish experiments on public malware dataset CTU-13 and VPN traffic dataset ISCX. Our system found a synergy among all these tasks and managed to achieve the state-of-the-art output for most of the experiments.

Author Biographies

He Huang, National Network New Media Engineering Research Center, Institute of Acoustics, University of Chinese Academy of Science

He Huang, a Ph.D. candidate in signal and information processing from Institute of Acoustics, Chinese Academy of Sciences (IACAS). His research interests include Network Security and AI (Artificial Intelligence).

Haojiang Deng, National Network New Media Engineering Research Center, Institute of Acoustics, University of Chinese Academy of Science

Haojiang Deng, the vice director of National Network New Media Engineering Re-search Center, IACAS. His research interests include network communications and new media technology.

Jun Chen, National Network New Media Engineering Research Center, Institute of Acoustics, University of Chinese Academy of Science

Jun Chen, a professor in IACAS. Her research activities have been concerned with information system security,network protocol analysis, and streaming media pro-cessing.

Luchao Han, National Network New Media Engineering Research Center, Institute of Acoustics, University of Chinese Academy of Science

Luchao Han, a Ph.D. candidate in signal and information processing from IACAS. His research interests include computer network and deep learning.

Wei Wang, Department of Automation, University of Science and Technology of China

Wei Wang, a Ph.D. candidate at the University of Science and Technology of China, Hefei, China. His research interests include machine learning and cyberspace security.

Downloads

Published

2018-03-30

How to Cite

Huang, H., Deng, H., Chen, J., Han, L., & Wang, W. (2018). Automatic Multi-task Learning System for Abnormal Network Traffic Detection. International Journal of Emerging Technologies in Learning (iJET), 13(04), pp. 4–20. https://doi.org/10.3991/ijet.v13i04.8466

Issue

Vol. 13 No. 04 (2018)

Section

Papers

License

The submitting author warrants that the submission is original and that she/he is the author of the submission together with the named co-authors; to the extend the submission incorporates text passages, figures, data or other material from the work of others, the submitting author has obtained any necessary permission.
Articles in this journal are published under the Creative Commons Attribution Licence (CC-BY What does this mean?). This is to get more legal certainty about what readers can do with published articles, and thus a wider dissemination and archiving, which in turn makes publishing with this journal more valuable for you, the authors.
By submitting an article the author grants to this journal the non-exclusive right to publish it. The author retains the copyright and the publishing rights for his article without any restrictions.
This journal has been awarded the SPARC Europe Seal for Open Access Journals (What's this?)