Automatic Multi-task Learning System for Abnormal Network Traffic Detection
Keywords:Machine learning, Automatic learning systems, Multi-task learning, End-to-end learning, Network anomaly detection
Since the last decade of the 20th century, the Internet had become flourishing, which drew great interest in the detection of abnormal network traffic. Particular-ly, it’s impossible to manually detect the abnormal patterns from enormous traffic flow in real time. Therefore, multiple machine learning methods are adopted to solve this learning problem. Those methods differ in mathematical models, knowledge models, application scenarios and target flows. In recent years, as a consequence of the technological breakthrough of Web 3.0, the traditional types of traffic classifiers are getting outdated and people start to focus on deep learning methods. Deep learning provides the potential for end-to-end learning systems to automatically learn the abnormal patterns without massive feature engineering, saving plenty of detecting time. In this study, to further save both memory and times of learning systems, we propose a novel multi-task learning system based on convolutional neural network, which can simultaneously solve the tasks of malware detection, VPN-capsulation recognition and Trojan classification. To the best of our knowledge, it’s the first time to apply an end-to-end multi-task learn-ing system in traffic classification. In order to validate this method, we establish experiments on public malware dataset CTU-13 and VPN traffic dataset ISCX. Our system found a synergy among all these tasks and managed to achieve the state-of-the-art output for most of the experiments.
How to Cite
The submitting author warrants that the submission is original and that she/he is the author of the submission together with the named co-authors; to the extend the submission incorporates text passages, figures, data or other material from the work of others, the submitting author has obtained any necessary permission.
Articles in this journal are published under the Creative Commons Attribution Licence (CC-BY What does this mean?). This is to get more legal certainty about what readers can do with published articles, and thus a wider dissemination and archiving, which in turn makes publishing with this journal more valuable for you, the authors.
By submitting an article the author grants to this journal the non-exclusive right to publish it. The author retains the copyright and the publishing rights for his article without any restrictions.
This journal has been awarded the SPARC Europe Seal for Open Access Journals (What's this?)