Authors:
Amine Hattak
1
;
Giacomo Iadarola
1
;
Fabio Martinelli
1
;
Francesco Mercaldo
1
;
2
and
Antonella Santone
1
Affiliations:
1
Institute for Informatics and Telematics, National Research Council of Italy (CNR), Pisa, Italy
;
2
University of Molise, Campobasso, Italy
Keyword(s):
Network Traffic Classification, Deep Learning, Network Intrusion Detection, Explainable AI, Cybersecurity.
Abstract:
In light of the growing reliance on digital technology, the security of digital devices and networks has become a critical concern in the information technology industry. Network analysis can be helpful for identifying and mitigating network-based attacks, as it enables the monitoring of network behavior and the detection of anomalous activity. Through the use of network analysis, organizations can better defend against potential security threats and protect their interconnected digital systems. In this paper, we investigate the use of deep learning techniques for network traffic classification. A robust and explainable deep learning-based approach for traffic classification is proposed starting from raw traffic data represented in PCAP format. This latter will be transformed into visualized images, which are then used as input for deep-learning models in order to discriminate malicious activities. We evaluate the effectiveness of the proposed method, by evaluating two datasets compo
sed of 34389 network traces belonging to 35 categories: 25 related to different malware families and the remaining 10 categories belonging to trusted applications, reaching an accuracy equal to 96.8%. Moreover, we provide reasoning about model evaluation and the correctness of the models by taking into account a prediction explainability based on the visualization of the images generated from the network trace, of the areas symptomatic of a certain prediction.
(More)