5 research outputs found
Payload-Byte: A Tool for Extracting and Labeling Packet Capture Files of Modern Network Intrusion Detection Datasets
Adapting modern approaches for network intrusion detection is becoming critical, given the rapid technological advancement and adversarial attack rates. Therefore, packet-based methods utilizing payload data are gaining much popularity due to their effectiveness in detecting certain attacks. However, packet-based approaches suffer from a lack of standardization, resulting in incomparability and reproducibility issues. Unlike flow-based datasets, no standard labeled dataset exists, forcing researchers to follow bespoke labeling pipelines for individual approaches. Without a standardized baseline, proposed approaches cannot be compared and evaluated with each other. One cannot gauge whether the proposed approach is a methodological advancement or is just being benefited from the proprietary interpretation of the dataset. Addressing comparability and reproducibility issues, we introduce Payload-Byte, an open-source tool for extracting and labeling network packets in this work. Payload-Byte utilizes metadata information and labels raw traffic captures of modern intrusion detection datasets in a generalized manner. Moreover, we transformed the labeled data into a byte-wise feature vector that can be utilized for training machine learning models. The whole cycle of processing and labeling is explicitly stated in this work. Furthermore, source code and processed data are made publicly available so that it may act as a standardized baseline for future research work. Lastly, we present a brief comparative analysis of machine learning models trained on packet-based and flow-based data
DTAAD: Dual Tcn-Attention Networks for Anomaly Detection in Multivariate Time Series Data
Anomaly detection techniques enable effective anomaly detection and diagnosis
in multi-variate time series data, which are of major significance for today's
industrial applications. However, establishing an anomaly detection system that
can be rapidly and accurately located is a challenging problem due to the lack
of outlier tags, the high dimensional complexity of the data, memory
bottlenecks in the actual hardware, and the need for fast reasoning. We have
proposed an anomaly detection and diagnosis model -- DTAAD in this paper, based
on Transformer, and Dual Temporal Convolutional Network(TCN). Our overall model
will be an integrated design in which autoregressive model(AR) combines
autoencoder(AE) structures, and scaling methods and feedback mechanisms are
introduced to improve prediction accuracy and expand correlation differences.
Constructed by us, the Dual TCN-Attention Network (DTA) only uses a single
layer of Transformer encoder in our baseline experiment, that belongs to an
ultra-lightweight model. Our extensive experiments on six publicly datasets
validate that DTAAD exceeds current most advanced baseline methods in both
detection and diagnostic performance. Specifically, DTAAD improved F1 scores by
, and reduced training time by compared to baseline. The code
and training scripts are publicly on GitHub at
https://github.com/Yu-Lingrui/DTAAD
Jornadas Nacionales de Investigaci贸n en Ciberseguridad: actas de las VIII Jornadas Nacionales de Investigaci贸n en ciberseguridad: Vigo, 21 a 23 de junio de 2023
Jornadas Nacionales de Investigaci贸n en Ciberseguridad (8陋. 2023. Vigo)atlanTTicAMTEGA: Axencia para a modernizaci贸n tecnol贸xica de GaliciaINCIBE: Instituto Nacional de Cibersegurida