Packet2Vec: Utilizing Word2Vec for Feature Extraction in Packet Data

TL;DR

This paper introduces Packet2Vec, a novel method adapting Word2Vec for automatic feature extraction from raw network packet data to improve intrusion detection accuracy.

Contribution

Packet2Vec is the first approach to apply Word2Vec to network packet data for feature extraction in intrusion detection tasks.

Findings

Achieved high AUC scores between 0.988-0.996 for ROC.

Obtained AUC between 0.604-0.667 for Precision/Recall.

Demonstrated effectiveness of deep learning-based feature extraction.

Abstract

One of deep learning's attractive benefits is the ability to automatically extract relevant features for a target problem from largely raw data, instead of utilizing human engineered and error prone handcrafted features. While deep learning has shown success in fields such as image classification and natural language processing, its application for feature extraction on raw network packet data for intrusion detection is largely unexplored. In this paper we modify a Word2Vec approach, used for text processing, and apply it to packet data for automatic feature extraction. We call this approach Packet2Vec. For the classification task of benign versus malicious traffic on a 2009 DARPA network data set, we obtain an area under the curve (AUC) of the receiver operating characteristic (ROC) between 0.988-0.996 and an AUC of the Precision/Recall curve between 0.604-0.667.