A method based on hierarchical spatiotemporal features for trojan traffic detection
Jiang Xie, Shuhao Li, Yongzheng Zhang, Xiaochun Yun, Jia Li
TL;DR
This paper introduces a neural network model leveraging hierarchical spatiotemporal features for detecting HTTP-based Trojan traffic, achieving high accuracy and incorporating expert knowledge to enhance self-learning.
Contribution
The paper presents a novel HSTF-Model that combines deep learning with expert features for improved Trojan traffic detection, along with a new dataset BTHT.
Findings
F1 score of 99.4% on real traffic
Effective detection of concealed Trojan traffic
Integration of deep learning and expert knowledge
Abstract
Trojans are one of the most threatening network attacks currently. HTTP-based Trojan, in particular, accounts for a considerable proportion of them. Moreover, as the network environment becomes more complex, HTTP-based Trojan is more concealed than others. At present, many intrusion detection systems (IDSs) are increasingly difficult to effectively detect such Trojan traffic due to the inherent shortcomings of the methods used and the backwardness of training data. Classical anomaly detection and traditional machine learning-based (TML-based) anomaly detection are highly dependent on expert knowledge to extract features artificially, which is difficult to implement in HTTP-based Trojan traffic detection. Deep learning-based (DL-based) anomaly detection has been locally applied to IDSs, but it cannot be transplanted to HTTP-based Trojan traffic detection directly. To solve this problem,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting · Network Security and Intrusion Detection · Advanced Malware Detection Techniques