HSTF-Model: an HTTP-based Trojan Detection Model via the Hierarchical Spatio-Temporal Features of Traffics
Jiang Xie, Shuhao Lia, Xiaochun Yun, Yongzheng Zhang, Peng Chang
TL;DR
This paper introduces HSTF-Model, a deep learning-based approach utilizing hierarchical spatio-temporal features from traffic data to detect HTTP-based Trojans with high accuracy and strong generalization across datasets.
Contribution
The paper presents a novel detection model combining CNN and LSTM for traffic analysis and introduces a new dataset, BTHT-2018, improving detection accuracy and generalization in Trojan detection.
Findings
Achieves F1 scores of 98.62%-99.81% on BTHT-2018
Outperforms existing methods with over 20% better F1 on ISCX-2012
Demonstrates strong generalization ability across datasets
Abstract
HTTP-based Trojan is extremely threatening, and it is difficult to be effectively detected because of its concealment and confusion. Previous detection methods usually are with poor generalization ability due to outdated datasets and reliance on manual feature extraction, which makes these methods always perform well under their private dataset, but poorly or even fail to work in real network environment. In this paper, we propose an HTTP-based Trojan detection model via the Hierarchical Spatio-Temporal Features of traffics (HSTF-Model) based on the formalized description of traffic spatio-temporal behavior from both packet level and flow level. In this model, we employ Convolutional Neural Network (CNN) to extract spatial information and Long Short-Term Memory (LSTM) to extract temporal information. In addition, we present a dataset consisting of Benign and Trojan HTTP Traffic…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.