Preliminary study on artificial intelligence methods for cybersecurity threat detection in computer networks based on raw data packets

TL;DR

This paper explores deep learning techniques for real-time cybersecurity threat detection directly from raw network packets, proposing a novel image-based approach to improve detection speed and accuracy.

Contribution

It introduces a new method of representing raw network packets as images for deep learning, enabling direct feature extraction without relying on traffic flow characteristics.

Findings

Effective detection of attacks from raw packet images

Real-time processing capability demonstrated

Utilization of CIC IDS-2017 dataset for validation

Abstract

Most of the intrusion detection methods in computer networks are based on traffic flow characteristics. However, this approach may not fully exploit the potential of deep learning algorithms to directly extract features and patterns from raw packets. Moreover, it impedes real-time monitoring due to the necessity of waiting for the processing pipeline to complete and introduces dependencies on additional software components. In this paper, we investigate deep learning methodologies capable of detecting attacks in real-time directly from raw packet data within network traffic. We propose a novel approach where packets are stacked into windows and separately recognised, with a 2D image representation suitable for processing with computer vision models. Our investigation utilizes the CIC IDS-2017 dataset, which includes both benign traffic and prevalent real-world attacks, providing a comprehensive foundation for our research.