Ве молиме користете го овој идентификатор да го цитирате или поврзете овој запис:
http://hdl.handle.net/20.500.12188/21165
Наслов: | Feature extraction based on word embedding models for intrusion detection in network traffic | Authors: | Corizzo, Roberto Zdravevski, Eftim Russell, Myles Vagliano, Andrew Japkowicz, Nathalie |
Keywords: | Feature extraction, intrusion detection, network traffic, anomaly detection, word embeddings, language models | Issue Date: | 28-дек-2020 | Publisher: | OAE Publishing Inc. | Journal: | Journal of Surveillance, Security and Safety | Abstract: | Aim: The analysis of network traffic plays a crucial role in modern organizations since it can provide defense mechanisms against cyberattacks. In this context, machine learning algorithms can be fruitfully adopted to identify malicious patterns in network sessions. However, they cannot be directly applied to a raw data representation of network traffic. An active thread of research focuses on the design and implementation of feature extraction techniques that aim at mapping raw data representations of network traffic sessions to a new representation that can be processed by machine learning algorithms. Methods: In this paper, we propose a feature extraction approach based on word embedding models. The proposed approach extracts semantic features characterized by contextual information that is hidden in the raw data representation. Results: Our experiments conducted on three datasets showed that our feature extraction approach based on word embedding models has the potential to increase the classification performance of conventional machine learning algorithms that are applied to intrusion detection, and it is competitive with known feature extraction baselines in the state-of-the-art. Conclusion: This study shows that word embedding models can be used to carry out intrusion detection tasks accurately. Feature extraction based on word embedding models requires a higher computational time than simpler techniques, but leads to a higher accuracy, which is important for the identification of complex attacks. | URI: | http://hdl.handle.net/20.500.12188/21165 |
Appears in Collections: | Faculty of Computer Science and Engineering: Journal Articles |
Прикажи целосна запис
Записите во DSpace се заштитени со авторски права, со сите права задржани, освен ако не е поинаку наведено.