Machine Learning for Raw Network Traffic Detection

Increasingly cyber-attacks are sophisticated and occur rapidly, necessitating the use of machine learning techniques for detection at machine speed. However, the use of traditional machine learning techniques in cyber security requires the extraction of features from the raw network traffic. Thus, subject matter expertise is essential to analyze the network traffic and extract optimum features to detect a cyber-attack. Consequently, we propose a novel machine learning algorithm for malicious network traffic detection using only the bytes of the raw network traffic. The feature vector in our machine learning method is a structure containing the headers and a variable number of payload bytes. We propose a 1D-Convolutional Neural Network (1D-CNN) and Feed Forward Network for detection of malicious packets using raw network bytes. Additionally, we compare the performance of the proposed deep learning models with both a non-linear and linear Support Vector Machine and Multinomial Naive Bayes machine learning models. We leverage the UNSW-NB15 dataset for evaluation of our novel classifier using raw network traffic. Subsequently, the UNSW-NB15 packet captures are labeled based on correlation between a hash of the standard 5-tuple and time stamp in the CSV file containing the labels (viz., malicious or benign). Our novel 1D-CNN classifier achieves an accuracy and F1 score of 98.99%. Thus, our method demonstrates the utility of using raw network traffic coupled with machine learning and reduces the need for a subject matter expert to perform feature engineering.