BLATTA: Early Exploit Detection on Network Traffic with Recurrent Neural Networks
Detecting exploits is crucial since the effect of undetected ones can be devastating. Identifying their presence on the network allows us to respond and block their malicious payload before they cause damage to the system. Inspecting the payload of network traffic may offer better performance in det...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Hindawi-Wiley
2020-01-01
|
| Series: | Security and Communication Networks |
| Online Access: | http://dx.doi.org/10.1155/2020/8826038 |
| id |
doaj-79a2d0d9ca5d4abfa786752135296fa5 |
|---|---|
| record_format |
Article |
| spelling |
doaj-79a2d0d9ca5d4abfa786752135296fa52020-11-25T03:50:06ZengHindawi-WileySecurity and Communication Networks1939-01141939-01222020-01-01202010.1155/2020/88260388826038BLATTA: Early Exploit Detection on Network Traffic with Recurrent Neural NetworksBaskoro A. Pratomo0Pete Burnap1George Theodorakopoulos2School of Computer Science and Informatics, Cardiff University, Cardiff, UKSchool of Computer Science and Informatics, Cardiff University, Cardiff, UKSchool of Computer Science and Informatics, Cardiff University, Cardiff, UKDetecting exploits is crucial since the effect of undetected ones can be devastating. Identifying their presence on the network allows us to respond and block their malicious payload before they cause damage to the system. Inspecting the payload of network traffic may offer better performance in detecting exploits as they tend to hide their presence and behave similarly to legitimate traffic. Previous works on deep packet inspection for detecting malicious traffic regularly read the full length of application layer messages. As the length varies, longer messages will take more time to analyse, during which time the attack creates a disruptive impact on the system. Hence, we propose a novel early exploit detection mechanism that scans network traffic, reading only 35.21% of application layer messages to predict malicious traffic while retaining a 97.57% detection rate and a 1.93% false positive rate. Our recurrent neural network- (RNN-) based model is the first work to our knowledge that provides early prediction of malicious application layer messages, thus detecting a potential attack earlier than other state-of-the-art approaches and enabling a form of early warning system.http://dx.doi.org/10.1155/2020/8826038 |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Baskoro A. Pratomo Pete Burnap George Theodorakopoulos |
| spellingShingle |
Baskoro A. Pratomo Pete Burnap George Theodorakopoulos BLATTA: Early Exploit Detection on Network Traffic with Recurrent Neural Networks Security and Communication Networks |
| author_facet |
Baskoro A. Pratomo Pete Burnap George Theodorakopoulos |
| author_sort |
Baskoro A. Pratomo |
| title |
BLATTA: Early Exploit Detection on Network Traffic with Recurrent Neural Networks |
| title_short |
BLATTA: Early Exploit Detection on Network Traffic with Recurrent Neural Networks |
| title_full |
BLATTA: Early Exploit Detection on Network Traffic with Recurrent Neural Networks |
| title_fullStr |
BLATTA: Early Exploit Detection on Network Traffic with Recurrent Neural Networks |
| title_full_unstemmed |
BLATTA: Early Exploit Detection on Network Traffic with Recurrent Neural Networks |
| title_sort |
blatta: early exploit detection on network traffic with recurrent neural networks |
| publisher |
Hindawi-Wiley |
| series |
Security and Communication Networks |
| issn |
1939-0114 1939-0122 |
| publishDate |
2020-01-01 |
| description |
Detecting exploits is crucial since the effect of undetected ones can be devastating. Identifying their presence on the network allows us to respond and block their malicious payload before they cause damage to the system. Inspecting the payload of network traffic may offer better performance in detecting exploits as they tend to hide their presence and behave similarly to legitimate traffic. Previous works on deep packet inspection for detecting malicious traffic regularly read the full length of application layer messages. As the length varies, longer messages will take more time to analyse, during which time the attack creates a disruptive impact on the system. Hence, we propose a novel early exploit detection mechanism that scans network traffic, reading only 35.21% of application layer messages to predict malicious traffic while retaining a 97.57% detection rate and a 1.93% false positive rate. Our recurrent neural network- (RNN-) based model is the first work to our knowledge that provides early prediction of malicious application layer messages, thus detecting a potential attack earlier than other state-of-the-art approaches and enabling a form of early warning system. |
| url |
http://dx.doi.org/10.1155/2020/8826038 |
| work_keys_str_mv |
AT baskoroapratomo blattaearlyexploitdetectiononnetworktrafficwithrecurrentneuralnetworks AT peteburnap blattaearlyexploitdetectiononnetworktrafficwithrecurrentneuralnetworks AT georgetheodorakopoulos blattaearlyexploitdetectiononnetworktrafficwithrecurrentneuralnetworks |
| _version_ |
1715107299658301440 |