Controlling Network Traffic Microstructures for Machine-Learning Model Probing

Henry Clausen, Robert Flood, David Aspinall

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Network intrusion detection (NID) models increasingly rely on learning traffic microstructures that consist of pattern sequences in features such as interarrival time, size, or packet flags. We argue that precise and reproducible control over traffic microstructures is crucial to understand and improve NID-model behaviour. We demonstrate that probing a traffic classifier with appropriately generated microstructures reveals links between misclassifications and traffic characteristics, and correspondingly lets us improve the false positive rate by more than 500%. We examine how specific factors such as network congestion, load, conducted activity, or protocol implementation impact traffic microstructures, and how well their influence can be isolated in a controlled and near-deterministic traffic generation process. We then introduce DetGen, a traffic generation tool that provides precise microstructure control, and demonstrate how to generate traffic suitable to probe pre-trained NIDmodels.
Original languageEnglish
Title of host publicationSecurity and Privacy in Communication Networks
PublisherSpringer, Cham
Pages456-475
Number of pages20
ISBN (Electronic)978-3-030-90019-9
ISBN (Print)978-3-030-90018-2
DOIs
Publication statusPublished - 3 Nov 2021
Event17th EAI International Conference on Security and Privacy in Communication Networks - Online
Duration: 6 Sep 20219 Sep 2021
https://securecomm.eai-conferences.org/2021/

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Volume398
ISSN (Print)1867-8211
ISSN (Electronic)1867-822X

Conference

Conference17th EAI International Conference on Security and Privacy in Communication Networks
Abbreviated titleEAI SecureComm 2021
Period6/09/219/09/21
Internet address

Keywords

  • Data generation
  • network intrusion detection
  • Machine learning
  • Model development
  • Containerisation

Fingerprint

Dive into the research topics of 'Controlling Network Traffic Microstructures for Machine-Learning Model Probing'. Together they form a unique fingerprint.

Cite this