Controlling Network Traffic Microstructures for Machine-Learning Model Probing

Henry Clausen; Robert Flood; David Aspinall

doi:10.1007/978-3-030-90019-9_23

Controlling Network Traffic Microstructures for Machine-Learning Model Probing

Henry Clausen, Robert Flood, David Aspinall

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Network intrusion detection (NID) models increasingly rely on learning traffic microstructures that consist of pattern sequences in features such as interarrival time, size, or packet flags. We argue that precise and reproducible control over traffic microstructures is crucial to understand and improve NID-model behaviour. We demonstrate that probing a traffic classifier with appropriately generated microstructures reveals links between misclassifications and traffic characteristics, and correspondingly lets us improve the false positive rate by more than 500%. We examine how specific factors such as network congestion, load, conducted activity, or protocol implementation impact traffic microstructures, and how well their influence can be isolated in a controlled and near-deterministic traffic generation process. We then introduce DetGen, a traffic generation tool that provides precise microstructure control, and demonstrate how to generate traffic suitable to probe pre-trained NIDmodels.

Original language	English
Title of host publication	Security and Privacy in Communication Networks
Publisher	Springer
Pages	456-475
Number of pages	20
ISBN (Electronic)	978-3-030-90019-9
ISBN (Print)	978-3-030-90018-2
DOIs	https://doi.org/10.1007/978-3-030-90019-9_23
Publication status	Published - 3 Nov 2021
Event	17th EAI International Conference on Security and Privacy in Communication Networks - Online Duration: 6 Sept 2021 → 9 Sept 2021 https://securecomm.eai-conferences.org/2021/

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Volume	398
ISSN (Print)	1867-8211
ISSN (Electronic)	1867-822X

Conference

Conference	17th EAI International Conference on Security and Privacy in Communication Networks
Abbreviated title	EAI SecureComm 2021
Period	6/09/21 → 9/09/21
Internet address	https://securecomm.eai-conferences.org/2021/

Keywords / Materials (for Non-textual outputs)

Data generation
network intrusion detection
Machine learning
Model development
Containerisation

Access to Document

10.1007/978-3-030-90019-9_23Licence: All Rights Reserved

Controlling network traffic_CLAUSEN_DOA25052021_AFVAccepted author manuscript, 557 KBLicence: All Rights Reserved

https://link.springer.com/chapter/10.1007/978-3-030-90019-9_23Licence: All Rights Reserved

Cite this

@inproceedings{ae2392713175430e9af0b305e537e01c,

title = "Controlling Network Traffic Microstructures for Machine-Learning Model Probing",

abstract = "Network intrusion detection (NID) models increasingly rely on learning traffic microstructures that consist of pattern sequences in features such as interarrival time, size, or packet flags. We argue that precise and reproducible control over traffic microstructures is crucial to understand and improve NID-model behaviour. We demonstrate that probing a traffic classifier with appropriately generated microstructures reveals links between misclassifications and traffic characteristics, and correspondingly lets us improve the false positive rate by more than 500%. We examine how specific factors such as network congestion, load, conducted activity, or protocol implementation impact traffic microstructures, and how well their influence can be isolated in a controlled and near-deterministic traffic generation process. We then introduce DetGen, a traffic generation tool that provides precise microstructure control, and demonstrate how to generate traffic suitable to probe pre-trained NIDmodels.",

keywords = "Data generation, network intrusion detection, Machine learning, Model development, Containerisation",

author = "Henry Clausen and Robert Flood and David Aspinall",

year = "2021",

month = nov,

day = "3",

doi = "10.1007/978-3-030-90019-9_23",

language = "English",

isbn = "978-3-030-90018-2",

series = "Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering",

publisher = "Springer",

pages = "456--475",

booktitle = "Security and Privacy in Communication Networks",

address = "United Kingdom",

note = "17th EAI International Conference on Security and Privacy in Communication Networks, EAI SecureComm 2021 ; Conference date: 06-09-2021 Through 09-09-2021",

url = "https://securecomm.eai-conferences.org/2021/",

}

Clausen, H, Flood, R & Aspinall, D 2021, Controlling Network Traffic Microstructures for Machine-Learning Model Probing. in Security and Privacy in Communication Networks. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 398, Springer, pp. 456-475, 17th EAI International Conference on Security and Privacy in Communication Networks, 6/09/21. https://doi.org/10.1007/978-3-030-90019-9_23

Controlling Network Traffic Microstructures for Machine-Learning Model Probing. / Clausen, Henry; Flood, Robert; Aspinall, David.
Security and Privacy in Communication Networks. Springer, 2021. p. 456-475 (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering; Vol. 398).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Controlling Network Traffic Microstructures for Machine-Learning Model Probing

AU - Clausen, Henry

AU - Flood, Robert

AU - Aspinall, David

PY - 2021/11/3

Y1 - 2021/11/3

N2 - Network intrusion detection (NID) models increasingly rely on learning traffic microstructures that consist of pattern sequences in features such as interarrival time, size, or packet flags. We argue that precise and reproducible control over traffic microstructures is crucial to understand and improve NID-model behaviour. We demonstrate that probing a traffic classifier with appropriately generated microstructures reveals links between misclassifications and traffic characteristics, and correspondingly lets us improve the false positive rate by more than 500%. We examine how specific factors such as network congestion, load, conducted activity, or protocol implementation impact traffic microstructures, and how well their influence can be isolated in a controlled and near-deterministic traffic generation process. We then introduce DetGen, a traffic generation tool that provides precise microstructure control, and demonstrate how to generate traffic suitable to probe pre-trained NIDmodels.

AB - Network intrusion detection (NID) models increasingly rely on learning traffic microstructures that consist of pattern sequences in features such as interarrival time, size, or packet flags. We argue that precise and reproducible control over traffic microstructures is crucial to understand and improve NID-model behaviour. We demonstrate that probing a traffic classifier with appropriately generated microstructures reveals links between misclassifications and traffic characteristics, and correspondingly lets us improve the false positive rate by more than 500%. We examine how specific factors such as network congestion, load, conducted activity, or protocol implementation impact traffic microstructures, and how well their influence can be isolated in a controlled and near-deterministic traffic generation process. We then introduce DetGen, a traffic generation tool that provides precise microstructure control, and demonstrate how to generate traffic suitable to probe pre-trained NIDmodels.

KW - Data generation

KW - network intrusion detection

KW - Machine learning

KW - Model development

KW - Containerisation

U2 - 10.1007/978-3-030-90019-9_23

DO - 10.1007/978-3-030-90019-9_23

M3 - Conference contribution

SN - 978-3-030-90018-2

T3 - Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

SP - 456

EP - 475

BT - Security and Privacy in Communication Networks

PB - Springer

T2 - 17th EAI International Conference on Security and Privacy in Communication Networks

Y2 - 6 September 2021 through 9 September 2021

ER -

Controlling Network Traffic Microstructures for Machine-Learning Model Probing

Abstract

Publication series

Conference

Keywords / Materials (for Non-textual outputs)

Access to Document

Fingerprint

Cite this