FA-net: Attention-based Fusion Network For Malware HTTPs Traffic Classification

2021 IEEE Symposium on Computers and Communications (ISCC) Pub Date : 2021-09-05 DOI:10.1109/ISCC53001.2021.9631419

Siqi Liu, Yanni Han, Yanjie Hu, Q. Tan

{"title":"FA-net: Attention-based Fusion Network For Malware HTTPs Traffic Classification","authors":"Siqi Liu, Yanni Han, Yanjie Hu, Q. Tan","doi":"10.1109/ISCC53001.2021.9631419","DOIUrl":null,"url":null,"abstract":"With the wide application of HTTPs, malware HTTPs traffic classification is usually the first step in anomaly detection system. The existing classification methods mainly use the raw bytes (containing the discriminative features) or the statistical features (containing the global information) as the input, which leads to a low Fl-score. Therefore, this paper presents a novel Attention-based Fusion Network (FA-net), which combines two types of features properly to improve the classification performance. FA-net consists of three sub-networks: RF -net and SF -net extract the representative features of raw bytes and statistical features through the Convolutional Neural Network (CNN) and reconstruction mechanism respectively, and C-net combines two types of features through the attention mechanism and a regulating factor. The experiments indicate that FA-net obtains markedly better results (the average Fl-score of 0.941 and 0.997 respectively on two datasets) than the baselines. We also explore the influence of different regulating factor values on classification performance.","PeriodicalId":270786,"journal":{"name":"2021 IEEE Symposium on Computers and Communications (ISCC)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE Symposium on Computers and Communications (ISCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC53001.2021.9631419","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

With the wide application of HTTPs, malware HTTPs traffic classification is usually the first step in anomaly detection system. The existing classification methods mainly use the raw bytes (containing the discriminative features) or the statistical features (containing the global information) as the input, which leads to a low Fl-score. Therefore, this paper presents a novel Attention-based Fusion Network (FA-net), which combines two types of features properly to improve the classification performance. FA-net consists of three sub-networks: RF -net and SF -net extract the representative features of raw bytes and statistical features through the Convolutional Neural Network (CNN) and reconstruction mechanism respectively, and C-net combines two types of features through the attention mechanism and a regulating factor. The experiments indicate that FA-net obtains markedly better results (the average Fl-score of 0.941 and 0.997 respectively on two datasets) than the baselines. We also explore the influence of different regulating factor values on classification performance.

查看原文本刊更多论文

FA-net:基于注意力的恶意HTTPs流量分类融合网络

随着HTTPs的广泛应用，恶意HTTPs流量分类通常是异常检测系统的第一步。现有的分类方法主要使用原始字节(包含判别特征)或统计特征(包含全局信息)作为输入，导致Fl-score较低。为此，本文提出了一种新的基于注意力的融合网络(FA-net)，该网络将两种特征相结合，以提高分类性能。FA-net由三个子网络组成:RF -net和SF -net分别通过卷积神经网络(CNN)和重构机制提取原始字节代表特征和统计特征，C-net通过注意机制和调节因子将两类特征结合起来。实验表明，FA-net得到的结果明显优于基线，在两个数据集上的平均fl分数分别为0.941和0.997。我们还探讨了不同调节因子值对分类性能的影响。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE Symposium on Computers and Communications (ISCC)

自引率

0.00%

发文量