MTD-FRD: Malicious traffic detection method based on feature representation and conditional diffusion model

IF 7.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications Pub Date : 2025-07-01 DOI:10.1016/j.jnca.2025.104256

Saihua Cai , Wenjun Zhao , Jinfu Chen , Yige Zhao , Shengran Wang

{"title":"MTD-FRD: Malicious traffic detection method based on feature representation and conditional diffusion model","authors":"Saihua Cai , Wenjun Zhao , Jinfu Chen , Yige Zhao , Shengran Wang","doi":"10.1016/j.jnca.2025.104256","DOIUrl":null,"url":null,"abstract":"<div><div>With the rapid development of computer network, security issues are more serious. Malicious traffic detection can effectively discover the malicious behaviors in network activities through detecting the malicious traffic in large-scale network traffic, and it has become an important mean to maintain the cyberspace security. However, traditional malicious traffic detection methods analyze the traffic behavior by processing the network traffic in the formats such as PCAP, CSV and gray-scale images, they cannot fully extract the deep association information in network traffic, leading to the problems such as unclear feature representations. In addition, data imbalance problem existing in network traffic can cause the training of detection model to bias towards normal traffic, and further resulting in high false negatives and weakening the model’s ability to recognize new types of attacks, which seriously affects the accuracy of malicious traffic detection models. This paper proposes a malicious traffic detection method called MTD-FRD, which accurately detects the malicious traffic via introducing feature representation of RGB images, conditional diffusion model and bidirectional traffic channel attention long and short-term memory network (BTCA_LSTM). Firstly, the feature representation of RGB images is constructed for preserving the detailed structural features and distribution information of network traffic, which improves the feature characterization ability. And then, a network conditional diffusion model is proposed to denoise the original network traffic, which utilizes the distribution conditions of RGB images and their own features to generate the high-quality RGB images for solving the data imbalance problem. Finally, a BTCA_LSTM model is constructed to achieve efficient malicious traffic detection by extracting the fine-grained features, local features and contextual correlations in the RGB images after data augmentation. Experimental results on three widely used network traffic show that compared with five state-of-the-arts, the proposed MTD-FRD method is able to improve the TPR, F1-measure and Accuracy by 1.34%–7.51%, 1.40%–7.51% and 1.30%–12.28%, as well as reduce the FPR by 0.022%–0.484%, it also achieves more stable detection validity.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104256"},"PeriodicalIF":7.7000,"publicationDate":"2025-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1084804525001535","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

With the rapid development of computer network, security issues are more serious. Malicious traffic detection can effectively discover the malicious behaviors in network activities through detecting the malicious traffic in large-scale network traffic, and it has become an important mean to maintain the cyberspace security. However, traditional malicious traffic detection methods analyze the traffic behavior by processing the network traffic in the formats such as PCAP, CSV and gray-scale images, they cannot fully extract the deep association information in network traffic, leading to the problems such as unclear feature representations. In addition, data imbalance problem existing in network traffic can cause the training of detection model to bias towards normal traffic, and further resulting in high false negatives and weakening the model’s ability to recognize new types of attacks, which seriously affects the accuracy of malicious traffic detection models. This paper proposes a malicious traffic detection method called MTD-FRD, which accurately detects the malicious traffic via introducing feature representation of RGB images, conditional diffusion model and bidirectional traffic channel attention long and short-term memory network (BTCA_LSTM). Firstly, the feature representation of RGB images is constructed for preserving the detailed structural features and distribution information of network traffic, which improves the feature characterization ability. And then, a network conditional diffusion model is proposed to denoise the original network traffic, which utilizes the distribution conditions of RGB images and their own features to generate the high-quality RGB images for solving the data imbalance problem. Finally, a BTCA_LSTM model is constructed to achieve efficient malicious traffic detection by extracting the fine-grained features, local features and contextual correlations in the RGB images after data augmentation. Experimental results on three widely used network traffic show that compared with five state-of-the-arts, the proposed MTD-FRD method is able to improve the TPR, F1-measure and Accuracy by 1.34%–7.51%, 1.40%–7.51% and 1.30%–12.28%, as well as reduce the FPR by 0.022%–0.484%, it also achieves more stable detection validity.

查看原文本刊更多论文

MTD-FRD：基于特征表示和条件扩散模型的恶意流量检测方法

随着计算机网络的飞速发展，安全问题日益严重。恶意流量检测通过对大规模网络流量中的恶意流量进行检测，可以有效地发现网络活动中的恶意行为，已成为维护网络空间安全的重要手段。然而，传统的恶意流量检测方法通过处理PCAP、CSV、灰度图像等格式的网络流量来分析流量行为，无法充分提取网络流量中的深层关联信息，导致特征表示不清等问题。此外，网络流量中存在的数据不平衡问题会导致检测模型的训练偏向正常流量，进而导致高假阴性，削弱了模型对新型攻击的识别能力，严重影响了恶意流量检测模型的准确性。本文提出了一种MTD-FRD恶意流量检测方法，该方法通过引入RGB图像特征表示、条件扩散模型和双向流量通道注意长短期记忆网络（BTCA_LSTM）对恶意流量进行准确检测。首先，构建RGB图像的特征表示，保留网络流量的详细结构特征和分布信息，提高特征表征能力；然后，提出一种网络条件扩散模型对原始网络流量进行降噪，利用RGB图像的分布条件及其自身特征生成高质量的RGB图像，解决数据不平衡问题。最后，构建BTCA_LSTM模型，通过提取数据增强后的RGB图像中的细粒度特征、局部特征和上下文相关性，实现高效的恶意流量检测。在三种广泛应用的网络流量上的实验结果表明，与五种最先进的检测方法相比，所提出的MTD-FRD方法的TPR、f1测度和准确率分别提高了1.34% ~ 7.51%、1.40% ~ 7.51%和1.30% ~ 12.28%，FPR降低了0.022% ~ 0.484%，检测有效性也更加稳定。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Network and Computer Applications 工程技术-计算机：跨学科应用

CiteScore

21.50

自引率

3.40%

发文量

142

审稿时长

37 days

期刊介绍： The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.