Proteus: A Difficulty-Aware Deep Learning Framework for Real-Time Malicious Traffic Detection

Chupeng Cui; Qing Li; Guorui Xie; Ruoyu Li; Dan Zhao; Zhenhui Yuan; Yong Jiang

doi:10.1109/icnp61940.2024.10858520

Proteus: A Difficulty-Aware Deep Learning Framework for Real-Time Malicious Traffic Detection

Chupeng Cui, Qing Li^*, Guorui Xie, Ruoyu Li, Dan Zhao, Zhenhui Yuan, Yong Jiang

^*Corresponding author for this work

Computer and Information Sciences Department

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Citation (Scopus)

Abstract

Deep learning (DL) has been recently used for malicious traffic detection. However, DL models are often faced with a dilemma between model size and performance: larger models have better accuracy, but suffer from high detection latency, which severely impacts realtime traffic performance, while lightweight models have low detection latencies, but sacrifice accuracy. In this paper, we introduce Proteus, a swift and precise attack detection framework that adaptively adjusts DL models in real-time based on sample detection difficulty. To address diverse detection difficulties in traffic data, we devise a Double Dynamic Convolutional Neural Network (DDCN) with two pivotal modules: the Dynamic Feature Campaign (DFC) and the Tailor Module (TM). DFC enables the model to discern and accentuate the most influential features, while TM autonomously gauges sample difficulty, cropping the overall model. We further design an auxiliary detection module to streamline the detection, especially for network devices like routers lacking GPUs but equipped with multiple CPU cores. Experiments on different network devices show that Proteus completes the detection of each flow within 0.6 ms, and achieves 99.34% detection accuracy, outperforming other solutions.

Original language	English
Title of host publication	2024 IEEE 32nd International Conference on Network Protocols (ICNP)
Place of Publication	Piscataway, US
Publisher	IEEE
Pages	1-12
Number of pages	12
ISBN (Electronic)	9798350351712
ISBN (Print)	9798350351729
DOIs	https://doi.org/10.1109/icnp61940.2024.10858520
Publication status	Published - 28 Oct 2024
Event	IEEE ICNP 2024: The 32nd IEEE International Conference on Network Protocols - Charleroi, Belgium Duration: 28 Oct 2024 → 31 Oct 2024 https://icnp24.cs.ucr.edu/

Publication series

Name	International Conference on Network Protocols (ICNP)
Publisher	IEEE
ISSN (Print)	1092-1648
ISSN (Electronic)	2643-3303

Conference

Conference	IEEE ICNP 2024: The 32nd IEEE International Conference on Network Protocols
Country/Territory	Belgium
City	Charleroi
Period	28/10/24 → 31/10/24
Internet address	https://icnp24.cs.ucr.edu/

Keywords

Machine learning
malicious web traffic detection
low latency
security

Access to Document

10.1109/icnp61940.2024.10858520

Cite this

@inproceedings{030cbaa46f594030aaf311c8b69cf0f8,

title = "Proteus: A Difficulty-Aware Deep Learning Framework for Real-Time Malicious Traffic Detection",

abstract = "Deep learning (DL) has been recently used for malicious traffic detection. However, DL models are often faced with a dilemma between model size and performance: larger models have better accuracy, but suffer from high detection latency, which severely impacts realtime traffic performance, while lightweight models have low detection latencies, but sacrifice accuracy. In this paper, we introduce Proteus, a swift and precise attack detection framework that adaptively adjusts DL models in real-time based on sample detection difficulty. To address diverse detection difficulties in traffic data, we devise a Double Dynamic Convolutional Neural Network (DDCN) with two pivotal modules: the Dynamic Feature Campaign (DFC) and the Tailor Module (TM). DFC enables the model to discern and accentuate the most influential features, while TM autonomously gauges sample difficulty, cropping the overall model. We further design an auxiliary detection module to streamline the detection, especially for network devices like routers lacking GPUs but equipped with multiple CPU cores. Experiments on different network devices show that Proteus completes the detection of each flow within 0.6 ms, and achieves 99.34% detection accuracy, outperforming other solutions.",

keywords = "Machine learning, malicious web traffic detection, low latency, security",

author = "Chupeng Cui and Qing Li and Guorui Xie and Ruoyu Li and Dan Zhao and Zhenhui Yuan and Yong Jiang",

year = "2024",

month = oct,

day = "28",

doi = "10.1109/icnp61940.2024.10858520",

language = "English",

isbn = "9798350351729",

series = "International Conference on Network Protocols (ICNP)",

publisher = "IEEE",

pages = "1--12",

booktitle = "2024 IEEE 32nd International Conference on Network Protocols (ICNP)",

address = "United States",

note = "IEEE ICNP 2024: The 32nd IEEE International Conference on Network Protocols ; Conference date: 28-10-2024 Through 31-10-2024",

url = "https://icnp24.cs.ucr.edu/",

}

Cui, C, Li, Q, Xie, G, Li, R, Zhao, D, Yuan, Z & Jiang, Y 2024, Proteus: A Difficulty-Aware Deep Learning Framework for Real-Time Malicious Traffic Detection. in 2024 IEEE 32nd International Conference on Network Protocols (ICNP). International Conference on Network Protocols (ICNP), IEEE, Piscataway, US, pp. 1-12, IEEE ICNP 2024: The 32nd IEEE International Conference on Network Protocols, Charleroi, Belgium, 28/10/24. https://doi.org/10.1109/icnp61940.2024.10858520

Proteus: A Difficulty-Aware Deep Learning Framework for Real-Time Malicious Traffic Detection. / Cui, Chupeng; Li, Qing; Xie, Guorui et al.
2024 IEEE 32nd International Conference on Network Protocols (ICNP). Piscataway, US: IEEE, 2024. p. 1-12 (International Conference on Network Protocols (ICNP)).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Proteus: A Difficulty-Aware Deep Learning Framework for Real-Time Malicious Traffic Detection

AU - Cui, Chupeng

AU - Li, Qing

AU - Xie, Guorui

AU - Li, Ruoyu

AU - Zhao, Dan

AU - Yuan, Zhenhui

AU - Jiang, Yong

PY - 2024/10/28

Y1 - 2024/10/28

N2 - Deep learning (DL) has been recently used for malicious traffic detection. However, DL models are often faced with a dilemma between model size and performance: larger models have better accuracy, but suffer from high detection latency, which severely impacts realtime traffic performance, while lightweight models have low detection latencies, but sacrifice accuracy. In this paper, we introduce Proteus, a swift and precise attack detection framework that adaptively adjusts DL models in real-time based on sample detection difficulty. To address diverse detection difficulties in traffic data, we devise a Double Dynamic Convolutional Neural Network (DDCN) with two pivotal modules: the Dynamic Feature Campaign (DFC) and the Tailor Module (TM). DFC enables the model to discern and accentuate the most influential features, while TM autonomously gauges sample difficulty, cropping the overall model. We further design an auxiliary detection module to streamline the detection, especially for network devices like routers lacking GPUs but equipped with multiple CPU cores. Experiments on different network devices show that Proteus completes the detection of each flow within 0.6 ms, and achieves 99.34% detection accuracy, outperforming other solutions.

AB - Deep learning (DL) has been recently used for malicious traffic detection. However, DL models are often faced with a dilemma between model size and performance: larger models have better accuracy, but suffer from high detection latency, which severely impacts realtime traffic performance, while lightweight models have low detection latencies, but sacrifice accuracy. In this paper, we introduce Proteus, a swift and precise attack detection framework that adaptively adjusts DL models in real-time based on sample detection difficulty. To address diverse detection difficulties in traffic data, we devise a Double Dynamic Convolutional Neural Network (DDCN) with two pivotal modules: the Dynamic Feature Campaign (DFC) and the Tailor Module (TM). DFC enables the model to discern and accentuate the most influential features, while TM autonomously gauges sample difficulty, cropping the overall model. We further design an auxiliary detection module to streamline the detection, especially for network devices like routers lacking GPUs but equipped with multiple CPU cores. Experiments on different network devices show that Proteus completes the detection of each flow within 0.6 ms, and achieves 99.34% detection accuracy, outperforming other solutions.

KW - Machine learning

KW - malicious web traffic detection

KW - low latency

KW - security

U2 - 10.1109/icnp61940.2024.10858520

DO - 10.1109/icnp61940.2024.10858520

M3 - Conference contribution

SN - 9798350351729

T3 - International Conference on Network Protocols (ICNP)

SP - 1

EP - 12

BT - 2024 IEEE 32nd International Conference on Network Protocols (ICNP)

PB - IEEE

CY - Piscataway, US

T2 - IEEE ICNP 2024: The 32nd IEEE International Conference on Network Protocols

Y2 - 28 October 2024 through 31 October 2024

ER -