REAL-TIME THREAT DETECTION USING TRANSFORMER-BASED DEEP PACKET INSPECTION

International Journal of Computer Science (IJCS) Published by SK Research Group of Companies (SKRGC)

Abstract

Deep packet inspection (DPI) is critical for detecting advanced network threats but faces scalability challenges with traditional methods. This paper proposes a deep learning framework that utilizes Transformer models to perform real-time threat detection by analyzing packet payloads at a granular level. Unlike traditional signature-based systems, the Transformer-based approach leverages self-attention mechanisms to capture complex dependencies within network traffic, enabling the identification of zero-day attacks and encrypted threats. The model is trained and evaluated on the UNSW-NB15 dataset, demonstrating high precision, recall, and a significant reduction in false-positive rates compared to existing machine learning techniques. Performance benchmarks indicate that the proposed system can handle high-throughput traffic with minimal latency, making it a viable solution for modern distributed networks

References

1. T. Verbeke, D. Martens, C. Mues, and B. Baesens, "Building comprehensible customer churn prediction models with advanced rule induction techniques," Expert Systems with Applications, vol. 38, no. 3, pp. 2354-2364, Mar. 2011.
2. A. Vaswani et al., "Attention is all you need," in Proc. 31st Int. Conf. Neural Information Processing Systems (NeurIPS), Long Beach, CA, USA, 2017, pp. 5998-6008.
3. T. T. Nguyen and G. Armitage, "A survey of techniques for Internet traffic classification using machine learning," IEEE Communications Surveys & Tutorials, vol. 10, no. 4, pp. 56-76, Fourth Quarter 2008.
4. M. Ring et al., "A survey of network-based intrusion detection data sets," Computers & Security, vol. 86, pp. 147-167, Sept. 2019.
5. DEEP PACKET INSPECTION USING TRANSFORMER MODELS FOR REAL-TIME THREAT DETECTION.pdf, project documentation, 2023.
6. S. Rezaei and X. Liu, "Deep learning for encrypted traffic classification: An overview," IEEE Communications Magazine, vol. 57, no. 5, pp. 76-81, May 2019.
7. Z. Wang, "The applications of deep learning on traffic identification," BlackHat USA, Las Vegas, NV, USA, 2015.
8. N. Moustafa and J. Slay, "UNSW-NB15: A comprehensive data set for network intrusion detection systems," in Proc. Military Communications and Information Systems Conf. (MilCIS), Canberra, Australia, 2015, pp. 1-6.
9. Y. Kim, J. Kim, and S. Kim, "Transformer-based intrusion detection system for network traffic," in Proc. IEEE Int. Conf. Big Data, Atlanta, GA, USA, 2020, pp. 2473-2478.
10. Microsoft, "Introduction and Core Philosophy of Windows 11," Windows Technical Documentation, 2021.
11. Python Software Foundation, "Python History and Key Features," Python Documentation, 2023.
12. Google, "Google Colab: Cloud-Based Python Environment," Product Guide, 2022.
13. ISO/IEC, "Unified Modeling Language (UML) Specification," 2017.
14. W. Pratt, "Comma-Separated Values (CSV) File Structure and Best Practices," Industry Standards, 2020.
15. J. Gama et al., "A survey on concept drift adaptation," ACM Computing Surveys, vol. 46, no. 4, pp. 1-37, Mar. 2014.

Keywords

Deep Packet Inspection, Transformer Models, Real-Time Threat Detection, Machine Learning, Network Security, UNSW-NB15, Self-Attention