FA-net: Attention-based Fusion Network For Malware HTTPs Traffic Classification

With the wide application of HTTPs, malware HTTPs traffic classification is usually the first step in anomaly detection system. The existing classification methods mainly use the raw bytes (containing the discriminative features) or the statistical features (containing the global information) as the...

Full description

Saved in:
Bibliographic Details
Main Authors: Liu, Siqi, Han, Yanni, Hu, Yanjie, Tan, Qian
Format: Conference Proceeding
Language:English
Subjects:
Anomaly detection
attention mechanism
Computers
Convolutional neural networks
deep learning
Feature extraction
HTTPs
Malware
malware traffic classification
Radio frequency
reconstruction mechanism
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the wide application of HTTPs, malware HTTPs traffic classification is usually the first step in anomaly detection system. The existing classification methods mainly use the raw bytes (containing the discriminative features) or the statistical features (containing the global information) as the input, which leads to a low Fl-score. Therefore, this paper presents a novel Attention-based Fusion Network (FA-net), which combines two types of features properly to improve the classification performance. FA-net consists of three sub-networks: RF -net and SF -net extract the representative features of raw bytes and statistical features through the Convolutional Neural Network (CNN) and reconstruction mechanism respectively, and C-net combines two types of features through the attention mechanism and a regulating factor. The experiments indicate that FA-net obtains markedly better results (the average Fl-score of 0.941 and 0.997 respectively on two datasets) than the baselines. We also explore the influence of different regulating factor values on classification performance.
ISSN:2642-7389
DOI:10.1109/ISCC53001.2021.9631419