Towards Novel Malicious Packet Recognition: A Few-Shot Learning Approach
As the complexity and connectivity of networks increase, the need for novel malware detection approaches becomes imperative. Traditional security defenses are becoming less effective against the advanced tactics of today's cyberattacks. Deep Packet Inspection (DPI) has emerged as a key technolo...
Gespeichert in:
Hauptverfasser: | , , , |
---|---|
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | |
---|---|
container_issue | |
container_start_page | |
container_title | |
container_volume | |
creator | Stein, Kyle Mahyari, Andrew A FranciaIII, Guillermo El-Sheikh, Eman |
description | As the complexity and connectivity of networks increase, the need for novel
malware detection approaches becomes imperative. Traditional security defenses
are becoming less effective against the advanced tactics of today's
cyberattacks. Deep Packet Inspection (DPI) has emerged as a key technology in
strengthening network security, offering detailed analysis of network traffic
that goes beyond simple metadata analysis. DPI examines not only the packet
headers but also the payload content within, offering a thorough insight into
the data traversing the network. This study proposes a novel approach that
leverages a large language model (LLM) and few-shot learning to accurately
recognizes novel, unseen malware types with few labels samples. Our proposed
approach uses a pretrained LLM on known malware types to extract the embeddings
from packets. The embeddings are then used alongside few labeled samples of an
unseen malware type. This technique is designed to acclimate the model to
different malware representations, further enabling it to generate robust
embeddings for each trained and unseen classes. Following the extraction of
embeddings from the LLM, few-shot learning is utilized to enhance performance
with minimal labeled data. Our evaluation, which utilized two renowned
datasets, focused on identifying malware types within network traffic and
Internet of Things (IoT) environments. Our approach shows promising results
with an average accuracy of 86.35% and F1-Score of 86.40% on different malware
types across the two datasets. |
doi_str_mv | 10.48550/arxiv.2409.11254 |
format | Article |
fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2409_11254</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2409_11254</sourcerecordid><originalsourceid>FETCH-arxiv_primary_2409_112543</originalsourceid><addsrcrecordid>eNpjYJA0NNAzsTA1NdBPLKrILNMzMjGw1DM0NDI14WTwCMkvTyxKKVbwyy9LzVHwTczJTM7MLy1WCEhMzk4tUQhKTc5Pz8ssyczPs1JwVHBLLdcNzsgvUfBJTSzKy8xLV3AsKCjKT0zO4GFgTUvMKU7lhdLcDPJuriHOHrpgO-MLijJzE4sq40F2x4PtNiasAgClPTj9</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Towards Novel Malicious Packet Recognition: A Few-Shot Learning Approach</title><source>arXiv.org</source><creator>Stein, Kyle ; Mahyari, Andrew A ; FranciaIII, Guillermo ; El-Sheikh, Eman</creator><creatorcontrib>Stein, Kyle ; Mahyari, Andrew A ; FranciaIII, Guillermo ; El-Sheikh, Eman</creatorcontrib><description>As the complexity and connectivity of networks increase, the need for novel
malware detection approaches becomes imperative. Traditional security defenses
are becoming less effective against the advanced tactics of today's
cyberattacks. Deep Packet Inspection (DPI) has emerged as a key technology in
strengthening network security, offering detailed analysis of network traffic
that goes beyond simple metadata analysis. DPI examines not only the packet
headers but also the payload content within, offering a thorough insight into
the data traversing the network. This study proposes a novel approach that
leverages a large language model (LLM) and few-shot learning to accurately
recognizes novel, unseen malware types with few labels samples. Our proposed
approach uses a pretrained LLM on known malware types to extract the embeddings
from packets. The embeddings are then used alongside few labeled samples of an
unseen malware type. This technique is designed to acclimate the model to
different malware representations, further enabling it to generate robust
embeddings for each trained and unseen classes. Following the extraction of
embeddings from the LLM, few-shot learning is utilized to enhance performance
with minimal labeled data. Our evaluation, which utilized two renowned
datasets, focused on identifying malware types within network traffic and
Internet of Things (IoT) environments. Our approach shows promising results
with an average accuracy of 86.35% and F1-Score of 86.40% on different malware
types across the two datasets.</description><identifier>DOI: 10.48550/arxiv.2409.11254</identifier><language>eng</language><subject>Computer Science - Cryptography and Security ; Computer Science - Learning</subject><creationdate>2024-09</creationdate><rights>http://creativecommons.org/licenses/by/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,885</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2409.11254$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2409.11254$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Stein, Kyle</creatorcontrib><creatorcontrib>Mahyari, Andrew A</creatorcontrib><creatorcontrib>FranciaIII, Guillermo</creatorcontrib><creatorcontrib>El-Sheikh, Eman</creatorcontrib><title>Towards Novel Malicious Packet Recognition: A Few-Shot Learning Approach</title><description>As the complexity and connectivity of networks increase, the need for novel
malware detection approaches becomes imperative. Traditional security defenses
are becoming less effective against the advanced tactics of today's
cyberattacks. Deep Packet Inspection (DPI) has emerged as a key technology in
strengthening network security, offering detailed analysis of network traffic
that goes beyond simple metadata analysis. DPI examines not only the packet
headers but also the payload content within, offering a thorough insight into
the data traversing the network. This study proposes a novel approach that
leverages a large language model (LLM) and few-shot learning to accurately
recognizes novel, unseen malware types with few labels samples. Our proposed
approach uses a pretrained LLM on known malware types to extract the embeddings
from packets. The embeddings are then used alongside few labeled samples of an
unseen malware type. This technique is designed to acclimate the model to
different malware representations, further enabling it to generate robust
embeddings for each trained and unseen classes. Following the extraction of
embeddings from the LLM, few-shot learning is utilized to enhance performance
with minimal labeled data. Our evaluation, which utilized two renowned
datasets, focused on identifying malware types within network traffic and
Internet of Things (IoT) environments. Our approach shows promising results
with an average accuracy of 86.35% and F1-Score of 86.40% on different malware
types across the two datasets.</description><subject>Computer Science - Cryptography and Security</subject><subject>Computer Science - Learning</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNpjYJA0NNAzsTA1NdBPLKrILNMzMjGw1DM0NDI14WTwCMkvTyxKKVbwyy9LzVHwTczJTM7MLy1WCEhMzk4tUQhKTc5Pz8ssyczPs1JwVHBLLdcNzsgvUfBJTSzKy8xLV3AsKCjKT0zO4GFgTUvMKU7lhdLcDPJuriHOHrpgO-MLijJzE4sq40F2x4PtNiasAgClPTj9</recordid><startdate>20240917</startdate><enddate>20240917</enddate><creator>Stein, Kyle</creator><creator>Mahyari, Andrew A</creator><creator>FranciaIII, Guillermo</creator><creator>El-Sheikh, Eman</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20240917</creationdate><title>Towards Novel Malicious Packet Recognition: A Few-Shot Learning Approach</title><author>Stein, Kyle ; Mahyari, Andrew A ; FranciaIII, Guillermo ; El-Sheikh, Eman</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-arxiv_primary_2409_112543</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Computer Science - Cryptography and Security</topic><topic>Computer Science - Learning</topic><toplevel>online_resources</toplevel><creatorcontrib>Stein, Kyle</creatorcontrib><creatorcontrib>Mahyari, Andrew A</creatorcontrib><creatorcontrib>FranciaIII, Guillermo</creatorcontrib><creatorcontrib>El-Sheikh, Eman</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Stein, Kyle</au><au>Mahyari, Andrew A</au><au>FranciaIII, Guillermo</au><au>El-Sheikh, Eman</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Towards Novel Malicious Packet Recognition: A Few-Shot Learning Approach</atitle><date>2024-09-17</date><risdate>2024</risdate><abstract>As the complexity and connectivity of networks increase, the need for novel
malware detection approaches becomes imperative. Traditional security defenses
are becoming less effective against the advanced tactics of today's
cyberattacks. Deep Packet Inspection (DPI) has emerged as a key technology in
strengthening network security, offering detailed analysis of network traffic
that goes beyond simple metadata analysis. DPI examines not only the packet
headers but also the payload content within, offering a thorough insight into
the data traversing the network. This study proposes a novel approach that
leverages a large language model (LLM) and few-shot learning to accurately
recognizes novel, unseen malware types with few labels samples. Our proposed
approach uses a pretrained LLM on known malware types to extract the embeddings
from packets. The embeddings are then used alongside few labeled samples of an
unseen malware type. This technique is designed to acclimate the model to
different malware representations, further enabling it to generate robust
embeddings for each trained and unseen classes. Following the extraction of
embeddings from the LLM, few-shot learning is utilized to enhance performance
with minimal labeled data. Our evaluation, which utilized two renowned
datasets, focused on identifying malware types within network traffic and
Internet of Things (IoT) environments. Our approach shows promising results
with an average accuracy of 86.35% and F1-Score of 86.40% on different malware
types across the two datasets.</abstract><doi>10.48550/arxiv.2409.11254</doi><oa>free_for_read</oa></addata></record> |
fulltext | fulltext_linktorsrc |
identifier | DOI: 10.48550/arxiv.2409.11254 |
ispartof | |
issn | |
language | eng |
recordid | cdi_arxiv_primary_2409_11254 |
source | arXiv.org |
subjects | Computer Science - Cryptography and Security Computer Science - Learning |
title | Towards Novel Malicious Packet Recognition: A Few-Shot Learning Approach |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-20T18%3A38%3A28IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Towards%20Novel%20Malicious%20Packet%20Recognition:%20A%20Few-Shot%20Learning%20Approach&rft.au=Stein,%20Kyle&rft.date=2024-09-17&rft_id=info:doi/10.48550/arxiv.2409.11254&rft_dat=%3Carxiv_GOX%3E2409_11254%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |