Towards Real-Time Network Intrusion Detection With Image-Based Sequential Packets Representation

Abstract

Machine learning (ML) and deep learning (DL) advancements have greatly enhanced anomaly detection of network intrusion detection systems (NIDS) by empowering them to analyze Big Data and extract patterns. ML/DL-based NIDS are trained using either flow-based or packet-based features. Flow-based NIDS are suitable for offline traffic analysis, while packet-based NIDS can analyze traffic and detect attacks in real-time. Current packet-based approaches analyze packets independently, overlooking the sequential nature of network communication. This results in biased models that exhibit increased false negatives and positives. Additionally, most literature-proposed packet-based NIDS capture only payload data, neglecting crucial information from packet headers. This oversight can impair the ability to identify header-level attacks, such as denial-of-service attacks. To address these limitations, we propose a novel artificial intelligence-enabled methodological framework for packet-based NIDS that effectively analyzes header and payload data and considers temporal connections among packets. Our framework transforms sequential packets into two-dimensional images. It then develops a convolutional neural network-based intrusion detection model to process these images and detect malicious activities. Through experiments using publicly available big datasets, we demonstrate that our framework is able to achieve high detection rates of 97.7% to 99% across different attack types and displays promising resilience against adversarial examples.