Using multimodal deep learning to detect malicious traffic with noisy labels

The success of a deep learning-based network intrusion detection systems (NIDS) relies on large-scale, labeled, realistic traffic. However, automated labeling of realistic traffic, such as by sand-box and rule-based approaches, is prone to errors, which in turn affects deep learning-based NIDS.

To solve the problem, a research team led by Yuefei Zhu proposed MMCo, a Co-teaching-like method using multimodal information and parallel, heterogeneous networks to detect malicious traffic with noisy labels. Unlike existing methods, MMCo is the first LNL method that uses multimodality to maintain disagreement; and the parallel networks in MMCo are heterogeneous and input different modalities of samples, which can mitigate self-control degradation and enhance robustness.

They published their research in Frontiers of Computer Science.

In the research, they choose CNN and RNN to learn semantic and spatio-temporal modal information from the traffic. In each mini-batch, CNN and RNN are fed with different modalities of the same subset.

CNN and RNN select for each other the samples they consider more important, i.e., the samples with different distinguish or less loss among all mini-batches. Only these samples will be used for updating the parameters of the networks.

The experimental results show that MMCo can maintain a higher disagreement compared with the existing methods, thus helping the classifiers to learn more correct knowledge, with about 10% higher accuracy.

Future work can focus on investigating the analysis of the representations of two networks in multimodal networks using explainable artificial intelligence, which may help identify and clean malicious traffic with noisy labels.

Provided by
Higher Education Press