PRELIMINARY STUDY ON ARTIFICIAL INTELLIGENCE METHODS FOR CYBERSECURITY THREAT DETECTION INCOMPUTER NETWORKS BASED ON RAWDATA PACKETS
DOI:
https://doi.org/10.7494/csci.2025.26.SI.7079Abstract
Most of the intrusion detection methods in computer networks are based on
traffic flow characteristics. However, this approach may not fully exploit the
potential of deep learning algorithms to directly extract features and patterns
from raw packets. Moreover, it impedes real-time monitoring due to the neces-
sity of waiting for the processing pipeline to complete and introduces depen-
dencies on additional software components.
In this paper, we investigate deep learning methodologies capable of de-
tecting attacks in real-time directly from raw packet data within network traffic.
Our investigation utilizes the CIC IDS-2017 dataset, which includes both benign
traffic and prevalent real-world attacks, providing a comprehensive foundation
for our research.
Downloads
References
References
[1] Anderson J.P.: Computer security threat monitoring and surveillance, Technical
Report, James P Anderson Company, 1980.
[2] Buczak A., Guven E.: A Survey of Data Mining and Machine Learning Meth-
ods for Cyber Security Intrusion Detection, IEEE Communications Surveys &
Tutorials, vol. 18(2), pp. 1153–1176, 2016. doi: 10.1109/COMST.2015.2494502.
[3] Chen P., Desmet L., Huygens C.: A Study on Advanced Persistent Threats. In:
B. De Decker, A. Zúquete (eds.), Communications and Multimedia Security. CMS
2014, Lecture Notes in Computer Science, vol. 8735, pp. 63–72, Springer, Berlin,
Heidelberg, 2014. doi: 10.1007/978-3-662-44885-4_5.
[4] CICFlowMeter tool, https://www.unb.ca/cic/research/applications.html. Ac-
cessed: 2024-05-05.
[5] Deng J., Dong W., Socher R., Li L.J., Li K., Fei-Fei L.: ImageNet: A large-scale
hierarchical image database. In: 2009 IEEE Conference on Computer Vision and
Pattern Recognition, pp. 248–255, 2009. doi: 10.1109/CVPR.2009.5206848.
[6] Díaz-Verdejo J., Muñoz Calle J., Estepa Alonso A., Estepa Alonso R., Madin-
abeitia G.: On the Detection Capabilities of Signature-Based Intrusion Detec-
tion Systems in the Context of Web Attacks, Applied Sciences, vol. 12(2), 2022.
doi: 10.3390/app12020852.
7] Engelen G., Rimmer V., Joosen W.: Troubleshooting an intrusion detection
dataset: the CICIDS2017 case study. In: 2021 IEEE Security and Privacy Work-
shops (SPW), pp. 7–12, IEEE, 2021. doi: 10.1109/spw53761.2021.00009.
[8] Guezzaz A., Benkirane S., Azrour M., Khurram S.: A Reliable Network Intrusion
Detection Approach Using Decision Tree with Enhanced Data Quality, Security
and Communication Networks, vol. 2021(1), 1230593, 2021. doi: 10.1155/2021/
1230593.
[9] Halbouni A., Gunawan T.S., Habaebi M.H., Halbouni M., Kartiwi M., Ahmad R.:
CNN-LSTM: hybrid deep neural network for network intrusion detection system,
IEEE Access, vol. 10, pp. 99837–99849, 2022. doi: 10.1109/access.2022.3206425.
[10] Hnamte V., Hussain J.: Dependable intrusion detection system using deep
convolutional neural network: A novel framework and performance evaluation
approach, Telematics and Informatics Reports, vol. 11, 2023. doi: 10.1016/
j.teler.2023.100077.
[11] Jose J., Jose D.V.: Deep learning algorithms for intrusion detection systems in
internet of things using CIC-IDS 2017 dataset, International Journal of Elec-
trical and Computer Engineering (IJECE), vol. 13(1), pp. 1134–1141, 2023.
doi: 10.11591/ijece.v13i1.pp1134-1141.
[12] Lee J., Kim J., Kim I., Han K.: Cyber threat detection based on artificial neural
networks using event profiles, IEEE Access, vol. 7, pp. 165607–165626, 2019.
doi: 10.1109/access.2019.2953095.
[13] Makrakis G.M., Kolias C., Kambourakis G., Rieger C., Benjamin J.: Indus-
trial and Critical Infrastructure Security: Technical Analysis of Real-Life Se-
curity Incidents, IEEE Access, vol. 9, pp. 165295–165325, 2021. doi: 10.1109/
ACCESS.2021.3133348.
[14] Mathieson M.: Reordercap tool. https://www.wireshark.org/docs/man-pages/
reordercap.html. Accessed: 2024-05-05.
[15] McAfee report, 2016. https://web.archive.org/web/20171026083736/https:
//www.mcafee.com/us/resources/reports/rp-threats-predictions-2016.pdf. Ac-
cessed: 2024-05-05.
[16] Moustafa R., Slay J.: A comprehensive data set for network intrusion detec-
tion systems, School of Engineering and Information Technology University of
New South Wales at the Australian Defense Force Academy Canberra, Australia,
UNSW-NB15, 2015.
[17] Muthuppalaniappan Menaka L., Stevenson K.: Healthcare cyber-attacks and the
COVID-19 pandemic: an urgent threat to global health, International Journal for
Quality in Health Care, vol. 33(1), mzaa117, 2020. doi: 10.1093/intqhc/mzaa117.
[18] Pcapfix. https://github.com/Rup0rt/pcapfix. Accessed: 2024-05-05.
[19] Praanna K., Sruthi S., Kalyani K., Tejaswi A.S.: A CNN-LSTM model for in-
trusion detection system from high dimensional data, Journal of Information
and Computational Science, vol. 10(3), pp. 1362–1370, 2020. doi: 10.5281/
zenodo.7911821.
[20] Rid T., Buchanan B.: Attributing Cyber Attacks, Journal of Strategic Studies,
vol. 38(1-2), pp. 4–37, 2015. doi: 10.1080/01402390.2014.977382.
[21] Sharafaldin I., Lashkari A.H., Ghorbani A.A.: Toward generating a new intrusion
detection dataset and intrusion traffic characterization. In: Proceedings of the 4th
International Conference on Information Systems Security and Privacy ICISSP
– Volume 1, pp. 108–116, 2018. doi: 10.5220/0006639801080116.
[22] Simonyan K., Vedaldi A., Zisserman A.: Deep Inside Convolutional Networks:
Visualising Image Classification Models and Saliency Maps, 2014. https://
arxiv.org/abs/1312.6034.
[23] Simonyan K., Zisserman A.: Very Deep Convolutional Networks for Large-Scale
Image Recognition, arXiv preprint arXiv:14091556, 2014.
[24] Soltani M., Siavoshani M.J., Jahangir A.H.: A content-based deep intrusion
detection system, International Journal of Information Security, vol. 21(3),
pp. 547–562, 2022.
[25] Sulaiman N.S., Nasir A., Othman W., Fahmy S., Aziz N., Yacob A., Samsudin N.:
Intrusion Detection System Techniques: A Review, Journal of Physics: Confer-
ence Series, vol. 1874, 012042, 2021. doi: 10.1088/1742-6596/1874/1/012042.
[26] Symantec Corporation: Internet Security Threat Report, Symantec Corporation,
2017.
[27] Szegedy C., Vanhoucke V., Ioffe S., Shlens J., Wojna Z.: Rethinking the Incep-
tion Architecture for Computer Vision. In: 2016 IEEE Conference on Computer
Vision and Pattern Recognition (CVPR), pp. 2818–2826, 2016. doi: 10.1109/
CVPR.2016.308.
[28] Talukder M.A., Islam M.M., Uddin M.A., Hasan K.F., Sharmin S., Alyami S.A.,
Moni M.A.: Machine learning-based network intrusion detection for big and im-
balanced data using oversampling, stacking feature embedding and feature ex-
traction, Journal of Big Data, vol. 11(1), p. 33, 2024. doi: 10.1186/s40537-024-
00886-w.
[29] Tan M., Le Q.V.: EfficientNet: Rethinking Model Scaling for Convolutional Neu-
ral Networks, 2020.
[30] Zhang Y., Chen X., Guo D., Song M., Teng Y., Wang X.: PCCN: parallel
cross convolutional neural network for abnormal network traffic flows detection
in multi-class imbalanced network traffic flows, IEEE Access, vol. 7, pp. 119904–
119916, 2019. doi: 10.1109/access.2019.2933165
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Computer Science
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
