Bag2image: a multi-instance network traffic representation for network security event prediction

Bag2image: a multi-instance network traffic representation for network security event prediction

연구 분야: Infrastructure

학회: Cybersecurity

In practical scenarios, security events triggered by abnormal network traffic often result from the collective behavior of multiple data streams, embodying group security events with collective characteristics. Existing research methods, focusing on individual data streams, lack a macroscopic analysis and struggle with challenges of analyzing massive, imbalanced data sets. To address these challenges, this paper adopts a multi-instance learning approach, mapping multiple data streams into a bag with a coarse-grained approach, where each bag corresponds to a security event label and each data stream represents an instance. We propose a multi-instance network traffic conversion method, Bag2Image, which transforms temporal multi-instance network traffic data into image representations, preserving the spatio-temporal characteristics of instances within the bag through image channels and pixels. This strategy allows the network security event prediction task to be approached as an image classification problem, leveraging advanced image classification techniques for prediction. Our cross-experiments with six advanced multi-instance learning (MIL) algorithms and six different classification models demonstrate the superior performance of our method on both the UNSW-NB15 dataset and a private dataset. Specifically, our method achieved the highest F1 scores of 77.9% and 74.4% on these datasets, respectively, representing improvements of 4.1% and 13.5% over the second-best MIL algorithm. The recall rates also saw increases of 4.1% and 13.2%, respectively.