@article{ART003017297},
author={Woo-Seung Park and Gun-Nam Kim and Soojin Lee},
title={Intrusion Detection System based on Packet Payload Analysis using Transformer},
journal={Journal of The Korea Society of Computer and Information},
issn={1598-849X},
year={2023},
volume={28},
number={11},
pages={81-87},
doi={10.9708/jksci.2023.28.11.081}
TY - JOUR
AU - Woo-Seung Park
AU - Gun-Nam Kim
AU - Soojin Lee
TI - Intrusion Detection System based on Packet Payload Analysis using Transformer
JO - Journal of The Korea Society of Computer and Information
PY - 2023
VL - 28
IS - 11
PB - The Korean Society Of Computer And Information
SP - 81
EP - 87
SN - 1598-849X
AB - Intrusion detection systems that learn metadata of network packets have been proposed recently.
However these approaches require time to analyze packets to generate metadata for model learning, and time to pre-process metadata before learning. In addition, models that have learned specific metadata cannot detect intrusion by using original packets flowing into the network as they are. To address the problem, this paper propose a natural language processing-based intrusion detection system that detects intrusions by learning the packet payload as a single sentence without an additional conversion process.
To verify the performance of our approach, we utilized the UNSW-NB15 and Transformer models. First, the PCAP files of the dataset were labeled, and then two Transformer (BERT, DistilBERT) models were trained directly in the form of sentences to analyze the detection performance. The experimental results showed that the binary classification accuracy was 99.03% and 99.05%, respectively, which is similar or superior to the detection performance of the techniques proposed in previous studies. Multi-class classification showed better performance with 86.63% and 86.36%, respectively.
KW - Natural Language Processing;IDS;Packet Payload;Transformer;UNSW-NB15
DO - 10.9708/jksci.2023.28.11.081
ER -
Woo-Seung Park, Gun-Nam Kim and Soojin Lee. (2023). Intrusion Detection System based on Packet Payload Analysis using Transformer. Journal of The Korea Society of Computer and Information, 28(11), 81-87.
Woo-Seung Park, Gun-Nam Kim and Soojin Lee. 2023, "Intrusion Detection System based on Packet Payload Analysis using Transformer", Journal of The Korea Society of Computer and Information, vol.28, no.11 pp.81-87. Available from: doi:10.9708/jksci.2023.28.11.081
Woo-Seung Park, Gun-Nam Kim, Soojin Lee "Intrusion Detection System based on Packet Payload Analysis using Transformer" Journal of The Korea Society of Computer and Information 28.11 pp.81-87 (2023) : 81.
Woo-Seung Park, Gun-Nam Kim, Soojin Lee. Intrusion Detection System based on Packet Payload Analysis using Transformer. 2023; 28(11), 81-87. Available from: doi:10.9708/jksci.2023.28.11.081
Woo-Seung Park, Gun-Nam Kim and Soojin Lee. "Intrusion Detection System based on Packet Payload Analysis using Transformer" Journal of The Korea Society of Computer and Information 28, no.11 (2023) : 81-87.doi: 10.9708/jksci.2023.28.11.081
Woo-Seung Park; Gun-Nam Kim; Soojin Lee. Intrusion Detection System based on Packet Payload Analysis using Transformer. Journal of The Korea Society of Computer and Information, 28(11), 81-87. doi: 10.9708/jksci.2023.28.11.081
Woo-Seung Park; Gun-Nam Kim; Soojin Lee. Intrusion Detection System based on Packet Payload Analysis using Transformer. Journal of The Korea Society of Computer and Information. 2023; 28(11) 81-87. doi: 10.9708/jksci.2023.28.11.081
Woo-Seung Park, Gun-Nam Kim, Soojin Lee. Intrusion Detection System based on Packet Payload Analysis using Transformer. 2023; 28(11), 81-87. Available from: doi:10.9708/jksci.2023.28.11.081
Woo-Seung Park, Gun-Nam Kim and Soojin Lee. "Intrusion Detection System based on Packet Payload Analysis using Transformer" Journal of The Korea Society of Computer and Information 28, no.11 (2023) : 81-87.doi: 10.9708/jksci.2023.28.11.081
