SSCI - Explainable artificial intelligence for improving a session-based malware traffic classification with deep learning
In network security, applying deep learning methods to detect network traffic anomalies has achieved great results with various network traffic representations.
A possible representation is the transformation of raw network communication to images to extract valuable information from the unmanageable amount of network traffic by applying representation learning.
However, since deep learning models can result in black boxes for users, it is interesting to understand what valuable information is learned from network communication converted into images.
This paper elaborates on that question using explainable artificial intelligence (XAI) methods to identify network packets that most influence the prediction and verify that packets in a malware communication containing malicious payloads have a higher influence on the prediction.
We inspect the Grad-CAM and visualize the Integrated Gradients of the Xception and VGG-19 model and investigate the attention heat maps of our Vision Transformer (ViT) model.
In addition, we present a novel transformation of sessions to a new image representation to expand the informativeness of network communication.
For multiclass classification, our best model Xception achieves an accuracy of
All trained models and data sets are available on heiBOX
Set up Conda environment:
conda create --name ssci python=3.10Install requirements.txt
pip install -r requirements.txtStart training:
python train_binary.pyFor any issues related to CUDA, check out Install TensorFlow with pip guide.
for a in /sys/bus/pci/devices/*; do echo 0 | sudo tee -a $a/numa_node; done # https://github.com/tensorflow/tensorflow/issues/42738
export XLA_FLAGS=--xla_gpu_cuda_data_dir=/usr/lib/cudaOther related issue.