Результаты исследований: Глава в книге, отчете, сборнике статей › Материалы конференции › Рецензирование
Результаты исследований: Глава в книге, отчете, сборнике статей › Материалы конференции › Рецензирование
}
TY - GEN
T1 - Using of Transformer-Based Language Models to Separate Traffic Packets of Different Protocols
AU - Rusinova, Zalina
AU - Chernyshov, Yury
PY - 2023/10/24
Y1 - 2023/10/24
N2 - Recognition of network protocols is one of the most important steps in the intelligent algorithms for detecting incidents and anomalies in information security systems. In cases where there is no formal specification and documentation of protocols, it is necessary to apply approaches from the field of reverse engineering of protocols. The accuracy of some of these approaches can be improved by applying them not to the entire raw traffic dump, but to separate groups corresponding to one protocol stack.In this paper, a method is proposed for dividing the traffic dump into groups in accordance with the packet protocol stack. A key feature of the approach is the use of transformer-based models to construct contextualized vector representations of traffic packets, which will then be used as features in clustering. We demonstrate through a series of experiments that the proposed approach efficiently works on different types of network traffic and allows us to improve the quality of packets clustering, surpassing the previously proposed methods.
AB - Recognition of network protocols is one of the most important steps in the intelligent algorithms for detecting incidents and anomalies in information security systems. In cases where there is no formal specification and documentation of protocols, it is necessary to apply approaches from the field of reverse engineering of protocols. The accuracy of some of these approaches can be improved by applying them not to the entire raw traffic dump, but to separate groups corresponding to one protocol stack.In this paper, a method is proposed for dividing the traffic dump into groups in accordance with the packet protocol stack. A key feature of the approach is the use of transformer-based models to construct contextualized vector representations of traffic packets, which will then be used as features in clustering. We demonstrate through a series of experiments that the proposed approach efficiently works on different types of network traffic and allows us to improve the quality of packets clustering, surpassing the previously proposed methods.
UR - http://www.scopus.com/inward/record.url?partnerID=8YFLogxK&scp=85180155782
U2 - 10.1109/Redundancy59964.2023.10330184
DO - 10.1109/Redundancy59964.2023.10330184
M3 - Conference contribution
SN - 979-835038152-8
SP - 47
EP - 50
BT - 2023 18th International Symposium on Problems of Redundancy in Information and Control Systems, REDUNDANCY 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2023 XVIII International Symposium Problems of Redundancy in Information and Control Systems (REDUNDANCY)
Y2 - 24 October 2023 through 27 October 2023
ER -
ID: 50620800