Research Article
Controlling Network Traffic Microstructures for Machine-Learning Model Probing
@INPROCEEDINGS{10.1007/978-3-030-90019-9_23, author={Henry Clausen and Robert Flood and David Aspinall}, title={Controlling Network Traffic Microstructures for Machine-Learning Model Probing}, proceedings={Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6--9, 2021, Proceedings, Part I}, proceedings_a={SECURECOMM}, year={2021}, month={11}, keywords={Data generation Network intrusion detection Machine learning Model development Containerisation}, doi={10.1007/978-3-030-90019-9_23} }- Henry Clausen
Robert Flood
David Aspinall
Year: 2021
Controlling Network Traffic Microstructures for Machine-Learning Model Probing
SECURECOMM
Springer
DOI: 10.1007/978-3-030-90019-9_23
Abstract
Network intrusion detection (NID) models increasingly rely on learning traffic microstructures that consist of pattern sequences in features such as interarrival time, size, or packet flags. We argue that precise and reproducible control over traffic microstructures is crucial to understand and improve NID-model behaviour. We demonstrate that probing a traffic classifier with appropriately generated microstructures reveals links between misclassifications and traffic characteristics, and correspondingly lets us improve the false positive rate by more than . We examine how specific factors such as network congestion, load, conducted activity, or protocol implementation impact traffic microstructures, and how well their influence can be isolated in a controlled and near-deterministic traffic generation process. We then introduce DetGen, a traffic generation tool that provides precise microstructure control, and demonstrate how to generate traffic suitable to probe pre-trained NID-models.