Image-Based Malicious Network Traffic Detection Framework: Data-Centric Approach
With the advancement of network communication technology and Internet of Everything (IoE) technology, which connects all edge devices to the internet, the network traffic generated in various platform environments is rapidly increasing. The increase in network traffic makes it more difficult for the...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-06-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/15/12/6546 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849418237326917632 |
|---|---|
| author | Doo-Seop Choi Taeguen Kim Boojoong Kang Eul Gyu Im |
| author_facet | Doo-Seop Choi Taeguen Kim Boojoong Kang Eul Gyu Im |
| author_sort | Doo-Seop Choi |
| collection | DOAJ |
| description | With the advancement of network communication technology and Internet of Everything (IoE) technology, which connects all edge devices to the internet, the network traffic generated in various platform environments is rapidly increasing. The increase in network traffic makes it more difficult for the detection system to analyze and detect malicious network traffic generated by malware or intruders. Additionally, processing high-dimensional network traffic data requires substantial computational resources, limiting real-time detection capabilities in practical deployments. Artificial intelligence (AI) algorithms have been widely used to detect malicious traffic, but most previous work focused on improving accuracy with various AI algorithms. Many existing methods, in pursuit of high accuracy, directly utilize the extensive raw features inherent in network traffic. This often leads to increased computational overhead and heightened complexity in detection models, potentially degrading overall system performance and efficiency. Furthermore, high-dimensional data often suffers from the curse of dimensionality, where the sparsity of data in high-dimensional space leads to overfitting, poor generalization, and increased computational complexity. This paper focused on feature engineering instead of AI algorithm selections, presenting an approach that uniquely balances detection accuracy with computational efficiency through strategic dimensionality reduction. For feature engineering, two jobs were performed: feature representations and feature analysis and selection. With effective feature engineering, we can reduce system resource consumption in the training period while maintaining high detection accuracy. We implemented a malicious network traffic detection framework based on Convolutional Neural Network (CNN) with our feature engineering techniques. Unlike previous approaches that use one-hot encoding, which increases dimensionality, our method employs label encoding and information gain to preserve critical information while reducing feature dimensions. The performance of the implemented framework was evaluated using the NSL-KDD dataset, which is the most widely used for intrusion detection system (IDS) performance evaluation. As a result of the evaluation, our framework maintained high classification accuracy while improving model training speed by approximately 17.47% and testing speed by approximately 19.44%. This demonstrates our approach’s ability to achieve a balanced performance, enhancing computational efficiency without sacrificing detection accuracy—a critical challenge in intrusion detection systems. With the reduced features, we achieved classification results of a precision of 0.9875, a recall of 0.9930, an F1-score of 0.9902, and an accuracy of 99.06%, with a false positive rate of 0.65%. |
| format | Article |
| id | doaj-art-e0f7c695eb184238b10e914335c4df40 |
| institution | Kabale University |
| issn | 2076-3417 |
| language | English |
| publishDate | 2025-06-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj-art-e0f7c695eb184238b10e914335c4df402025-08-20T03:32:28ZengMDPI AGApplied Sciences2076-34172025-06-011512654610.3390/app15126546Image-Based Malicious Network Traffic Detection Framework: Data-Centric ApproachDoo-Seop Choi0Taeguen Kim1Boojoong Kang2Eul Gyu Im3Department of Computer Science, Hanyang University, Seoul 04763, Republic of KoreaDepartment of AI Cyber Security, Korea University, Sejong 30019, Republic of KoreaSchool of Electronics and Computer Science, University of Southampton, Southampton SO17 1BJ, UKDepartment of Computer Science, Hanyang University, Seoul 04763, Republic of KoreaWith the advancement of network communication technology and Internet of Everything (IoE) technology, which connects all edge devices to the internet, the network traffic generated in various platform environments is rapidly increasing. The increase in network traffic makes it more difficult for the detection system to analyze and detect malicious network traffic generated by malware or intruders. Additionally, processing high-dimensional network traffic data requires substantial computational resources, limiting real-time detection capabilities in practical deployments. Artificial intelligence (AI) algorithms have been widely used to detect malicious traffic, but most previous work focused on improving accuracy with various AI algorithms. Many existing methods, in pursuit of high accuracy, directly utilize the extensive raw features inherent in network traffic. This often leads to increased computational overhead and heightened complexity in detection models, potentially degrading overall system performance and efficiency. Furthermore, high-dimensional data often suffers from the curse of dimensionality, where the sparsity of data in high-dimensional space leads to overfitting, poor generalization, and increased computational complexity. This paper focused on feature engineering instead of AI algorithm selections, presenting an approach that uniquely balances detection accuracy with computational efficiency through strategic dimensionality reduction. For feature engineering, two jobs were performed: feature representations and feature analysis and selection. With effective feature engineering, we can reduce system resource consumption in the training period while maintaining high detection accuracy. We implemented a malicious network traffic detection framework based on Convolutional Neural Network (CNN) with our feature engineering techniques. Unlike previous approaches that use one-hot encoding, which increases dimensionality, our method employs label encoding and information gain to preserve critical information while reducing feature dimensions. The performance of the implemented framework was evaluated using the NSL-KDD dataset, which is the most widely used for intrusion detection system (IDS) performance evaluation. As a result of the evaluation, our framework maintained high classification accuracy while improving model training speed by approximately 17.47% and testing speed by approximately 19.44%. This demonstrates our approach’s ability to achieve a balanced performance, enhancing computational efficiency without sacrificing detection accuracy—a critical challenge in intrusion detection systems. With the reduced features, we achieved classification results of a precision of 0.9875, a recall of 0.9930, an F1-score of 0.9902, and an accuracy of 99.06%, with a false positive rate of 0.65%.https://www.mdpi.com/2076-3417/15/12/6546feature engineeringdeep neural networkconvolutional neural networknetwork securitymalicious network traffic detection |
| spellingShingle | Doo-Seop Choi Taeguen Kim Boojoong Kang Eul Gyu Im Image-Based Malicious Network Traffic Detection Framework: Data-Centric Approach Applied Sciences feature engineering deep neural network convolutional neural network network security malicious network traffic detection |
| title | Image-Based Malicious Network Traffic Detection Framework: Data-Centric Approach |
| title_full | Image-Based Malicious Network Traffic Detection Framework: Data-Centric Approach |
| title_fullStr | Image-Based Malicious Network Traffic Detection Framework: Data-Centric Approach |
| title_full_unstemmed | Image-Based Malicious Network Traffic Detection Framework: Data-Centric Approach |
| title_short | Image-Based Malicious Network Traffic Detection Framework: Data-Centric Approach |
| title_sort | image based malicious network traffic detection framework data centric approach |
| topic | feature engineering deep neural network convolutional neural network network security malicious network traffic detection |
| url | https://www.mdpi.com/2076-3417/15/12/6546 |
| work_keys_str_mv | AT dooseopchoi imagebasedmaliciousnetworktrafficdetectionframeworkdatacentricapproach AT taeguenkim imagebasedmaliciousnetworktrafficdetectionframeworkdatacentricapproach AT boojoongkang imagebasedmaliciousnetworktrafficdetectionframeworkdatacentricapproach AT eulgyuim imagebasedmaliciousnetworktrafficdetectionframeworkdatacentricapproach |