Research On Network Malicious Payload Detection Using Deep Learning

In recent years,the number of network attacks has been increasing,which seriously affects people's work and life.Network intrusion detection can protect devices and data in the network from the threat of network attacks.Most of the current network intrusion detection uses the statistical characteristics of traffic data to design algorithms,and these characteristics have some difficulties,such as relying heavily on expert experience,etc.This paper proposes a parallel neural network model PANN which based on the content of traffic packets to detect network intrusion.The content of the malicious payload in the traffic data packet is obtained to make full use of the useful information.By converting the orginal malicious payload into an grayscale image,a parallel neural network model designed is used to classify malicious traffic and normal.Traffic based on deep learning.(1)We construct a binary malicious payload dataset by using symbolic execution.Because of lacking binary malicious payload in currently most sample datasets,a binary malicious payload dataset is constructed through the Metasploit penetration tool.We design and implement a symbolic execution module,which firstly uses the pyexz3 to symbolically transform the code flow control logic in Metasploit,then reverses the path to obtain the required vulnerability or input data of the target system,and finally generates binary malicious payload.The dataset has included 8 types of binary malicious payload on Windows platform and 3 types on Linux platform.(2)We proposed a binary malicious payload detection model PANN.In this model,the convolutional neural network module and the residual network module are connected in parallel mode,so that the tensors extracted from the two network modules are combined on the feature map,and the two parallel modules are dynamically adjusted by the weight parameters ? and ?.Through experiments on 11 types of binary malicious payload traffic in Metasploit compared with normal traffic,the result is shown that the accuracy of the PANN model using five-fold cross-validation can achieve 99.68%.Through T test,The PANN model is 1-3% more accurate than the residual network model and Le Net network model within 95% confidence interval.