When a RF Beats a CNN and GRU, Together – A Comparison of Deep Learning and Classical Machine Learning Approaches for Encrypted Malware Traffic Classification

by   Adi Lichy, et al.

Internet traffic classification is widely used to facilitate network management. It plays a crucial role in Quality of Services (QoS), Quality of Experience (QoE), network visibility, intrusion detection, and traffic trend analyses. While there is no theoretical guarantee that deep learning (DL)-based solutions perform better than classic machine learning (ML)-based ones, DL-based models have become the common default. This paper compares well-known DL-based and ML-based models and shows that in the case of malicious traffic classification, state-of-the-art DL-based solutions do not necessarily outperform the classical ML-based ones. We exemplify this finding using two well-known datasets for a varied set of tasks, such as: malware detection, malware family classification, detection of zero-day attacks, and classification of an iteratively growing dataset. Note that, it is not feasible to evaluate all possible models to make a concrete statement, thus, the above finding is not a recommendation to avoid DL-based models, but rather empirical proof that in some cases, there are more simplistic solutions, that may perform even better.


page 4

page 5

page 6

page 8


Open-Source Framework for Encrypted Internet and Malicious Traffic Classification

Internet traffic classification plays a key role in network visibility, ...

DeepMAL – Deep Learning Models for Malware Traffic Detection and Classification

Robust network security systems are essential to prevent and mitigate th...

Many or Few Samples? Comparing Transfer, Contrastive and Meta-Learning in Encrypted Traffic Classification

The popularity of Deep Learning (DL), coupled with network traffic visib...

A First Look at Class Incremental Learning in Deep Learning Mobile Traffic Classification

The recent popularity growth of Deep Learning (DL) re-ignited the intere...

Automated Machine Learning for Deep Learning based Malware Detection

Deep learning (DL) has proven to be effective in detecting sophisticated...

A Multi-Agent Adaptive Deep Learning Framework for Online Intrusion Detection

The network security analyzers use intrusion detection systems (IDSes) t...

Please sign up or login with your details

Forgot password? Click here to reset