Image-based Neural Network Models for Malware Traffic Classification using PCAP to Picture Conversion

Traffic categorization is considered of paramount importance in the network security sector, as well as the first stage in network anomaly detection, or in a network-based intrusion detection system (IDS). This paper introduces an artificial intelligence (AI) network traffic classification pipeline, including the employment of state-of-the-art image-based neural network models, namely Vision Transformers (ViT) and Convolutional Neural Networks (CNN), whereas the primary element of this pipeline is the transformation of raw traffic data into grayscale pictures introducing a properly developed IDS-Vision Toolkit as well. This approach extracts characteristics from network traffic data without requiring domain expertise and could be easily adapted to new network protocols and technologies (i.e. 5G). Furthermore, the proposed method was tested on the CIC-IDS-2017 dataset and compared to a well-known feature extraction strategy on the same dataset. Finally, it surpasses all suggested binary classification algorithms for the CIC-IDS-2017 dataset to the best of our knowledge, paving the path for further exploitation in the 5G domain to successfully address related cybersecurity challenges.