Full Program
Summary:
In this paper, we introduce NetPacketformer, a real-time network intrusion detection model that works directly on raw packet sequences. NetPacketformer leverages raw traffic and takes advantage of a Conformer encoder, originally designed for speech processing, to capture both local details (through convolution) and global patterns (through multi-head attention). We perform experiments on five publicly available datasets covering IoT, IIoT, IoMT, 5G, and standard IP networks, introduce two baseline sequence models based on LSTMs and Transformers, and show that NetPacketformer consistently outperforms them in both binaryand multiclass detection tasks. When compared to state-of-the-art raw packet intrusion detection methods, NetPacketformer outperforms them in multiclass classification and is competitive in binary classification, while exhibiting an order of magnitude lower latency. Finally, we present a real-time application of our model on a Arm64 IoT device. Overall, these findings highlight how utilizing sequence modelling architectures can significantly
improve intrusion detection.
Author(s):
Armando Domi
The Centre for Research and Technology Hellas CERTH
Greece
Christos Zonios
The Centre for Research and Technology Hellas CERTH
Greece
Giorgos Tatsis
The Centre for Research and Technology Hellas CERTH
Greece
Anastasios Drosou
The Centre for Research and Technology Hellas CERTH
Greece
Dimitrios Tzovaras
The Centre for Research and Technology Hellas CERTH
Greece