MTCD-Model: A Two-Layer Model for Malicious Traffic Classification and Detection Based on Hierarchical Feature Learning

The rapid growth of cyber world and higher awareness of security in recent years have contributed to a significant demand in classification and detection of malicious traffic. Neural network is considered one of the effective methods. However, existing methods need to be improved. For example, the model performance is influenced by over dependance on manual design and extraction of feature. In addition, truncating or zero-complementing the traffic data results in loss of key traffic information or irrelevant input, which in turn affects the model performance in classifying and detecting malicious traffic. Motivated by these considerations and demands, this paper proposes a Malicious Traffic Classification and Detection Model (MTCD-Model), a two-layer model based on hierarchical feature learning. This model exploits both the CNN and Bi-SRU to learn the features of raw traffic data in indefinite length by hierarchical learning method, and achieve the classification and detection of malicious traffic with capsule network. The experimental results, based on the primary dataset TCD-2022, show that the F1-Score of MTCD-Model can reach 98.62, while the performance remains stable in different experimental scenarios. In addition, MTCD-Model generates different degrees of improvement in various evaluation metrics compared with the control model.