Security and Communication Networks

Research Article

BLATTA: Early Exploit Detection on Network Traffic with Recurrent Neural Networks

Table 5

Experiment results of using various parameters combination and various lengths of input to the model


Parameter		No. of bytes							No. of bytes
Parameter		All	700	600	500	400	300	200	All	700	600	500	400	300	200

	1	47.22	48.69	49.86	50.65	51.77	54.99	65.32	1.18	1.19	1.21	1.21	71.31	78.7	89.43
	3	99.87	99.51	99.77	99.1	99.59	98.93	91.07	2.51	2.51	2.51	2.51	72.61	10.29	20.51
	5	99.87	99.55	99.78	99.57	99.29	98.91	88.75	2.51	2.51	2.51	2.51	2.51	72.6	11.08
	7	99.86	99.47	99.59	99.37	99.19	98.53	97.08	2.51	2.51	2.51	2.51	2.51	8.92	80.92
	9	99.81	99.59	99.62	99.57	99.23	98.16	88.93	2.51	2.51	2.51	2.51	72.6	74.16	90.6

Stride	1	99.87	99.55	99.78	99.57	99.29	98.91	88.75	2.51	2.51	2.51	2.51	2.51	72.6	11.08
	2	73.39	74.11	74.01	74.45	74.69	74.62	77.82	1.81	1.81	1.81	1.81	71.92	72.46	19.86
	3	82.51	82.54	83.07	83.12	83.25	83.5	85.75	1.5	1.49	1.5	1.51	71.62	75.47	89.63
	4	99.6	99.19	99.26	99.28	98.61	98.55	98.37	1.93	1.93	1.93	1.93	1.93	74.09	10.5
	5	99.73	98.95	98.88	98.65	98	95.77	88.29	1.93	1.92	1.93	1.93	1.93	54.16	90.02

Dictionary size	1000	47.78	49.5	50.36	50.79	51.8	54.83	54.68	1.21	1.21	1.22	1.22	71.33	79.47	89.42
	2000	99.87	99.55	99.78	99.57	99.29	98.91	88.75	2.51	2.51	2.51	2.51	2.51	72.6	11.08
	5000	99.87	99.37	99.75	99.79	99.62	99.69	99.66	2.51	2.51	2.51	2.51	72.61	10.03	90.61
	10000	99.86	99.44	99.74	99.55	99.44	98.55	98.33	2.51	2.51	2.51	2.51	72.61	79.06	90.15
	20000	99.84	99.81	99.69	99.24	99.21	99.43	98.91	2.51	2.51	2.51	2.51	72.61	80.46	89.64

Embedding dimension	16	99.89	99.65	99.7	99.67	99.22	99.09	98.81	2.51	2.51	2.51	2.51	2.51	76.77	80.94
	32	99.87	99.55	99.78	99.57	99.29	98.91	88.75	2.51	2.51	2.51	2.51	2.51	72.6	11.08
	64	99.87	99.2	99.41	99.09	98.61	96.76	85.52	2.51	2.51	2.51	2.51	2.51	4.51	89.85
	128	99.84	99.33	99.6	99.35	98.99	97.69	86.78	2.51	2.51	2.51	2.51	72.6	4.27	10.88
	256	99.88	99.76	99.8	99.22	99.38	98.64	90.34	2.51	2.51	2.51	2.51	72.6	80.79	90.6

Recurrent layer	LSTM	99.87	99.55	99.78	99.57	99.29	98.91	88.75	2.51	2.51	2.51	2.51	2.51	72.6	11.08
Recurrent layer	GRU	99.88	99.35	99.48	99.35	99.06	97.94	86.22	2.51	2.51	2.51	2.51	2.51	78.95	8.48

No. of layers	1	99.87	99.55	99.78	99.57	99.29	98.91	88.75	2.51	2.51	2.51	2.51	2.51	72.6	11.08
	2	99.86	99.46	99.46	99.38	99.2	99.72	88.65	2.51	2.51	2.51	2.51	72.59	78.78	20.29
	3	99.84	99.38	99.68	99.1	99.18	98.16	87.35	2.51	2.51	2.51	2.51	2.51	74.94	10.83
		Detection rate							False positive rate

Bold values show the parameter value for each set of experiment which gives the highest detection rate and lowest false positive rate.