Research Article
BLATTA: Early Exploit Detection on Network Traffic with Recurrent Neural Networks
Table 5
Experiment results of using various parameters combination and various lengths of input to the model
| Parameter | No. of bytes | No. of bytes | All | 700 | 600 | 500 | 400 | 300 | 200 | All | 700 | 600 | 500 | 400 | 300 | 200 |
| | 1 | 47.22 | 48.69 | 49.86 | 50.65 | 51.77 | 54.99 | 65.32 | 1.18 | 1.19 | 1.21 | 1.21 | 71.31 | 78.7 | 89.43 | 3 | 99.87 | 99.51 | 99.77 | 99.1 | 99.59 | 98.93 | 91.07 | 2.51 | 2.51 | 2.51 | 2.51 | 72.61 | 10.29 | 20.51 | 5 | 99.87 | 99.55 | 99.78 | 99.57 | 99.29 | 98.91 | 88.75 | 2.51 | 2.51 | 2.51 | 2.51 | 2.51 | 72.6 | 11.08 | 7 | 99.86 | 99.47 | 99.59 | 99.37 | 99.19 | 98.53 | 97.08 | 2.51 | 2.51 | 2.51 | 2.51 | 2.51 | 8.92 | 80.92 | 9 | 99.81 | 99.59 | 99.62 | 99.57 | 99.23 | 98.16 | 88.93 | 2.51 | 2.51 | 2.51 | 2.51 | 72.6 | 74.16 | 90.6 |
| Stride | 1 | 99.87 | 99.55 | 99.78 | 99.57 | 99.29 | 98.91 | 88.75 | 2.51 | 2.51 | 2.51 | 2.51 | 2.51 | 72.6 | 11.08 | 2 | 73.39 | 74.11 | 74.01 | 74.45 | 74.69 | 74.62 | 77.82 | 1.81 | 1.81 | 1.81 | 1.81 | 71.92 | 72.46 | 19.86 | 3 | 82.51 | 82.54 | 83.07 | 83.12 | 83.25 | 83.5 | 85.75 | 1.5 | 1.49 | 1.5 | 1.51 | 71.62 | 75.47 | 89.63 | 4 | 99.6 | 99.19 | 99.26 | 99.28 | 98.61 | 98.55 | 98.37 | 1.93 | 1.93 | 1.93 | 1.93 | 1.93 | 74.09 | 10.5 | 5 | 99.73 | 98.95 | 98.88 | 98.65 | 98 | 95.77 | 88.29 | 1.93 | 1.92 | 1.93 | 1.93 | 1.93 | 54.16 | 90.02 |
| Dictionary size | 1000 | 47.78 | 49.5 | 50.36 | 50.79 | 51.8 | 54.83 | 54.68 | 1.21 | 1.21 | 1.22 | 1.22 | 71.33 | 79.47 | 89.42 | 2000 | 99.87 | 99.55 | 99.78 | 99.57 | 99.29 | 98.91 | 88.75 | 2.51 | 2.51 | 2.51 | 2.51 | 2.51 | 72.6 | 11.08 | 5000 | 99.87 | 99.37 | 99.75 | 99.79 | 99.62 | 99.69 | 99.66 | 2.51 | 2.51 | 2.51 | 2.51 | 72.61 | 10.03 | 90.61 | 10000 | 99.86 | 99.44 | 99.74 | 99.55 | 99.44 | 98.55 | 98.33 | 2.51 | 2.51 | 2.51 | 2.51 | 72.61 | 79.06 | 90.15 | 20000 | 99.84 | 99.81 | 99.69 | 99.24 | 99.21 | 99.43 | 98.91 | 2.51 | 2.51 | 2.51 | 2.51 | 72.61 | 80.46 | 89.64 |
| Embedding dimension | 16 | 99.89 | 99.65 | 99.7 | 99.67 | 99.22 | 99.09 | 98.81 | 2.51 | 2.51 | 2.51 | 2.51 | 2.51 | 76.77 | 80.94 | 32 | 99.87 | 99.55 | 99.78 | 99.57 | 99.29 | 98.91 | 88.75 | 2.51 | 2.51 | 2.51 | 2.51 | 2.51 | 72.6 | 11.08 | 64 | 99.87 | 99.2 | 99.41 | 99.09 | 98.61 | 96.76 | 85.52 | 2.51 | 2.51 | 2.51 | 2.51 | 2.51 | 4.51 | 89.85 | 128 | 99.84 | 99.33 | 99.6 | 99.35 | 98.99 | 97.69 | 86.78 | 2.51 | 2.51 | 2.51 | 2.51 | 72.6 | 4.27 | 10.88 | 256 | 99.88 | 99.76 | 99.8 | 99.22 | 99.38 | 98.64 | 90.34 | 2.51 | 2.51 | 2.51 | 2.51 | 72.6 | 80.79 | 90.6 |
| Recurrent layer | LSTM | 99.87 | 99.55 | 99.78 | 99.57 | 99.29 | 98.91 | 88.75 | 2.51 | 2.51 | 2.51 | 2.51 | 2.51 | 72.6 | 11.08 | GRU | 99.88 | 99.35 | 99.48 | 99.35 | 99.06 | 97.94 | 86.22 | 2.51 | 2.51 | 2.51 | 2.51 | 2.51 | 78.95 | 8.48 |
| No. of layers | 1 | 99.87 | 99.55 | 99.78 | 99.57 | 99.29 | 98.91 | 88.75 | 2.51 | 2.51 | 2.51 | 2.51 | 2.51 | 72.6 | 11.08 | 2 | 99.86 | 99.46 | 99.46 | 99.38 | 99.2 | 99.72 | 88.65 | 2.51 | 2.51 | 2.51 | 2.51 | 72.59 | 78.78 | 20.29 | 3 | 99.84 | 99.38 | 99.68 | 99.1 | 99.18 | 98.16 | 87.35 | 2.51 | 2.51 | 2.51 | 2.51 | 2.51 | 74.94 | 10.83 | ā | ā | Detection rate | False positive rate |
|
|
Bold values show the parameter value for each set of experiment which gives the highest detection rate and lowest false positive rate.
|