Accelerating convolutional neural network-based malware traffic detection through ant-colony clustering.

Deep learning methods have been widely used in today's network security systems for their outperforming in detecting rates of the patterns of anomalous network actions. Particularly, in the field of malware traffic classification, time reduction for a detecting process is of great importance and can stop network damage at an early stage. To achieve a balance between the detection rate and time consumption, practical structures of relative systems are usually simple, complicating the application of appropriate accelerating methods. In this study, we propose a novel ant-colony -based clustering algorithm, which can efficiently select the most valuable data points for the next step of learning. In addition, to take advantage of the widely-used convolutional neural network architecture, we defined the mapping-image of each raw traffic data, and then transformed the intrusion detection problem into an image recognition problem. Before each training iteration, we applied the clustering algorithm to locate the most-featured part of each specific type of network traffic. Next, we utilized this featured part in the training, by considering its depth and shallow information, so that its precision and robustness can be improved. Preliminary experiments demonstrate that our method not only achieves high-detection-rate results but also manages to utilize much less processing time with proper parameter tuning of the neural networks.