JSAI2023

Presentation information

General Session

General Session » GS-2 Machine learning

[1T5-GS-2] Machine learning

Tue. Jun 6, 2023 5:00 PM - 6:20 PM Room T (Online)

座長:森 隼基(NEC) [現地]

5:40 PM - 6:00 PM

[1T5-GS-2-03] Performance Evaluation of Anomaly Communication Detection using BERT for Feature Extraction of Packet Payload

〇Tomokatsu Takahashi1, Yuuki Yamanaka1, Takuya Minami1, Yoshiaki Nakajima1 (1. NTT Social Informatics Laboratories)

[[Online]]

Keywords:Anomaly detection, Deep neural network, BERT

Anomaly Communication Detection is important to ensure the safety of industrial control systems (ICS).
However, it is difficult to create detection rules for all the various communication protocols used in an ICS, including proprietary ones.
Therefore, anomaly communication detection using Bidirectional Encoder Representations for Transformers (BERT) for feature extraction of packet payload has attracted attention, since it learns the characteristics of packet payloads without prior knowledge and can handle a wide range of protocols.
In this paper, we conduct experiments to investigate the features and usefulness of this method.
Specifically, we (1) measure the detection performance of random rewriting of payloads of typical protocols and (2) confirm the performance improvement by applying an overdetection correction technique.
Through these experiments, we demonstrate the performance of anomaly communication detection using BERT for feature extraction of packet payloads and consider its effectiveness.

Authentication for paper PDF access

A password is required to view paper PDFs. If you are a registered participant, please log on the site from Participant Log In.
You could view the PDF with entering the PDF viewing password bellow.

Password