BLATTA: Early Exploit Detection on Network Traffic with Recurrent Neural Networks
Table 6
The effect of reducing the number of bytes to the detection speed.
No. of bytes
No. of LSTM layers
1
2
3
All
8.366 ± 0.238327
5.514 ± 0.004801
3.698 ± 0.011428
700
16.486 ± 0.022857
10.704 ± 0.022001
7.35 ± 0.044694
600
18.16 ± 0.020556
11.97 ± 0.024792
8.21 ± 0.049584
500
20.432 ± 0.02352
13.65 ± 0.036668
9.376 ± 0.061855
400
22.17 ± 0.032205
14.94 ± 0.037701
10.302 ± 0.065417
300
24.076 ± 0.022857
16.368 ± 0.036352
11.318 ± 0.083477
200
26.272 ± 0.030616
18.138 ± 0.020927
12.688 ± 0.063024
The values are average (mean) detection speed in kbps with 95% confidence interval, calculated from multiple experiments. The detection speed increased significantly (about three times faster than reading the whole message), allowing early prediction of malicious traffic.
