Cybersecurity threats are becoming more complex and frequent, making traditional detection methods insufficient.Toaddressthis,theprojectintroducesadeeplearning-basedsystemforautomaticallydetecting and classifying network threats. It uses structured traffic data from the CyberFedDefender dataset to train two neural network models. The first model performs binary classification to determine whether a traffic record isbenign or malicious.Ifathreatisdetected,thesecondmodelperformsmulticlassclassificationto identify the specific type of attack, such as DoS, DDoS, or PortScan.Both models are fully connected feedforward neural networks that use ReLU activation for efficient training and dropout for regularization. ThedataispreprocessedwithlabelencodingforcategoricalfieldslikeProtocolandFlags,andstandardized usingascalerfornumericalconsistency.ThecompletesystemisdeployedthroughaStreamlitwebinterface. Users can input traffic data via form or upload CSV files for batch analysis. Results are displayed in an interactivetablewithoptionsfordownloadingandvisualization.Thisframeworkshowshowdeeplearning can enhance the speed, accuracy, and scalability of cyber threat detection and classification.
Introduction
The increasing complexity of cybersecurity threats due to digital transformation has rendered traditional rule-based detection methods insufficient, especially against novel and sophisticated attacks. To address this, the project proposes a two-stage deep learning system that classifies network traffic as either benign or malicious (binary classification) and then identifies the specific type of threat (multiclass classification) such as DoS, DDoS, or port scanning. The system uses fully connected neural networks trained on the CyberFedDefender dataset, applying techniques like ReLU activation and dropout to enhance performance and prevent overfitting.
An easy-to-use Streamlit web application serves as the user interface, supporting single record input or bulk CSV uploads, and providing visual summaries and downloadable results. This approach leverages deep learning’s ability to automatically extract features and adapt to evolving threats, outperforming traditional static methods that require constant manual updating and often generate false positives.
The literature review highlights the limitations of conventional intrusion detection systems, the benefits of machine learning and deep learning in cybersecurity, and the effectiveness of multi-stage classification models. The proposed system emphasizes modularity, accuracy, scalability, and usability, aiming to improve real-time threat detection and classification with minimal manual intervention, making it suitable for both research and practical cybersecurity environments.
Conclusion
This project showcases the use of deep learning to detectandclassifycyberthreatsfromnetworktraffic data. The two-stage model helps first identify whetherthetrafficissafeorharmfulandthenfurther classifiesharmfultrafficintospecificattacktypes.A simple web interface allows users to upload data, view predictions, and download results. The system is efficient, easy to use, and provides a strong foundation for building advanced, real-time threat detection tools in cybersecurity.
References
[1] Goodfellow, I., Bengio, Y., & Courville, A. (2016). Deep Learning. MIT Press.A foundational textbook explaining deep learning concepts, architectures, and applications, including classification.
[2] LeCun,Y., Bengio,Y., & Hinton, G. (2015). Deep learning. Nature, 521(7553), 436–444. https://doi.org/10.1038/nature14539Reviews major advancements in deep learning, including applications to classification problems.
[3] Kim, Y. (2014). Convolutional Neural Networks for Sentence Classification. arXiv preprint arXiv:1408.5882. While focused on text,itprovidesinsightsintohowDNNsclassify complex data, similar to network traffic.
[4] Wu, Z., & Xie, Y. (2020). Cyber Threat DetectionusingDeepLearningTechniques:A Survey. Journal of Cybersecurity and Privacy, 1(1), 1–25. Overview of how deep learning is used in threat detection and classification.
[5] Al-Rimy,B.A.S.,Maarof,M.A.,&Shaid,S.Z.M.(2018).Ransomwarethreatsuccess factors,taxonomy,andcountermeasures:A survey and research directions. Computers &Security,74,144–166. https://doi.org/10.1016/j.cose.2018.01.001Highlights various cyber threats relevant for classification models.
[6] Liu,H.,Lang,B.,Liu,M.,&Yan,H.(2019).CNN and RNN based payload classification methods for attack detection. Knowledge- BasedSystems,163,332–341.Discussesdeeplearningmodels(CNN/RNN) for threat classification in network traffic.
[7] Vinayakumar, R., Soman, K. P., & Poornachandran, P. (2017). Applying deep learning approaches for network traffic classification and intrusion detection. ProcediaComputerScience,132,1016–1023. Provides a comparative look at using deep neural networks in cybersecurity contexts.
[8] Moustafa,N., & Slay, J. (2015). UNSW- NB15:Acomprehensive data set fornetwork intrusion detection systems. Military Communications and Information Systems Conference,IEEE.Describesadatasetsimilar to CyberFedDefender used for evaluating intrusion detection models.
[9] Shone,N.,Ngoc,T.N.,Phai,V.D.,&Shi,Q. (2018).Adeep learning approach to network intrusion detection. IEEE Transactions on Emerging Topics in Computational Intelligence, 2(1), 41–50. A widely cited paper showing DNNs applied for real-time intrusion detection.
[10] Javaid, A., Niyaz, Q., Sun, W., & Alam, M. (2016).Adeeplearningapproachfornetwork intrusiondetectionsystem.Proceedingsofthe 9th EAI International Conference on Bio- inspiredInformationandCommunicationsTechnologies. Introduces a deep architecture for binary and multiclass intrusion classification.
[11] Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2014). Network anomaly detection: methods, systems and tools. IEEE Communications Surveys & Tutorials, 16(1), 303–336.Survey of anomaly-based and signature-based detection systems.
[12] Lopez-Martin, M., Carro, B., Sanchez- Esguevillas,A., & Lloret, J. (2017). Network traffic classifier with convolutional and recurrent neural networks for Internet of Things.IEEEAccess,5,18042–18050.– Focuses on traffic classification in modern IoT networks using deep models.