在當今社會中，網路在我們的日常生活中扮演著重要的角色，因此網路安全變得至關重要。為了更有效地偵測網路行為的異常，入侵偵測系統近年來引入了許多機器學習方法。傳統的入侵偵測系統主要依賴事先定義好的規則，然而隨著網路環境的迅速變化和入侵手法的不斷演進，這些事先定義的規則往往無法應對新型的入侵行為。因此，我們需要一種更靈活、自適應的方法來更新入侵偵測系統的規則。
在本研究中，我們探討了一種基於 video captioning 的智慧規則生成器，旨在加速網路入侵偵測系統中的規則更新速度。我們參考了 PAC-GAN 論文中關於封包編碼的方法，將一個封包流視為一部影片，其中的每個網路封包被轉換為影片中的一幀圖像。透過這樣的轉換，我們將生成規則的任務視為一種影片轉文字的任務，即從影像中生成相應的文字描述。我們的方法首先利用我們設計的模型架構（PAC3D）來萃取每一幀圖像的特徵。接著，我們設計了一個 video captioning 的架構，通過學習從影像特徵到文字描述的映射，來生成網路入侵偵測系統可以使用的規則。
基於 video captioning 的智慧規則生成器具有多個優勢。首先，它能夠學習並生成規則，減輕了人工定義規則的負擔。其次，透過使用影像資訊，它能夠捕捉到網路封包中更細微的特徵，從而提高入侵偵測的準確性。這項研究為我們提供了一種自動化的方法，用於基於影片識別的網路入侵偵測。

Today, the internet plays a crucial role in our daily lives, making network security a prominent concern. Intrusion detection systems have increasingly incorporated machine learning methods to detect network anomalies more effectively. Traditional intrusion detection systems heavily rely on pre-defined rules. Still, with the rapidly evolving network environment and ever-changing intrusion techniques, these pre-defined rules often fail to address new types of attacks. Therefore, a more flexible and adaptive approach is needed to update the rules of intrusion detection systems.
In this study, we explore an intelligent rule generator based on video captioning to accelerate the rule-updating process in network intrusion detection systems. Inspired by the packet encoding method proposed in the PAC-GAN paper, we treat a packet flow as a video, transforming each network packet into a frame image. By employing this transformation, we consider the task of rule generation as a video-to-text task, aiming to generate textual descriptions from the video frames. Our approach first utilizes a model architecture we designed, PAC3D, to extract features from each frame image. Subsequently, we develop a video captioning model that learns the mapping from image features to textual descriptions, thus generating rules suitable for network intrusion detection systems.
The video captioning-based intelligent rule generator offers several advantages. Firstly, it can learn and generate rules, alleviating the burden of manually defining rules. Secondly, by utilizing image information, it captures finer-grained features in network packets, thereby improving the accuracy of intrusion detection. This research provides an automated approach for network intrusion detection based on video recognition, paving the way for more effective and adaptable intrusion detection in network security.

[1] I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, "Toward generating a new intrusion detection dataset and intrusion traffic characterization," ICISSp, vol. 1,pp. 108-116, 2018.
[2] R. Li, X. Xiao, S. Ni, H. Zheng, and S. Xia, "Byte Segment Neural Network for Network Traffic Classification," in 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS), 4-6 June 2018 2018, pp. 1-10, doi:10.1109/IWQoS.2018.8624128.
[3] M. Verkerken et al., "A Novel Multi-Stage Approach for Hierarchical Intrusion Detection," IEEE Transactions on Network and Service Management, pp. 1-1, 2023, doi: 10.1109/TNSM.2023.3259474.
[4] S. Potluri, S. Ahmed, and C. Diedrich, "Convolutional Neural Networks for Multi-class Intrusion Detection System," in Mining Intelligence and Knowledge Exploration, Cham, A. Groza and R. Prasath, Eds., 2018// 2018: Springer International Publishing, pp. 225-238.
[5] H. K. Lim, J. B. Kim, J. S. Heo, K. Kim, Y. G. Hong, and Y. H. Han, "Packet-based Network Traffic Classification Using Deep Learning," in 2019 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), 11-13 Feb. 2019 2019, pp. 046-051, doi: 10.1109/ICAIIC.2019.8669045.
[6] D. Tran, L. Bourdev, R. Fergus, L. Torresani, and M. Paluri, "Learning spatiotemporal features with 3d convolutional networks," in Proceedings of the IEEE international conference on computer vision, 2015, pp. 4489-4497. 25
[7] D. Tran, H. Wang, L. Torresani, J. Ray, Y. LeCun, and M. Paluri, "A closer look at spatiotemporal convolutions for action recognition," in Proceedings of the IEEE conference on Computer Vision and Pattern Recognition, 2018, pp. 6450-6459.
[8] H. Sak, A. W. Senior, and F. Beaufays, "Long short-term memory recurrent neural network architectures for large scale acoustic modeling," 2014.
[9] R. Pasunuru and M. Bansal, "Multi-task video captioning with video and entailment generation," arXiv preprint arXiv:1704.07489, 2017.
[10] B. Wang, L. Ma, W. Zhang, and W. Liu, "Reconstruction network for video captioning," in Proceedings of the IEEE conference on computer vision and pattern recognition, 2018, pp. 7622-7631.
[11] W. Pei, J. Zhang, X. Wang, L. Ke, X. Shen, and Y.-W. Tai, "Memory-attended recurrent network for video captioning," in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2019, pp. 8347-8356.
[12] T. Vollmer, J. Alves-Foss, and M. Manic, "Autonomous rule creation for intrusion detection," in 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), 2011: IEEE, pp. 1-8.
[13] N. Fallahi, A. Sami, and M. Tajbakhsh, "Automated flow-based rule generation for network intrusion detection systems," in 2016 24th Iranian Conference on Electrical Engineering (ICEE), 2016: IEEE, pp. 1948-1953.
[14] A. Sagala, "Automatic SNORT IDS rule generation based on honeypot log," in 2015 7th International Conference on Information Technology and Electrical Engineering (ICITEE), 2015: IEEE, pp. 576-580.
[15] E. N. A. Laryea, "Snort Rule Generation for Malware Detection using the GPT2 Transformer," Université d'Ottawa/University of Ottawa, 2022. 26
[16] K. Millar, A. Cheng, H. G. Chew, and C.-C. Lim, "Using Convolutional Neural Networks for Classifying Malicious Network Traffic," in Deep Learning Applications for Cyber Security, M. Alazab and M. Tang Eds. Cham: Springer International Publishing, 2019, pp. 103-126.
[17] A. Cheng, "PAC-GAN: Packet Generation of Network Traffic using Generative Adversarial Networks," in 2019 IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), 17-19 Oct. 2019 2019, pp. 0728-0734, doi: 10.1109/IEMCON.2019.8936224.
[18] A. Radford et al., "Learning transferable visual models from natural language supervision," in International conference on machine learning, 2021: PMLR, pp. 8748-8763.
[19] N. Moustafa and J. Slay, "UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)," in 2015 military communications and information systems conference (MilCIS), 2015: IEEE, pp. 1-6.
[20] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in 2009 IEEE symposium on computational intelligence for security and defense applications, 2009: Ieee, pp. 1-6.
[21] D. P. Kingma and J. Ba, "Adam: A method for stochastic optimization," arXiv preprint arXiv:1412.6980, 2014.