Zeekflow+: A Deep LSTM Autoencoder with Integrated Random Forest Classifier for Binary and Multi-class Classification in Network Traffic Data

This work proposes Zeekflow+, a Deep LSTM Autoencoder (AE)

architecture with integrated Random Forest (RF) classifier for effective

binary & multi-class classification of network traffic data.

The Deep LSTM AE is used to extract underlying patterns existing

within the features of the input data and encode them accordingly,

allowing for binary classification to malicious or benign behavior.

Through the use of the RF classifier, the binary classification capabilities

are extended to multi-class ones for effectively identifying

the origin of the attacks. This is achieved by training the RF classifier

using the total reconstruction loss and the Deep LSTM AE

encoded data. Experimental results on the USTC-TFC2016 dataset,

showcase the performance of the Zeekflow+ architecture in multiclass

classification resulting in more than 99% in the precision,

recall and F1-Score classification metrics. To further demonstrate

the effectiveness of the Zeekflow+ architecture, it is used for binary

classification task in the same dataset, while considering different

Floating Point arithmetic quantizations with the results showing

negligible performance drop, making it suitable for real-time IoT

edge device deployment.