{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:03:18Z","timestamp":1777806198832,"version":"3.51.4"},"reference-count":51,"publisher":"SAGE Publications","issue":"4","license":[{"start":{"date-parts":[[2021,9,29]],"date-time":"2021-09-29T00:00:00Z","timestamp":1632873600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2022,8,25]]},"abstract":"Network attacks have become a major security concern for organizations worldwide. A category of network attacks that exploit the logic (security) flaws of a few widely-deployed authentication protocols has been commonly observed in recent years. Such logic-flaw-exploiting network attacks often do not have distinguishing signatures, and can thus easily evade the typical signature-based network intrusion detection systems. Recently, researchers have applied neural networks to detect network attacks with network logs. However, public network data sets have major drawbacks such as limited data sample variations and unbalanced data with respect to malicious and benign samples. In this paper, we present a new end-to-end approach based on protocol fuzzing to automatically generate high-quality network data, on which deep learning models can be trained for network attack detection. Our findings show that protocol fuzzing can generate data samples that cover real-world data, and deep learning models trained with fuzzed data can successfully detect the logic-flaw-exploiting network attacks.<\/jats:p>","DOI":"10.3233\/jcs-210101","type":"journal-article","created":{"date-parts":[[2021,10,1]],"date-time":"2021-10-01T22:56:47Z","timestamp":1633129007000},"page":"541-570","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":4,"title":["Deep learning for detecting logic-flaw-exploiting network attacks: An\u00a0end-to-end approach"],"prefix":"10.1177","volume":"30","author":[{"given":"Qingtian","family":"Zou","sequence":"first","affiliation":[{"name":"College of Information Sciences and Technology, The Pennsylvania State University, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anoop","family":"Singhal","sequence":"additional","affiliation":[{"name":"Security Test, Validation and Measurement Group, National Institute of Standards and Technology, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaoyan","family":"Sun","sequence":"additional","affiliation":[{"name":"College of Engineering & Computer Science, California State University, Sacramento, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[{"name":"College of Information Sciences and Technology, The Pennsylvania State University, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2021,9,29]]},"reference":[{"key":"ref001","first-page":"106","volume":"105","author":"Aitel D.","year":"2002","journal-title":"Immunity Inc., February"},{"key":"ref002","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.05.003"},{"key":"ref003","doi-asserted-by":"publisher","DOI":"10.1109\/CINE.2015.34"},{"key":"ref004","doi-asserted-by":"crossref","unstructured":"G.\u00a0Banks, M.\u00a0Cova, V.\u00a0Felmetsger, K.\u00a0Almeroth, R.\u00a0Kemmerer and G.\u00a0Vigna, in: SNOOZE: Toward a Stateful NetwOrk prOtocol fuzZEr, Springer, 2006, pp.\u00a0343\u2013358, https:\/\/link.springer.com\/chapter\/10.1007\/11836810_25 http:\/\/link.springer.com\/10.1007\/11836810_25.","DOI":"10.1007\/11836810_25"},{"key":"ref005","unstructured":"I.\u00a0Beltagy, M.E.\u00a0Peters and A.\u00a0Cohan, 2020, Longformer: The long-document transformer. arXiv preprint arXiv:2004.05150."},{"key":"ref006","doi-asserted-by":"crossref","unstructured":"C.M.\u00a0Bishop et al., Neural Networks for Pattern Recognition, Oxford University Press, 1995.","DOI":"10.1093\/oso\/9780198538493.001.0001"},{"key":"ref007","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010933404324"},{"key":"ref008","doi-asserted-by":"crossref","unstructured":"N.\u00a0Carion, F.\u00a0Massa, G.\u00a0Synnaeve, N.\u00a0Usunier, A.\u00a0Kirillov and S.\u00a0Zagoruyko, August. End-to-end object detection with transformers, in: European Conference on Computer Vision, Springer, Cham, 2020, pp.\u00a0213\u2013229.","DOI":"10.1007\/978-3-030-58452-8_13"},{"key":"ref009","doi-asserted-by":"publisher","DOI":"10.1007\/s00500-014-1250-8"},{"key":"ref010","unstructured":"P.B. Community and the Scapy, Vol.\u00a024, 2021 [Online; accessed 24. Aug. 2021]. https:\/\/scapy.net."},{"key":"ref011","unstructured":"J.\u00a0Devlin, M.W.\u00a0Chang, K.\u00a0Lee and K.\u00a0Toutanova, Bert: Pre-training of deep bidirectional transformers for language understanding, 2018, arXiv preprint arXiv:1810.04805."},{"issue":"6","key":"ref012","first-page":"446","volume":"4","author":"Dhanabal L.","year":"2015","journal-title":"International Journal of Advanced Research in Computer and Communication Engineering"},{"key":"ref013","doi-asserted-by":"publisher","DOI":"10.1145\/3299815.3314439"},{"key":"ref014","doi-asserted-by":"crossref","unstructured":"F.\u00a0Galkin, A.\u00a0Aliper, E.\u00a0Putin, I.\u00a0Kuznetsov, V.N.\u00a0Gladyshev and A.\u00a0Zhavoronkov, Human microbiome aging clocks based on deep learning and tandem of permutation feature importance and accumulated local effects,\n BioRxiv\n (2018), 507780.","DOI":"10.1101\/507780"},{"key":"ref015","unstructured":"I.\u00a0Goodfellow, Y.\u00a0Bengio and A.\u00a0Courville, Deep Learning, MIT Press, 2016."},{"issue":"8","key":"ref016","first-page":"239","volume":"10","author":"Gorbunov S.","year":"2010","journal-title":"International Journal of Computer Science and Network Security"},{"issue":"5","key":"ref017","first-page":"761","volume":"19","author":"Goswami S.","year":"2017","journal-title":"IJ Network Security"},{"key":"ref018","doi-asserted-by":"crossref","unstructured":"E.\u00a0Hogan, J.R.\u00a0Johnson and M.\u00a0Halappanavar, Graph coarsening for path finding in cybersecurity graphs, in: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, 2013, pp.\u00a01\u20134.","DOI":"10.1145\/2459976.2459984"},{"key":"ref019","unstructured":"IDS 2018 | Datasets | Research | Canadian Institute for Cybersecurity | UNB, 2020, [Accessed Jul 4 2020]. https:\/\/www.unb.ca\/cic\/datasets\/ids-2018.html."},{"key":"ref020","unstructured":"Initial Access, Tactic TA0001 \u2013 Enterprise | MITRE ATT&CK\n \u00ae\n , 2021 [Online; accessed 20. Aug. 2021]. https:\/\/attack.mitre.org\/versions\/v9\/tactics\/TA0001."},{"key":"ref021","doi-asserted-by":"crossref","unstructured":"S.T.\u00a0Jan, Q.\u00a0Hao, T.\u00a0Hu, J.\u00a0Pu, S.\u00a0Oswal, G.\u00a0Wang and B.\u00a0Viswanath, Throwing darts in the dark? Detecting bots with limited data using neural data augmentation, in: The 41st IEEE Symposium on Security and Privacy, IEEE SP, 2020.","DOI":"10.1109\/SP40000.2020.00079"},{"key":"ref022","doi-asserted-by":"publisher","DOI":"10.1162\/tacl_a_00300"},{"key":"ref023","unstructured":"jtpereyda, boofuzz, 2021 [Online; accessed 20. Aug. 2021]. https:\/\/github.com\/jtpereyda\/boofuzz."},{"key":"ref024","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.51"},{"key":"ref025","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSec.2012.6246087"},{"key":"ref026","unstructured":"Y.\u00a0Liu, A.\u00a0Jain, C.\u00a0Eng, D.H.\u00a0Way, K.\u00a0Lee, P.\u00a0Bui, K.\u00a0Kanada, G.\u00a0de\u00a0Oliveira Marinho, J.\u00a0Gallegos, S.\u00a0Gabriele et al., A\u00a0deep learning system for differential diagnosis of skin diseases,\n Nature Medicine\n (2020), 1\u20139."},{"key":"ref027","unstructured":"Y.\u00a0Liu, M.\u00a0Ott, N.\u00a0Goyal, J.\u00a0Du, M.\u00a0Joshi, D.\u00a0Chen and V.\u00a0Stoyanov, 2019, Roberta: A robustly optimized bert pretraining approach. arXiv preprint arXiv:1907.11692."},{"key":"ref028","doi-asserted-by":"crossref","unstructured":"S.M.\u00a0Milajerdi, et al., HOLMES: Real-time APT detection through correlationof suspicious information flows, in: 2019 IEEE Symposium on Security and Privacy (SP), IEEE, 2019.","DOI":"10.1109\/SP.2019.00026"},{"key":"ref029","doi-asserted-by":"crossref","unstructured":"K.\u00a0Millar, A.\u00a0Cheng, H.G.\u00a0Chew and C.C.\u00a0Lim, Deep learning for classifying malicious network traffic, in: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), LNAI, Vol.\u00a011154, 2018, pp.\u00a0156\u2013161, http:\/\/link.springer.com\/10.1007\/978-3-030-04503-6_15.","DOI":"10.1007\/978-3-030-04503-6_15"},{"key":"ref030","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2847722"},{"key":"ref031","unstructured":"MITRE ATT&CK\n \u00ae\n , 2021 [Online; accessed 20. Aug. 2021]. https:\/\/attack.mitre.org."},{"key":"ref032","doi-asserted-by":"crossref","unstructured":"N.\u00a0Moustafa and J.\u00a0Slay, UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set), in: 2015 Military Communications and Information Systems Conference, MilCIS 2015 \u2013 Proceedings, Institute of Electrical and Electronics Engineers Inc., 2015.","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"ref033","unstructured":"L.\u00a0Movement, Tactic TA0008 \u2013 Enterprise | MITRE ATT&CK\n \u00ae\n , 2021 [Online; accessed 20. Aug. 2021]. https:\/\/attack.mitre.org\/versions\/v9\/tactics\/TA0008."},{"key":"ref034","unstructured":"T.\u00a0Ongun, T.\u00a0Sakharaov, S.\u00a0Boboila, A.\u00a0Oprea and T.\u00a0Eliassi-Rad, On Designing Machine Learning Models for Malicious Network Traffic Classification, 2019, http:\/\/arxiv.org\/abs\/1907.04846."},{"key":"ref035","unstructured":"Openrce, sulley, 2021 [Online; accessed 20. Aug. 2021]. https:\/\/github.com\/OpenRCE\/sulley."},{"key":"ref036","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274710"},{"key":"ref037","doi-asserted-by":"publisher","DOI":"10.1145\/846183.846200"},{"key":"ref038","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-80568-5_3"},{"key":"ref039","doi-asserted-by":"publisher","DOI":"10.1038\/323533a0"},{"key":"ref040","doi-asserted-by":"crossref","unstructured":"I.\u00a0Sharafaldin, A.H.\u00a0Lashkari and A.A.\u00a0Ghorbani, Toward generating a new intrusion detection dataset and intrusion traffic characterization, in: ICISSP 2018 \u2013 Proceedings of the 4th International Conference on Information Systems Security and Privacy, Vol. 2018-Janua, 2018, pp.\u00a0108\u2013116, https:\/\/www.scitepress.org\/Papers\/2018\/66398\/66398.pdf.","DOI":"10.5220\/0006639801080116"},{"key":"ref041","unstructured":"Snort \u2013 Network Intrusion Detection & Prevention System, 2019 [Online; accessed 10. Apr. 2019]. https:\/\/www.snort.org\/."},{"key":"ref042","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10433-6_12"},{"key":"ref043","first-page":"570","author":"Taylor C.","year":"2001","journal-title":"IEEE Proc. PDCS\u20192001"},{"key":"ref044","unstructured":"Use Alternate Authentication Material: Pass the Hash, Sub-technique T1550.002 \u2013 Enterprise | MITRE ATT&CK\n \u00ae\n , 2021 [Online; accessed 3. Mar. 2021]. https:\/\/attack.mitre.org\/versions\/v8\/techniques\/T1550\/002."},{"key":"ref045","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2017.2762418"},{"key":"ref046","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2006.255120"},{"key":"ref047","doi-asserted-by":"crossref","unstructured":"X.\u00a0Yuan, C.\u00a0Li and X.\u00a0Li, DeepDefense: Identifying DDoS attack via deep learning, in: 2017 IEEE International Conference on Smart Computing, SMARTCOMP 2017, 2017, https:\/\/ieeexplore.ieee.org\/abstract\/document\/7946998\/.","DOI":"10.1109\/SMARTCOMP.2017.7946998"},{"key":"ref048","doi-asserted-by":"publisher","DOI":"10.3390\/atmos10070373"},{"key":"ref049","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Zhang, X.\u00a0Chen, D.\u00a0Guo, M.\u00a0Song, Y.\u00a0Teng and X.\u00a0Wang, PCCN: Parallel Cross Convolutional Neural Network for Abnormal Network Traffic Flows Detection in Multi-class imbalanced Network Traffic Flows,\n IEEE Access\n (2019), 1\u20131, https:\/\/ieeexplore.ieee.org\/abstract\/document\/8787567\/.","DOI":"10.1109\/ACCESS.2019.2933165"},{"key":"ref050","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2020.3021548"},{"key":"ref051","doi-asserted-by":"crossref","unstructured":"Q.\u00a0Zou, A.\u00a0Singhal, X.\u00a0Sun and P.\u00a0Liu, Deep learning for detecting network attacks: An end-to-end approach, in: IFIP Annual Conference on Data and Applications Security and Privacy, Springer, 2021, pp.\u00a0221\u2013234.","DOI":"10.1007\/978-3-030-81242-3_13"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-210101","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-210101","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-210101","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:39Z","timestamp":1777495539000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-210101"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,29]]},"references-count":51,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2022,8,25]]}},"alternative-id":["10.3233\/JCS-210101"],"URL":"https:\/\/doi.org\/10.3233\/jcs-210101","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,9,29]]}}}