Feature Mining for Encrypted Malicious Traffic Detection with Deep Learning and Other Machine Learning Algorithms

by   Zihao Wang, et al.

The popularity of encryption mechanisms poses a great challenge to malicious traffic detection. The reason is traditional detection techniques cannot work without the decryption of encrypted traffic. Currently, research on encrypted malicious traffic detection without decryption has focused on feature extraction and the choice of machine learning or deep learning algorithms. In this paper, we first provide an in-depth analysis of traffic features and compare different state-of-the-art traffic feature creation approaches, while proposing a novel concept for encrypted traffic feature which is specifically designed for encrypted malicious traffic analysis. In addition, we propose a framework for encrypted malicious traffic detection. The framework is a two-layer detection framework which consists of both deep learning and traditional machine learning algorithms. Through comparative experiments, it outperforms classical deep learning and traditional machine learning algorithms, such as ResNet and Random Forest. Moreover, to provide sufficient training data for the deep learning model, we also curate a dataset composed entirely of public datasets. The composed dataset is more comprehensive than using any public dataset alone. Lastly, we discuss the future directions of this research.


page 1

page 8

page 9


Machine Learning for Encrypted Malicious Traffic Detection: Approaches, Datasets and Comparative Study

As people's demand for personal privacy and data security becomes a prio...

Low-Quality Training Data Only? A Robust Framework for Detecting Encrypted Malicious Network Traffic

Machine learning (ML) is promising in accurately detecting malicious flo...

DeepTLS: comprehensive and high-performance feature extraction for encrypted traffic

Feature extraction is critical for TLS traffic analysis using machine le...

Differentiation of Sliding Rescaled Ranges: New Approach to Encrypted and VPN Traffic Detection

We propose a new approach to traffic preprocessing called Differentiatio...

Evaluating Resilience of Encrypted Traffic Classification Against Adversarial Evasion Attacks

Machine learning and deep learning algorithms can be used to classify en...

PacketCGAN: Exploratory Study of Class Imbalance for Encrypted Traffic Classification Using CGAN

With more and more adoption of Deep Learning (DL) in the field of image ...

Fine-grained TLS Services Classification with Reject Option

The recent success and proliferation of machine learning and deep learni...

Please sign up or login with your details

Forgot password? Click here to reset