Feature Mining for Encrypted Malicious Traffic Detection with Deep Learning and Other Machine Learning Algorithms | AI Security Portal

JA

JA

EN

TOP Literature Database Feature Mining for Encrypted Malicious Traffic Detection with Deep Learning and Other Machine Learning Algorithms

arxiv

Feature Mining for Encrypted Malicious Traffic Detection with Deep Learning and Other Machine Learning Algorithms

AI Security Portal bot

Information in the literature database is collected automatically.

Source

https://arxiv.org/abs/2304.03691

PDF

https://arxiv.org/pdf/2304.03691

Paper Information

Author: Zihao Wang;Vrizlynn L. L. Thing
Published: 4-8-2023
Affiliation: Cybersecurity Strategic Technology Centre
Country: Singapore
Conference: Computing Research Repository (CoRR)

Labels Estimated by AI

Feature Extraction Method Malware Detection Method Protocol Performance Evaluation

These labels were automatically added by AI and may be inaccurate.
For details, see About Literature Database.

Abstract

The popularity of encryption mechanisms poses a great challenge to malicious traffic detection. The reason is traditional detection techniques cannot work without the decryption of encrypted traffic. Currently, research on encrypted malicious traffic detection without decryption has focused on feature extraction and the choice of machine learning or deep learning algorithms. In this paper, we first provide an in-depth analysis of traffic features and compare different state-of-the-art traffic feature creation approaches, while proposing a novel concept for encrypted traffic feature which is specifically designed for encrypted malicious traffic analysis. In addition, we propose a framework for encrypted malicious traffic detection. The framework is a two-layer detection framework which consists of both deep learning and traditional machine learning algorithms. Through comparative experiments, it outperforms classical deep learning and traditional machine learning algorithms, such as ResNet and Random Forest. Moreover, to provide sufficient training data for the deep learning model, we also curate a dataset composed entirely of public datasets. The composed dataset is more comprehensive than using any public dataset alone. Lastly, we discuss the future directions of this research.

External Datasets

CTU-Malware-Capture

Benign-Capture

Mixture Capture

CICIDS-2017

CICIDS-2012

CIRA-CIC-DoHBRW-2020

References

Google transparency report

WatchGuard Technologies

Internet security report - Q2 2021

Encrypted Attacks Report Reveals 314% Spike in HTTPS Threats

Published: 2022

Detecting Malign Encrypted Network Traffic Using Perlin Noise and Convolutional Neural Network

Wajdi Bazuhair, Wonjun Lee

Published: 2020

Detection of Encrypted Malicious Network Traffic using Machine Learning

Michael De Lucia, Chase Cotton

Published: 2019

Transfer Learning for Encrypted Malicious Traffic Detection Based on Efficientnet

Surong Zhang, Youjun Bu, Bo Chen, Xiangyu Lu

Published: 2021

Network Traffic Classifier With Convolutional and Recurrent Neural Networks for Internet of Things

Manuel Lopez-Martin, Belen Carro, Antonio Sanchez-Esguevillas, Jaime Lloret

Published: 2017

IEEE Transactions on Big Data

Identification of encrypted traffic through attention mechanism based long short term memory

H. Yao, C. Liu, P. Zhang, S. Wu, C. Jiang, S. Yu

Published: 2019

Cryptology ePrint Archive

Optimizations of side-channel attack on AES MixColumns using chosen input

A. Vasselle, A. Wurcker

Published: 2019

A Hierarchical Hybrid Intrusion Detection Approach in IoT Scenarios

Giampaolo Bovenzi, Giuseppe Aceto, Domenico Ciuonzo, Valerio Persico, Antonio Pescape

Published: 2020

Cross-Layer Profiling of Encrypted Network Data for Anomaly Detection

Fares Meghdouri, Felix Iglesias Vazquez, Tanja Zseby

Published: 2020

A Distance-Based Method for Building an Encrypted Malware Traffic Identification Framework

Jiayong Liu, Zhiyi Tian, RongFeng Zheng, Liang Liu

Published: 2019

Computing Research Repository (CoRR)

When a RF Beats a CNN and GRU, Together -- A Comparison of Deep Learning and Classical Machine Learning Approaches for Encrypted Malware Traffic Classification

Adi Lichy, Ofek Bader, Ran Dubin, Amit Dvir, Chen Hajaj

Published: 6.16.2022

Internet traffic classification is widely used to facilitate network management. It plays a crucial role in Quality of Services (QoS), Quality of Experience (QoE), network visibility, intrusion detection, and traffic trend analyses. While there is no theoretical guarantee that deep learning (DL)-based solutions perform better than classic machine learning (ML)-based ones, DL-based models have become the common default. This paper compares well-known DL-based and ML-based models and shows that in the case of malicious traffic classification, state-of-the-art DL-based solutions do not necessarily outperform the classical ML-based ones. We exemplify this finding using two well-known datasets for a varied set of tasks, such as: malware detection, malware family classification, detection of zero-day attacks, and classification of an iteratively growing dataset. Note that, it is not feasible to evaluate all possible models to make a concrete statement, thus, the above finding is not a recommendation to avoid DL-based models, but rather empirical proof that in some cases, there are more simplistic solutions, that may perform even better.

Classification Pattern Analysis Security Analysis Data Selection Strategy

ISI

End-to-end encrypted traffic classification with one-dimensional convolution neural networks

W. Wang, M. Zhu, J. Wang, X. Zeng, Z. Yang

Published: 2017

Published: 2011

CVUT University

Malware capture facility project

M. J. Erquiaga, S. Garcia

Published: 2013

Hands-on Network Forensics - Training PCAP dataset

Published: 2015

Ponmocup Malware dataset

Published: 2012

Computing Research Repository (CoRR)

Machine Learning for Encrypted Malicious Traffic Detection: Approaches, Datasets and Comparative Study

Zihao Wang, Kar-Wai Fok, Vrizlynn L. L. Thing

Published: 3.17.2022

As people's demand for personal privacy and data security becomes a priority, encrypted traffic has become mainstream in the cyber world. However, traffic encryption is also shielding malicious and illegal traffic introduced by adversaries, from being detected. This is especially so in the post-COVID-19 environment where malicious traffic encryption is growing rapidly. Common security solutions that rely on plain payload content analysis such as deep packet inspection are rendered useless. Thus, machine learning based approaches have become an important direction for encrypted malicious traffic detection. In this paper, we formulate a universal framework of machine learning based encrypted malicious traffic detection techniques and provided a systematic review. Furthermore, current research adopts different datasets to train their models due to the lack of well-recognized datasets and feature sets. As a result, their model performance cannot be compared and analyzed reliably. Therefore, in this paper, we analyse, process and combine datasets from 5 different sources to generate a comprehensive and fair dataset to aid future research in this field. On this basis, we also implement and compare 10 encrypted malicious traffic detection algorithms. We then discuss challenges and propose future directions of research.

Performance Evaluation Machine Learning Algorithm Data Management System

2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing

Detection of doh tunnels using time-series classification of encrypted traffic

M. MontazeriShatoori, L. Davidson, G. Kaur, A. Habibi Lashkari

Published: 2020

2022 IEEE 19th Annual Consumer Communications & Networking Conference (CCNC)

MalDIST: From Encrypted Traffic Classification to Malware Traffic Detection and Classification

O. Bader, A. Lichy, C. Hajaj, R. Dubin, A. Dvir

Published: 2022

J. Netw. Comput. Appl.

DISTILLER: encrypted traffic classification via multimodal multitask deep learning

G. Aceto, D. Ciuonzo, A. Montieri, A. Pescape

Published: 2021

Unknown malware detection using network traffic classification

Dmitri Bekerman, Bracha Shapira, Lior Rokach, Ariel Bar

Published: 2015