Abstract
An increasing number of Internet application services are relying on encrypted traffic to offer adequate consumer privacy. Anomaly detection in encrypted traffic to circumvent and mitigate cyber security threats is, however, an open and ongoing research challenge due to the limitation of existing traffic classification techniques. Deep learning is emerging as a promising paradigm, allowing reduction in manual determination of feature set to increase classification accuracy. The present work develops a deep learning-based model for detection of anomalies in encrypted network traffic. Three different publicly available datasets including the NSL-KDD, UNSW-NB15, and CIC-IDS-2017 are used to comprehensively analyze encrypted attacks targeting popular protocols. Instead of relying on a single deep learning model, multiple schemes using convolutional (CNN), long short-term memory (LSTM), and recurrent neural networks (RNNs) are investigated. Our results report a hybrid combination of convolutional (CNN) and gated recurrent unit (GRU) models as outperforming others. The hybrid approach benefits from the low-latency feature derivation of the CNN, and an overall improved training dataset fitting. Additionally, the highly effective generalization offered by GRU results in optimal time-domain-related feature extraction, resulting in the CNN and GRU hybrid scheme presenting the best model.
Highlights
Introduction e ongoing development in theInternet of ings (IoT), data science, machine learning, and Internet services has resulted in a significant increase in network-related applications and services for end users. e continuous rise in user applications has increased the number of threat vectors seeking to compromise the security and privacy of users [1, 2]
Evaluation Metrics. e proposed neural network models are evaluated on the derived dataset to compute the accuracy, recall value, precision, false positive, and false negative rate
True positive (TP) and true negative (TN) identify the samples correctly identified as belonging to anomalies and normal samples, respectively
Summary
Introduction e ongoing development in theInternet of ings (IoT), data science, machine learning, and Internet services has resulted in a significant increase in network-related applications and services for end users. e continuous rise in user applications has increased the number of threat vectors seeking to compromise the security and privacy of users [1, 2]. Internet of ings (IoT), data science, machine learning, and Internet services has resulted in a significant increase in network-related applications and services for end users. Applications are, increasingly relying on encryption schemes to provide adequate level of privacy and user confidence in Internet-based services. A consequence of encrypted traffic is the limitation of existing intrusion detection and prevention systems to analyze network traffic at the edge by Internet service providers (ISPs) and mitigate network-related attacks. Machine learning (ML) techniques have, seen increasing applicability in understanding (encrypted) network traffic patterns and providing anomaly inference capabilities. E simultaneous advancement in hardware and reduction in costs have furthered the analytical capability and scope of ML applications in several fields including network traffic analysis. Deep learning primitives are being used to dynamically extract experience models from datasets generated under different environments and infer the underlying logic
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
