Abstract
Encrypted network traffic is the principal foundation of secure network communication, and it can help ensure the privacy and integrity of confidential information. However, it hides the characteristics of the data, increases the difficulty of detecting malicious traffic, and protects such malicious behavior. Therefore, encryption alone cannot fundamentally guarantee information security. It is also necessary to monitor traffic to detect malicious actions. At present, the more commonly used traffic classification methods are the method based on statistical features and the method based on graphs. However, these two methods are not always reliable when they are applied to the problem of encrypted malicious traffic detection due to their limitations. The former only focuses on the internal information of the network flow itself and ignores the external connections between the network flows. The latter is just the opposite. This paper proposes an encrypted malicious traffic detection method based on a graph convolutional network (GCN) called GCN-ETA, which considers the statistical features (internal information) of network flows and the structural information (external connections) between them. GCN-ETA consists of two parts: a feature extractor that uses an improved GCN and a classifier that uses a decision tree. Improving on the traditional GCN, the effect and speed of encrypted malicious traffic detection can be effectively improved and the deployment of the detection model in the real environment is increased, which provides a reference for the application of GCN in similar scenarios. This method has achieved excellent performance in experiments using real-world encrypted network traffic data for malicious traffic detection, with the accuracy, AUC, and F1-score exceeding 98% and more than 1,300 flows detected per second.
Highlights
Network traffic classification technology is receiving increasing attention because of the quality of service (QoS) and network security issues
We propose a high-efficiency encryption malicious traffic detection method based on a graph convolutional network (GCN). e powerful performance of GCN is that it can train node information and structural features between nodes at the same time
We evaluate GCN-ETA (K 2) through experiments
Summary
Network traffic classification technology is receiving increasing attention because of the quality of service (QoS) and network security issues. Network traffic classification is the basic role of network management. It can identify distinct protocols and applications in a network and is widely used such as for QoS and anomaly detection. Because of continuous network expansion and innovation in communication technology, network traffic presents the characteristics of complexity and diversification. Information security is ensured through the encryption of data packets in network traffic, and over 90% of network traffic is encrypted [1]. While encryption can ensure the confidentiality and integrity of information, it can hide the characteristics of data, increase the difficulty of detecting malicious traffic, and protect such behavior. It is necessary to monitor traffic to detect malicious actions
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
