Anomaly Detection in Encrypted Internet Traffic Using Hybrid Deep Learning

Taimur Bakhshi, Bogdan Ghita

Research output: Contribution to journalArticlepeer-review

Abstract

An increasing number of Internet application services are relying on encrypted traffic to offer adequate consumer privacy.
Anomaly detection in encrypted traffic to circumvent and mitigate cyber security threats is, however, an open and ongoing
research challenge due to the limitation of existing traffic classification techniques. Deep learning is emerging as a promising
paradigm, allowing reduction in manual determination of feature set to increase classification accuracy. *e present work
develops a deep learning-based model for detection of anomalies in encrypted network traffic. *ree different publicly available
datasets including the NSL-KDD, UNSW-NB15, and CIC-IDS-2017 are used to comprehensively analyze encrypted attacks
targeting popular protocols. Instead of relying on a single deep learning model, multiple schemes using convolutional (CNN), long
short-term memory (LSTM), and recurrent neural networks (RNNs) are investigated. Our results report a hybrid combination of
convolutional (CNN) and gated recurrent unit (GRU) models as outperforming others. *e hybrid approach benefits from the
low-latency feature derivation of the CNN, and an overall improved training dataset fitting. Additionally, the highly effective
generalization offered by GRU results in optimal time-domain-related feature extraction, resulting in the CNN and GRU hybrid
scheme presenting the best model.
Original languageEnglish
Article number5363750
Number of pages16
JournalSecurity and Communication Networks
Volume2021
DOIs
Publication statusPublished - 21 Sep 2021
Externally publishedYes

Fingerprint

Dive into the research topics of 'Anomaly Detection in Encrypted Internet Traffic Using Hybrid Deep Learning'. Together they form a unique fingerprint.

Cite this