Abstract
An increasing number of Internet application services are relying on encrypted traffic to offer adequate consumer privacy.
Anomaly detection in encrypted traffic to circumvent and mitigate cyber security threats is, however, an open and ongoing
research challenge due to the limitation of existing traffic classification techniques. Deep learning is emerging as a promising
paradigm, allowing reduction in manual determination of feature set to increase classification accuracy. *e present work
develops a deep learning-based model for detection of anomalies in encrypted network traffic. *ree different publicly available
datasets including the NSL-KDD, UNSW-NB15, and CIC-IDS-2017 are used to comprehensively analyze encrypted attacks
targeting popular protocols. Instead of relying on a single deep learning model, multiple schemes using convolutional (CNN), long
short-term memory (LSTM), and recurrent neural networks (RNNs) are investigated. Our results report a hybrid combination of
convolutional (CNN) and gated recurrent unit (GRU) models as outperforming others. *e hybrid approach benefits from the
low-latency feature derivation of the CNN, and an overall improved training dataset fitting. Additionally, the highly effective
generalization offered by GRU results in optimal time-domain-related feature extraction, resulting in the CNN and GRU hybrid
scheme presenting the best model.
Anomaly detection in encrypted traffic to circumvent and mitigate cyber security threats is, however, an open and ongoing
research challenge due to the limitation of existing traffic classification techniques. Deep learning is emerging as a promising
paradigm, allowing reduction in manual determination of feature set to increase classification accuracy. *e present work
develops a deep learning-based model for detection of anomalies in encrypted network traffic. *ree different publicly available
datasets including the NSL-KDD, UNSW-NB15, and CIC-IDS-2017 are used to comprehensively analyze encrypted attacks
targeting popular protocols. Instead of relying on a single deep learning model, multiple schemes using convolutional (CNN), long
short-term memory (LSTM), and recurrent neural networks (RNNs) are investigated. Our results report a hybrid combination of
convolutional (CNN) and gated recurrent unit (GRU) models as outperforming others. *e hybrid approach benefits from the
low-latency feature derivation of the CNN, and an overall improved training dataset fitting. Additionally, the highly effective
generalization offered by GRU results in optimal time-domain-related feature extraction, resulting in the CNN and GRU hybrid
scheme presenting the best model.
Original language | English |
---|---|
Article number | 5363750 |
Number of pages | 16 |
Journal | Security and Communication Networks |
Volume | 2021 |
DOIs | |
Publication status | Published - 21 Sept 2021 |
Externally published | Yes |