Encrypted Malicious Traffic Detection Based on Word2Vec

Andrey Ferriyan; Achmad Husni Thamrin; Keiji Takeda; Jun Murai

doi:10.3390/electronics11050679

Encrypted Malicious Traffic Detection Based on Word2Vec

Andrey Ferriyan, Achmad Husni Thamrin, Keiji Takeda, Jun Murai

Research output: Contribution to journal › Article › peer-review

4 Citations (Scopus)

Abstract

Network-based intrusion detections become more difficult as Internet traffic is mostly en-crypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.

Original language	English
Article number	679
Journal	Electronics (Switzerland)
Volume	11
Issue number	5
DOIs	https://doi.org/10.3390/electronics11050679
Publication status	Published - 2022 Mar 1

Keywords

Encrypted malicious traffic
Network intrusion detection system
Privacy preserving IDS
TLS

ASJC Scopus subject areas

Control and Systems Engineering
Signal Processing
Hardware and Architecture
Computer Networks and Communications
Electrical and Electronic Engineering

Access to Document

10.3390/electronics11050679

Cite this

@article{f8e214af22de4c1fa0ee9098706b1d95,

title = "Encrypted Malicious Traffic Detection Based on Word2Vec",

abstract = "Network-based intrusion detections become more difficult as Internet traffic is mostly en-crypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.",

keywords = "Encrypted malicious traffic, Network intrusion detection system, Privacy preserving IDS, TLS",

author = "Andrey Ferriyan and Thamrin, {Achmad Husni} and Keiji Takeda and Jun Murai",

note = "Funding Information: Our sincere appreciation for the Indonesia government, particularly LPDP (Lembaga Pengelola Dana Pendidikan Indonesia = Indonesia Endowment Fund for Education) that provides the scholarship to study at Keio University. Publisher Copyright: {\textcopyright} 2022 by the authors. Licensee MDPI, Basel, Switzerland.",

year = "2022",

month = mar,

day = "1",

doi = "10.3390/electronics11050679",

language = "English",

volume = "11",

journal = "Electronics (Switzerland)",

issn = "2079-9292",

publisher = "Multidisciplinary Digital Publishing Institute (MDPI)",

number = "5",

}

TY - JOUR

T1 - Encrypted Malicious Traffic Detection Based on Word2Vec

AU - Ferriyan, Andrey

AU - Thamrin, Achmad Husni

AU - Takeda, Keiji

AU - Murai, Jun

N1 - Funding Information: Our sincere appreciation for the Indonesia government, particularly LPDP (Lembaga Pengelola Dana Pendidikan Indonesia = Indonesia Endowment Fund for Education) that provides the scholarship to study at Keio University. Publisher Copyright: © 2022 by the authors. Licensee MDPI, Basel, Switzerland.

PY - 2022/3/1

Y1 - 2022/3/1

N2 - Network-based intrusion detections become more difficult as Internet traffic is mostly en-crypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.

AB - Network-based intrusion detections become more difficult as Internet traffic is mostly en-crypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.

KW - Encrypted malicious traffic

KW - Network intrusion detection system

KW - Privacy preserving IDS

KW - TLS

UR - http://www.scopus.com/inward/record.url?scp=85125371602&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85125371602&partnerID=8YFLogxK

U2 - 10.3390/electronics11050679

DO - 10.3390/electronics11050679

M3 - Article

AN - SCOPUS:85125371602

SN - 2079-9292

VL - 11

JO - Electronics (Switzerland)

JF - Electronics (Switzerland)

IS - 5

M1 - 679

ER -

Encrypted Malicious Traffic Detection Based on Word2Vec

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this