Encrypted Malicious Traffic Detection Based on Word2Vec

Andrey Ferriyan, Achmad Husni Thamrin, Keiji Takeda, Jun Murai

Research output: Contribution to journalArticlepeer-review

Abstract

Network-based intrusion detections become more difficult as Internet traffic is mostly en-crypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.

Original languageEnglish
Article number679
JournalElectronics (Switzerland)
Volume11
Issue number5
DOIs
Publication statusPublished - 2022 Mar 1

Keywords

  • Encrypted malicious traffic
  • Network intrusion detection system
  • Privacy preserving IDS
  • TLS

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Signal Processing
  • Hardware and Architecture
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Encrypted Malicious Traffic Detection Based on Word2Vec'. Together they form a unique fingerprint.

Cite this