Encrypted Malicious Traffic Detection Based on Word2Vec

Andrey Ferriyan; Achmad Husni Thamrin; Keiji Takeda; Jun Murai

doi:10.3390/electronics11050679

Encrypted Malicious Traffic Detection Based on Word2Vec

Andrey Ferriyan, Achmad Husni Thamrin, Keiji Takeda, Jun Murai

研究成果: Article › 査読

4 被引用数 (Scopus)

抄録

Network-based intrusion detections become more difficult as Internet traffic is mostly en-crypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.

本文言語	English
論文番号	679
ジャーナル	Electronics (Switzerland)
巻	11
号	5
DOI	https://doi.org/10.3390/electronics11050679
出版ステータス	Published - 2022 3月 1

ASJC Scopus subject areas

制御およびシステム工学
信号処理
ハードウェアとアーキテクチャ
コンピュータネットワークおよび通信
電子工学および電気工学

文献へのアクセス

10.3390/electronics11050679

他のファイルとリンク

引用スタイル

@article{f8e214af22de4c1fa0ee9098706b1d95,

title = "Encrypted Malicious Traffic Detection Based on Word2Vec",

abstract = "Network-based intrusion detections become more difficult as Internet traffic is mostly en-crypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.",

keywords = "Encrypted malicious traffic, Network intrusion detection system, Privacy preserving IDS, TLS",

author = "Andrey Ferriyan and Thamrin, {Achmad Husni} and Keiji Takeda and Jun Murai",

note = "Funding Information: Our sincere appreciation for the Indonesia government, particularly LPDP (Lembaga Pengelola Dana Pendidikan Indonesia = Indonesia Endowment Fund for Education) that provides the scholarship to study at Keio University. Publisher Copyright: {\textcopyright} 2022 by the authors. Licensee MDPI, Basel, Switzerland.",

year = "2022",

month = mar,

day = "1",

doi = "10.3390/electronics11050679",

language = "English",

volume = "11",

journal = "Electronics (Switzerland)",

issn = "2079-9292",

publisher = "Multidisciplinary Digital Publishing Institute (MDPI)",

number = "5",

}

TY - JOUR

T1 - Encrypted Malicious Traffic Detection Based on Word2Vec

AU - Ferriyan, Andrey

AU - Thamrin, Achmad Husni

AU - Takeda, Keiji

AU - Murai, Jun

N1 - Funding Information: Our sincere appreciation for the Indonesia government, particularly LPDP (Lembaga Pengelola Dana Pendidikan Indonesia = Indonesia Endowment Fund for Education) that provides the scholarship to study at Keio University. Publisher Copyright: © 2022 by the authors. Licensee MDPI, Basel, Switzerland.

PY - 2022/3/1

Y1 - 2022/3/1

N2 - Network-based intrusion detections become more difficult as Internet traffic is mostly en-crypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.

AB - Network-based intrusion detections become more difficult as Internet traffic is mostly en-crypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.

KW - Encrypted malicious traffic

KW - Network intrusion detection system

KW - Privacy preserving IDS

KW - TLS

UR - http://www.scopus.com/inward/record.url?scp=85125371602&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85125371602&partnerID=8YFLogxK

U2 - 10.3390/electronics11050679

DO - 10.3390/electronics11050679

M3 - Article

AN - SCOPUS:85125371602

SN - 2079-9292

VL - 11

JO - Electronics (Switzerland)

JF - Electronics (Switzerland)

IS - 5

M1 - 679

ER -

Encrypted Malicious Traffic Detection Based on Word2Vec

抄録

ASJC Scopus subject areas

文献へのアクセス

他のファイルとリンク

フィンガープリント

引用スタイル