Deep-Forest-Based Encrypted Malicious Traffic Detection

نویسندگان

چکیده

The SSL/TLS protocol is widely used in data encryption transmission. Aiming at the problem of detecting SSL/TLS-encrypted malicious traffic with small-scale and unbalanced training data, a deep-forest-based detection method called DF-IDS proposed this paper. According to characteristics SSL/TSL protocol, network was split into sessions according 5-tuple information. Each session then transformed two-dimensional image as input deep-learning classifier. In order avoid information loss improve efficiency, multi-grained cascade forest (gcForest) framework simplified only structure, which named (CaForest). By integrating random extra trees CaForest framework, an end-to-end high-precision detector for encrypted realized. Compared other deep-learning-based methods, experimental results showed that rate 6.87% 29.5% higher than methods on dataset. advantage more obvious multi-classification case.

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Classification of encrypted traffic for applications based on statistical features

Traffic classification plays an important role in many aspects of network management such as identifying type of the transferred data, detection of malware applications, applying policies to restrict network accesses and so on. Basic methods in this field were using some obvious traffic features like port number and protocol type to classify the traffic type. However, recent changes in applicat...

متن کامل

Real-Time Detection of Encrypted Traffic based on Entropy Estimation

This thesis investigates the topic of using entropy estimation for traffic classification. A real-time encrypted traffic detector (RT-ETD) which is able to classify traffic in encrypted and unencrypted traffic is proposed. The performance of the RT-ETD is evaluated on ground truth and real network traces. This thesis is opened by some introductory chapters on entropy, pattern recognition, user ...

متن کامل

Botnet Malicious Activity Detection Based on DNS Traffic Analysis

In the field of internet security botnet is becoming the significant threat as more number of users are connected to internet. Botnet which is a collection of infected computers so called (bots) are becoming the major threat to internet community. The difference between a malware and botnet is that bot is remotely controlled by a C&C server which are under the control of a botmaster. Here in th...

متن کامل

A Hybrid Malicious Code Detection Method based on Deep Learning

In this paper, we propose a hybrid malicious code detection scheme based on AutoEncoder and DBN (Deep Belief Networks). Firstly, we use the AutoEncoder deep learning method to reduce the dimensionality of data. This could convert complicated high-dimensional data into low dimensional codes with the nonlinear mapping, thereby reducing the dimensionality of data, extracting the main features of t...

متن کامل

Detection of Encrypted Traffic Generated by Peer-to-Peer Live Streaming Applications Using Deep Packet Inspection

The number of applications using the peer-to-peer (P2P) networking paradigm and their popularity has substantially grown over the last decade. They evolved from the file-sharing applications to media streaming ones. Nowadays these applications commonly encrypt the communication contents or employ protocol obfuscation techniques. In this dissertation, it was conducted an investigation to identif...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ژورنال

عنوان ژورنال: Electronics

سال: 2022

ISSN: ['2079-9292']

DOI: https://doi.org/10.3390/electronics11070977