Deep-Forest-Based Encrypted Malicious Traffic Detection
نویسندگان
چکیده
The SSL/TLS protocol is widely used in data encryption transmission. Aiming at the problem of detecting SSL/TLS-encrypted malicious traffic with small-scale and unbalanced training data, a deep-forest-based detection method called DF-IDS proposed this paper. According to characteristics SSL/TSL protocol, network was split into sessions according 5-tuple information. Each session then transformed two-dimensional image as input deep-learning classifier. In order avoid information loss improve efficiency, multi-grained cascade forest (gcForest) framework simplified only structure, which named (CaForest). By integrating random extra trees CaForest framework, an end-to-end high-precision detector for encrypted realized. Compared other deep-learning-based methods, experimental results showed that rate 6.87% 29.5% higher than methods on dataset. advantage more obvious multi-classification case.
منابع مشابه
Classification of encrypted traffic for applications based on statistical features
Traffic classification plays an important role in many aspects of network management such as identifying type of the transferred data, detection of malware applications, applying policies to restrict network accesses and so on. Basic methods in this field were using some obvious traffic features like port number and protocol type to classify the traffic type. However, recent changes in applicat...
متن کاملReal-Time Detection of Encrypted Traffic based on Entropy Estimation
This thesis investigates the topic of using entropy estimation for traffic classification. A real-time encrypted traffic detector (RT-ETD) which is able to classify traffic in encrypted and unencrypted traffic is proposed. The performance of the RT-ETD is evaluated on ground truth and real network traces. This thesis is opened by some introductory chapters on entropy, pattern recognition, user ...
متن کاملBotnet Malicious Activity Detection Based on DNS Traffic Analysis
In the field of internet security botnet is becoming the significant threat as more number of users are connected to internet. Botnet which is a collection of infected computers so called (bots) are becoming the major threat to internet community. The difference between a malware and botnet is that bot is remotely controlled by a C&C server which are under the control of a botmaster. Here in th...
متن کاملA Hybrid Malicious Code Detection Method based on Deep Learning
In this paper, we propose a hybrid malicious code detection scheme based on AutoEncoder and DBN (Deep Belief Networks). Firstly, we use the AutoEncoder deep learning method to reduce the dimensionality of data. This could convert complicated high-dimensional data into low dimensional codes with the nonlinear mapping, thereby reducing the dimensionality of data, extracting the main features of t...
متن کاملDetection of Encrypted Traffic Generated by Peer-to-Peer Live Streaming Applications Using Deep Packet Inspection
The number of applications using the peer-to-peer (P2P) networking paradigm and their popularity has substantially grown over the last decade. They evolved from the file-sharing applications to media streaming ones. Nowadays these applications commonly encrypt the communication contents or employ protocol obfuscation techniques. In this dissertation, it was conducted an investigation to identif...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Electronics
سال: 2022
ISSN: ['2079-9292']
DOI: https://doi.org/10.3390/electronics11070977