Encrypted Malicious Traffic Detection Based on Word2Vec

Encrypted Malicious Traffic Detection Based on Word2Vec

Network-based intrusion detections become more difficult as Internet traffic is mostly encrypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preservi...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Electronics (Basel) 2022-03, Vol.11 (5), p.679
Hauptverfasser: Ferriyan, Andrey, Thamrin, Achmad Husni, Takeda, Keiji, Murai, Jun
Format: Artikel
Sprache:eng
Schlagworte:
Algorithms
Cobalt
Datasets
Encryption
Feature extraction
Intrusion detection systems
Malware
Privacy
Security management
Verbal communication
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Network-based intrusion detections become more difficult as Internet traffic is mostly encrypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.
ISSN:2079-9292
2079-9292
DOI:10.3390/electronics11050679