Litcius/Paper detail

Encrypted Malicious Traffic Detection Based on Word2Vec

Andrey Ferriyan, Achmad Husni Thamrin, Keiji Takeda, Jun Murai

2022Electronics26 citationsDOIOpen Access PDF

Abstract

Network-based intrusion detections become more difficult as Internet traffic is mostly encrypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.

Topics & Concepts

EncryptionComputer scienceTransport Layer SecurityPayload (computing)HandshakeWord2vecIntrusion detection systemComputer networkThe InternetSession (web analytics)Computer securityInternet trafficTraffic classificationBotnetTraffic analysisData miningArtificial intelligenceWorld Wide WebEmbeddingAsynchronous communicationNetwork packetInternet Traffic Analysis and Secure E-votingNetwork Security and Intrusion DetectionSpam and Phishing Detection