Abstract
Nowadays, network traffic detection plays a very important role in protecting cyberspace security, and more and more applications realize data privacy protection through encryption technology. Regular expression matching based methods, such as deep packet inspection that relies on plaintext traffic cannot be applied to detecting encrypted random communication content, and the existing detecting methods based on time-series features often ignore the encryption protocol features. In this work, we design an ensemble learning system based on stack algorithms to identify encrypted malicious traffic, which can detect the interactive behavior and the encryption protocols simultaneously. In detail, we construct a deep learning classifier based on Long Short-Term Memory (LSTM) for time-series features, and a machine learning classifier based on random forests for encryption protocol features. Then, we use the stacking algorithm in ensemble learning to combine them to form a new classifier. Finally, relying on the Datacon2020 dataset, extensive experiments are conducted. The experimental results indicate that the proposed method improves the detection rate of encrypted malicious traffic while keeping a low false positive rate.
This work was supported by the National Key R&D Program of China (No. 2018YFF01012200), and the Key Science and Technology Project of Anhui (No. 202103a05020006), and the Anhui Provincial Natural Science Foundation (No. 1908085QF266).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alshammari, R., Zincir-Heywood, A.N.: Investigating two different approaches for encrypted traffic classification. In: 2008 Sixth Annual Conference on Privacy, Security and Trust, pp. 156–166 (2008)
Anderson, B., McGrew, D.: Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2017)
Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate. CoRR abs/1409.0473 (2015)
Breiman, L.: Stacked regressions. Mach. Learn. 24, 49–64 (1996)
Breiman, L.: Random forests. Mach. Learn. 45, 5–32 (2004)
Cao, Z., Xiong, G., Zhao, Y., Li, Z., Guo, L.: A survey on encrypted traffic classification (2014)
Chen, Y., Zang, T., Zhang, Y., Zhou, Y., Wang, Y.: Rethinking encrypted traffic classification: a multi-attribute associated fingerprint approach. In: 2019 IEEE 27th International Conference on Network Protocols (ICNP), pp. 1–11 (2019)
Qianxin Group and Tsinghua University: DataCon 2020. https://datacon.qianxin.com/opendata/maliciousstream. Accessed Aug 2020
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9, 1735–1780 (1997)
Li, R., Xiao, X., Ni, S., Zheng, H., Xia, S.: Byte segment neural network for network traffic classification. In: 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS), pp. 1–10 (2018)
Liu, C., He, L., Xiong, G., Cao, Z., Li, Z.: FS-Net: a flow sequence network for encrypted traffic classification. In: IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, pp. 1171–1179 (2019)
Liu, C., Cao, Z., Xiong, G., Gou, G., Yiu, S., He, L.: MaMPF: encrypted traffic classification based on multi-attribute Markov probability fingerprints. In: 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS), pp. 1–10 (2018)
Lotfollahi, M., Jafari Siavoshani, M., Shirali Hossein Zade, R., Saberian, M.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft. Comput. 24(3), 1999–2012 (2019). https://doi.org/10.1007/s00500-019-04030-2
Melo, W., Lopes, P., Antonello, R., Fernandes, S., Sadok, D.: On the performance of DPI signature matching with dynamic priority. In: 2014 IEEE Symposium on Computers and Communications (ISCC), pp. 1–6 (2014)
MontazeriShatoori, M., Davidson, L., Kaur, G., Lashkari, A.H.: Detection of DoH tunnels using time-series classification of encrypted traffic. In: 2020 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), pp. 63–70 (2020)
Pan, W., Cheng, G., Tang, Y.: WENC: HTTPS encrypted traffic classification using weighted ensemble learning and Markov chain. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 50–57 (2017)
Paszke, A., et al.: PyTorch: an imperative style, high-performance deep learning library. In: NeurIPS (2019)
Google Transparency Report: HTTPS encryption on the web. https://transparencyreport.google.com/https/overview?hl=en/
Shen, M., Zhang, J., Zhu, L., Xu, K., Du, X.: Accurate decentralized application identification via encrypted traffic analysis using graph neural networks. IEEE Trans. Inf. Forensics Secur. 16, 2367–2380 (2021)
Shi, H., Li, H., Zhang, D., Cheng, C., Cao, X.: An efficient feature generation approach based on deep learning and feature selection techniques for traffic classification. Comput. Networks 132, 81–98 (2018)
Su, J., Chen, S., Han, B., Xu, C., Wang, X.: A 60Gbps DPI prototype based on memory-centric FPGA. In: Proceedings of the 2016 ACM SIGCOMM Conference (2016)
Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: AppScanner: automatic fingerprinting of smartphone apps from encrypted network traffic. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 439–454 (2016)
Ting, K., Witten, I.: Issues in stacked generalization. J. Artif. Intell. Res. 10, 271–289 (1999)
Velan, P., Cermk, M., Celeda, P., Drasar, M.: A survey of methods for encrypted traffic classification and analysis. Int. J. Netw. Manag. 25, 355–374 (2015)
Xing, J., Wu, C.: Detecting anomalies in encrypted traffic via deep dictionary learning. In: IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 734–739 (2020)
Yao, H., Liu, C., Zhang, P., Wu, S., Jiang, C., Yu, S.: Identification of encrypted traffic through attention mechanism based long short term memory. IEEE Trans. Big Data, 1 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Xiao, F., Yang, F., Chen, S., Yang, J. (2022). Encrypted Malicious Traffic Detection Based on Ensemble Learning. In: Meng, W., Conti, M. (eds) Cyberspace Safety and Security. CSS 2021. Lecture Notes in Computer Science(), vol 13172. Springer, Cham. https://doi.org/10.1007/978-3-030-94029-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-94029-4_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-94028-7
Online ISBN: 978-3-030-94029-4
eBook Packages: Computer ScienceComputer Science (R0)