Abstract
Encrypted malicious traffic detection, which aims to identify encrypted malicious traffic from vast amounts of network traffic, is critical to network security. Existing detection techniques are difficult to improve detection speed to meet the needs of practical applications while ensuring high detection rates. This paper proposes a fast detection approach - FastDet, to detect encrypted malicious traffic. Based on the observation that the most of the network traffic is benign, FastDet designs an early exit mechanism in the detection, resulting in a significant increase in average detection time. The experimental results on four datasets show that FastDet achieves significant efficiency while maintaining comparable detection accuracy. The paper further illustrates the effectiveness of FastDet by discussing the characteristics of encrypted benign and malicious traffic samples.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Torroledo, I., Camacho, L.D., Bahnsen, A.C.: Hunting malicious tls certificates with deep neural networks. In: Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security, pp. 64–73 (2018)
Anderson, B., McGrew, D., Acm: Machine learning for encrypted malware traffic classification: Accounting for noisy labels and non-stationarity. In: Kdd’17: Proceedings of the 23rd Acm Sigkdd International Conference on Knowledge Discovery and Data Mining, pp. 1723–1732 (2017)
Tong, X., Tan, X., Chen, L., Yang, J., Zheng, Q.: Bfsn: a novel method of encrypted traffic classification based on bidirectional flow sequence network. In: 2020 3rd International Conference on Hot Information-Centric Networking (HotICN), pp. 160–165. IEEE (2020)
Prasse, P., Knaebel, R., Machlica, L., Pevny, T., Scheffer, T.: Joint detection of malicious domains and infected clients. Mach. Learn. 108(8–9), 1353–1368 (2019)
Zeng, Y., Gu, H., Wei, W., Guo, Y.: \( deep-full-range \): a deep learning based network encrypted traffic classification and intrusion detection framework. IEEE Access 7, 45182–45190 (2019)
Korczynski, M., Duda, A., Ieee: Markov chain fingerprinting to classify encrypted traffic. In: 2014 Proceedings IEEE Infocom, pp. 781–789 (2014)
Shen, M., Wei, M., Zhu, L., Wang, M., Li, F.: IEEE: Certificate-aware encrypted traffic classification using second-order markov chain. 2016 IEEE/ACM 24th International Symposium on Quality of Service (Iwqos) (2016)
Lotfollahi, M., Siavoshani, M.J., Zade, R.S.H., Saberian, M.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft. Comput. 24(3), 1999–2012 (2020)
Dong, C., Zhang, C., Lu, Z., Liu, B., Jiang, B.: Cetanalytics: comprehensive effective traffic information analytics for encrypted traffic classification. Comput. Netw. 176, 107258 (2020)
Park, E., et al.: Big/little deep neural network for ultra low power inference. In: 2015 International Conference on Hardware/software Codesign and System Synthesis (codes+ isss), pp. 124–132. IEEE (2015)
Bolukbasi, T., Wang, J., Dekel, O., Saligrama, V.: Adaptive neural networks for efficient inference. In: International Conference on Machine Learning, pp. 527–536. PMLR (2017)
Teerapittayanon, S., McDanel, B., Kung, H.T.: Branchynet: Fast inference via early exiting from deep neural networks. In: 2016 23rd International Conference on Pattern Recognition (ICPR), pp. 2464–2469. IEEE (2016)
Leroux, S., et al.: The cascading neural network: building the internet of smart things. Knowl. Inf. Syst. 52(3), 791–814 (2017)
Wang, X., Luo, Y., Crankshaw, D., Tumanov, A., Yu, F., Gonzalez, J.E.: Idk cascades: Fast deep learning by learning not to overthink. arXiv preprint arXiv:1706.00885 (2017)
Huang, G., Chen, D., Li, T., Wu, F., Van Der Maaten, L., Weinberger, K.Q.: Multi-scale dense networks for resource efficient image classification. arXiv preprint arXiv:1703.09844 (2017)
Liu, X., et al.: Attention-based bidirectional gru networks for efficient https traffic classification. Inf. Sci. 541, 297–315 (2020)
Wu, C., Wu, F., Qi, T., Huang, Y., Xie, X.: Fastformer: additive attention can be all you need. arXiv preprint arXiv:2108.09084 (2021)
Panigrahi, R., Borah, S.: A detailed analysis of cicids2017 dataset for designing intrusion detection systems. Int. J. Eng. Technol. 7(3.24), 479–482 (2018)
Wang, W., Zhu, M., Zeng, X., Ye, X., Sheng, Y.: Malware traffic classification using convolutional neural network for representation learning. In: 2017 International Conference on Information Networking, ICOIN 2017, Da Nang, Vietnam, January 11–13, 2017, pp. 712–717. IEEE (2017)
Wazen, S., Thibault, C., Jerome, F., Isabelle, C.: Https websites dataset. 4 http://betternet.lhs.loria.fr/datasets/https/ (2016)
Lin, X., Xiong, G., Gou, G., Li, Z., Shi, J., Yu, J.: Et-bert: A contextualized datagram representation with pre-training transformers for encrypted traffic classification. In: Proceedings of the ACM Web Conference 2022, pp. 633–642 (2022)
2022 Bad Bot Report \(|\) Evasive Bots Drive Online Fraud \(|\) Imperva
Acknowlegements
This paper is supported by GuangDong Basic and Applied Basic Research Foundation 2022B1515120072.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sun, J., Lu, J., Wang, Y., Jin, S. (2024). FastDet: Detecting Encrypted Malicious Traffic Faster via Early Exit. In: Tari, Z., Li, K., Wu, H. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2023. Lecture Notes in Computer Science, vol 14487. Springer, Singapore. https://doi.org/10.1007/978-981-97-0834-5_18
Download citation
DOI: https://doi.org/10.1007/978-981-97-0834-5_18
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-0833-8
Online ISBN: 978-981-97-0834-5
eBook Packages: Computer ScienceComputer Science (R0)