A Few-Shot Malicious Encrypted Traffic Detection Approach Based on Model-Agnostic Meta-Learning

Wang, Zhiqiang; Li, Man; Ou, Haiwen; Pang, Shufang; Yue, Ziyan

doi:10.1155/2023/3629831

Cited by 2 publications

(4 citation statements)

References 29 publications

(30 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, CICFlowMeter considers the distribution of packet lengths and produces features such as average packet length, change in packet length, and entropy. Various research has proposed anomaly detection models over encrypted traffic using statistical features extracted by CICFlowMeter [20,[27][28][29][30][31][32]57].…”

Section: Statistics-based Feature Extractionmentioning

confidence: 99%

“…[43] removed network packets that were not relevant to the detection of encrypted malicious traffic, such as Address Resolution Protocol and Internet Control Message Protocol packets, as well as redundant, corrupt, unnecessary, or incompletely captured information. In [24,30,39], the authors excluded special information, such as SNI and some header information, which they believed interfered with the classification of normal and abnormal data.…”

Section: Preprocessingmentioning

confidence: 99%

“…In particular, network traffic is typical time series data, so preprocessing is essential. Length normalization is generally essential in machine learning and deep learning, where models require input of the same length in [12,21,24,30,54] the data length was normalized to 784 bytes for the purpose of transforming one-dimensional data into two-dimensional data, and [26,34,50] generated the same length of input data for network traffic data through normalization to a user-specified length and used it for anomaly detection experiments.…”

Section: Preprocessingmentioning

confidence: 99%

“…Bakhshi et al [6] used one-hot encoding to convert categorical data to numeric data and then performed anomaly detection. Additionally, a method of converting network packets into two-dimensional tensors is used for models that require two-dimensional data as input, such as a 2D convolutional neural network (CNN) [24,30,45,54]. In addition, a method of converting two-dimensional array data into images can be used to utilize AI models specialized for images for network traffic-based anomaly detection [24,26,30,36,39,54].…”

Section: Preprocessingmentioning

confidence: 99%

See 3 more Smart Citations

Artificial Intelligence-Based Anomaly Detection Technology over Encrypted Traffic: A Systematic Literature Review

Ji,

Lee,

Kang

et al. 2024

Sensors

View full text Add to dashboard Cite

As cyber-attacks increase in unencrypted communication environments such as the traditional Internet, protected communication channels based on cryptographic protocols, such as transport layer security (TLS), have been introduced to the Internet. Accordingly, attackers have been carrying out cyber-attacks by hiding themselves in protected communication channels. However, the nature of channels protected by cryptographic protocols makes it difficult to distinguish between normal and malicious network traffic behaviors. This means that traditional anomaly detection models with features from packets extracted a deep packet inspection (DPI) have been neutralized. Recently, studies on anomaly detection using artificial intelligence (AI) and statistical characteristics of traffic have been proposed as an alternative. In this review, we provide a systematic review for AI-based anomaly detection techniques over encrypted traffic. We set several research questions on the review topic and collected research according to eligibility criteria. Through the screening process and quality assessment, 30 research articles were selected with high suitability to be included in the review from the collected literature. We reviewed the selected research in terms of dataset, feature extraction, feature selection, preprocessing, anomaly detection algorithm, and performance indicators. As a result of the literature review, it was confirmed that various techniques used for AI-based anomaly detection over encrypted traffic were used. Some techniques are similar to those used for AI-based anomaly detection over unencrypted traffic, but some technologies are different from those used for unencrypted traffic.

show abstract

Section: Statistics-based Feature Extractionmentioning

confidence: 99%

Section: Preprocessingmentioning

confidence: 99%

Section: Preprocessingmentioning

confidence: 99%

Section: Preprocessingmentioning

confidence: 99%

See 2 more Smart Citations

Artificial Intelligence-Based Anomaly Detection Technology over Encrypted Traffic: A Systematic Literature Review

Ji,

Lee,

Kang

et al. 2024

Sensors

View full text Add to dashboard Cite

show abstract

Network traffic classification based‐ masked language regression model using CNN

P. L.,

Emmanuel,

Rani

2024

Concurrency and Computation

View full text Add to dashboard Cite

SummaryNetwork traffic classification task has become increasingly challenging. The objective behind this classification is to effectively handle bandwidth, prioritize certain types of traffic, enhance application performance, and more. In recent times, there has been a surge in exploring deep learning approaches for network traffic categorization. However, these models demand substantial volumes of training data. Additionally, many classification methods necessitate manual feature extraction, a process that is not only time‐consuming but also laborious. Addressing the challenge of identifying optimal features to enhance classification accuracy, this work introduces a deep learning model designed for effective classification of network traffic. The model comprises the following key stages: (a) The dataset involves TCP flows captured from running different network stress and web crawling tools, (b) Pre‐processing for removal of anomalies and noises using Label Encoder and OneHotEncoder, (c) The utilization of K‐BERT for feature extraction aims to retrieve local spatial–temporal features, (d) feature selection using linear regression model (LASSO) and finally, and (e) The classification of network traffic involves neural network. The model serves to enhance the precision and efficiency of the classification mission. Through comprehensive experimental analysis, it was observed that the Masked Language‐based Regression model surpassed other referenced models, achieving an exceptional accuracy of 0.97.

show abstract

A Few-Shot Malicious Encrypted Traffic Detection Approach Based on Model-Agnostic Meta-Learning

Cited by 2 publications

References 29 publications

Artificial Intelligence-Based Anomaly Detection Technology over Encrypted Traffic: A Systematic Literature Review

Artificial Intelligence-Based Anomaly Detection Technology over Encrypted Traffic: A Systematic Literature Review

Network traffic classification based‐ masked language regression model using CNN

Contact Info

Product

Resources

About