Adversarial Malicious Encrypted Traffic Detection Based on Refined Session Analysis

Li, Minghui; Wu, Zhengdong; Chen, Keming; Wang, Wenhai

doi:10.3390/sym14112329

Cited by 1 publication

(2 citation statements)

References 33 publications

(44 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Manual selection is a simple approach to selecting features based on expert intuition, domain knowledge, and requirements of a given problem. Many studies have removed features from encryption traffic that are not helpful for anomaly detection [39,42,48,50], at the authors' judgment, and this feature selection method has also been employed in the process of standardizing data for use as an input for detection models or algorithms [12,39]. Wang et al [43] experimented by dividing the features of one dataset into further optimized statistical (FOS) feature set, time-based feature set, tamper-resistant feature set, and side channel feature set based on the characteristics of the features.…”

Section: Feature Selectionsmentioning

confidence: 99%

See 1 more Smart Citation

Artificial Intelligence-Based Anomaly Detection Technology over Encrypted Traffic: A Systematic Literature Review

Ji,

Lee,

Kang

et al. 2024

Sensors

View full text Add to dashboard Cite

As cyber-attacks increase in unencrypted communication environments such as the traditional Internet, protected communication channels based on cryptographic protocols, such as transport layer security (TLS), have been introduced to the Internet. Accordingly, attackers have been carrying out cyber-attacks by hiding themselves in protected communication channels. However, the nature of channels protected by cryptographic protocols makes it difficult to distinguish between normal and malicious network traffic behaviors. This means that traditional anomaly detection models with features from packets extracted a deep packet inspection (DPI) have been neutralized. Recently, studies on anomaly detection using artificial intelligence (AI) and statistical characteristics of traffic have been proposed as an alternative. In this review, we provide a systematic review for AI-based anomaly detection techniques over encrypted traffic. We set several research questions on the review topic and collected research according to eligibility criteria. Through the screening process and quality assessment, 30 research articles were selected with high suitability to be included in the review from the collected literature. We reviewed the selected research in terms of dataset, feature extraction, feature selection, preprocessing, anomaly detection algorithm, and performance indicators. As a result of the literature review, it was confirmed that various techniques used for AI-based anomaly detection over encrypted traffic were used. Some techniques are similar to those used for AI-based anomaly detection over unencrypted traffic, but some technologies are different from those used for unencrypted traffic.

show abstract

Section: Feature Selectionsmentioning

confidence: 99%

“…Ref. [42] removed unencrypted traffic from many flows, and ref. [43] removed network packets that were not relevant to the detection of encrypted malicious traffic, such as Address Resolution Protocol and Internet Control Message Protocol packets, as well as redundant, corrupt, unnecessary, or incompletely captured information.…”

Section: Preprocessingmentioning

confidence: 99%