Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Cyberspace Safety and Security

CSS 2021: Cyberspace Safety and Security pp 1–15Cite as

Encrypted Malicious Traffic Detection Based on Ensemble Learning

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13172))

Abstract

Nowadays, network traffic detection plays a very important role in protecting cyberspace security, and more and more applications realize data privacy protection through encryption technology. Regular expression matching based methods, such as deep packet inspection that relies on plaintext traffic cannot be applied to detecting encrypted random communication content, and the existing detecting methods based on time-series features often ignore the encryption protocol features. In this work, we design an ensemble learning system based on stack algorithms to identify encrypted malicious traffic, which can detect the interactive behavior and the encryption protocols simultaneously. In detail, we construct a deep learning classifier based on Long Short-Term Memory (LSTM) for time-series features, and a machine learning classifier based on random forests for encryption protocol features. Then, we use the stacking algorithm in ensemble learning to combine them to form a new classifier. Finally, relying on the Datacon2020 dataset, extensive experiments are conducted. The experimental results indicate that the proposed method improves the detection rate of encrypted malicious traffic while keeping a low false positive rate.

This work was supported by the National Key R&D Program of China (No. 2018YFF01012200), and the Key Science and Technology Project of Anhui (No. 202103a05020006), and the Anhui Provincial Natural Science Foundation (No. 1908085QF266).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Alshammari, R., Zincir-Heywood, A.N.: Investigating two different approaches for encrypted traffic classification. In: 2008 Sixth Annual Conference on Privacy, Security and Trust, pp. 156–166 (2008)

    Google Scholar 

  2. Anderson, B., McGrew, D.: Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2017)

    Google Scholar 

  3. Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate. CoRR abs/1409.0473 (2015)

    Google Scholar 

  4. Breiman, L.: Stacked regressions. Mach. Learn. 24, 49–64 (1996)

    MATH  Google Scholar 

  5. Breiman, L.: Random forests. Mach. Learn. 45, 5–32 (2004)

    Article  Google Scholar 

  6. Cao, Z., Xiong, G., Zhao, Y., Li, Z., Guo, L.: A survey on encrypted traffic classification (2014)

    Google Scholar 

  7. Chen, Y., Zang, T., Zhang, Y., Zhou, Y., Wang, Y.: Rethinking encrypted traffic classification: a multi-attribute associated fingerprint approach. In: 2019 IEEE 27th International Conference on Network Protocols (ICNP), pp. 1–11 (2019)

    Google Scholar 

  8. Qianxin Group and Tsinghua University: DataCon 2020. https://datacon.qianxin.com/opendata/maliciousstream. Accessed Aug 2020

  9. Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9, 1735–1780 (1997)

    Article  Google Scholar 

  10. Li, R., Xiao, X., Ni, S., Zheng, H., Xia, S.: Byte segment neural network for network traffic classification. In: 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS), pp. 1–10 (2018)

    Google Scholar 

  11. Liu, C., He, L., Xiong, G., Cao, Z., Li, Z.: FS-Net: a flow sequence network for encrypted traffic classification. In: IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, pp. 1171–1179 (2019)

    Google Scholar 

  12. Liu, C., Cao, Z., Xiong, G., Gou, G., Yiu, S., He, L.: MaMPF: encrypted traffic classification based on multi-attribute Markov probability fingerprints. In: 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS), pp. 1–10 (2018)

    Google Scholar 

  13. Lotfollahi, M., Jafari Siavoshani, M., Shirali Hossein Zade, R., Saberian, M.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft. Comput. 24(3), 1999–2012 (2019). https://doi.org/10.1007/s00500-019-04030-2

    Article  Google Scholar 

  14. Melo, W., Lopes, P., Antonello, R., Fernandes, S., Sadok, D.: On the performance of DPI signature matching with dynamic priority. In: 2014 IEEE Symposium on Computers and Communications (ISCC), pp. 1–6 (2014)

    Google Scholar 

  15. MontazeriShatoori, M., Davidson, L., Kaur, G., Lashkari, A.H.: Detection of DoH tunnels using time-series classification of encrypted traffic. In: 2020 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), pp. 63–70 (2020)

    Google Scholar 

  16. Pan, W., Cheng, G., Tang, Y.: WENC: HTTPS encrypted traffic classification using weighted ensemble learning and Markov chain. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 50–57 (2017)

    Google Scholar 

  17. Paszke, A., et al.: PyTorch: an imperative style, high-performance deep learning library. In: NeurIPS (2019)

    Google Scholar 

  18. Google Transparency Report: HTTPS encryption on the web. https://transparencyreport.google.com/https/overview?hl=en/

  19. Shen, M., Zhang, J., Zhu, L., Xu, K., Du, X.: Accurate decentralized application identification via encrypted traffic analysis using graph neural networks. IEEE Trans. Inf. Forensics Secur. 16, 2367–2380 (2021)

    Article  Google Scholar 

  20. Shi, H., Li, H., Zhang, D., Cheng, C., Cao, X.: An efficient feature generation approach based on deep learning and feature selection techniques for traffic classification. Comput. Networks 132, 81–98 (2018)

    Article  Google Scholar 

  21. Su, J., Chen, S., Han, B., Xu, C., Wang, X.: A 60Gbps DPI prototype based on memory-centric FPGA. In: Proceedings of the 2016 ACM SIGCOMM Conference (2016)

    Google Scholar 

  22. Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: AppScanner: automatic fingerprinting of smartphone apps from encrypted network traffic. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 439–454 (2016)

    Google Scholar 

  23. Ting, K., Witten, I.: Issues in stacked generalization. J. Artif. Intell. Res. 10, 271–289 (1999)

    Article  Google Scholar 

  24. Velan, P., Cermk, M., Celeda, P., Drasar, M.: A survey of methods for encrypted traffic classification and analysis. Int. J. Netw. Manag. 25, 355–374 (2015)

    Article  Google Scholar 

  25. Xing, J., Wu, C.: Detecting anomalies in encrypted traffic via deep dictionary learning. In: IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 734–739 (2020)

    Google Scholar 

  26. Yao, H., Liu, C., Zhang, P., Wu, S., Jiang, C., Yu, S.: Identification of encrypted traffic through attention mechanism based long short term memory. IEEE Trans. Big Data, 1 (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Automation, University of Science and Technology of China, Hefei, China

    Fengrui Xiao, Feng Yang, Shuangwu Chen & Jian Yang

  2. Institute of Artificial Intelligence, Hefei Comprehensive National Science Center, Hefei, China

    Feng Yang, Shuangwu Chen & Jian Yang

Authors
  1. Fengrui Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Feng Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shuangwu Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jian Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Feng Yang .

Editor information

Editors and Affiliations

  1. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  2. University of Padua, Padua, Italy

    Mauro Conti

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xiao, F., Yang, F., Chen, S., Yang, J. (2022). Encrypted Malicious Traffic Detection Based on Ensemble Learning. In: Meng, W., Conti, M. (eds) Cyberspace Safety and Security. CSS 2021. Lecture Notes in Computer Science(), vol 13172. Springer, Cham. https://doi.org/10.1007/978-3-030-94029-4_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-94029-4_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-94028-7

  • Online ISBN: 978-3-030-94029-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation