ORCID
- Ghita, Bogdan: 0000-0002-1788-547X
Abstract
An increasing number of Internet application services are relying on encrypted traffic to offer adequate consumer privacy. Anomaly detection in encrypted traffic to circumvent and mitigate cyber security threats is, however, an open and ongoing research challenge due to the limitation of existing traffic classification techniques. Deep learning is emerging as a promising paradigm, allowing reduction in manual determination of feature set to increase classification accuracy. The present work develops a deep learning-based model for detection of anomalies in encrypted network traffic. Three different publicly available datasets including the NSL-KDD, UNSW-NB15, and CIC-IDS-2017 are used to comprehensively analyze encrypted attacks targeting popular protocols. Instead of relying on a single deep learning model, multiple schemes using convolutional (CNN), long short-term memory (LSTM), and recurrent neural networks (RNNs) are investigated. Our results report a hybrid combination of convolutional (CNN) and gated recurrent unit (GRU) models as outperforming others. The hybrid approach benefits from the low-latency feature derivation of the CNN, and an overall improved training dataset fitting. Additionally, the highly effective generalization offered by GRU results in optimal time-domain-related feature extraction, resulting in the CNN and GRU hybrid scheme presenting the best model.
DOI
10.1155/2021/5363750
Publication Date
2021-09-21
Publication Title
Security and Communication Networks
Volume
2021
ISSN
1939-0114
Embargo Period
2021-11-12
Organisational Unit
School of Engineering, Computing and Mathematics
First Page
1
Last Page
16
Recommended Citation
Bakhshi, T., & Ghita, B. (2021) 'Anomaly Detection in Encrypted Internet Traffic Using Hybrid Deep Learning', Security and Communication Networks, 2021, pp. 1-16. Available at: https://doi.org/10.1155/2021/5363750