Faculty of Computing, Harbin Institute of Technology, Harbin 150000, China.
Comput Intell Neurosci. 2023 Mar 10;2023:3316642. doi: 10.1155/2023/3316642. eCollection 2023.
With an increasing number of network attacks using encrypted communication, the anomaly detection of encryption traffic is of great importance to ensure reliable network operation. However, the existing feature extraction methods for encrypted traffic anomaly detection have difficulties in extracting features, resulting in their low efficiency. In this paper, we propose a framework of encrypted traffic anomaly detection based on parallel automatic feature extraction, called deep encrypted traffic detection (DETD). The proposed DETD uses a parallel small-scale multilayer stack autoencoder to extract local traffic features from encrypted traffic and then adopts an L1 regularization-based feature selection algorithm to select the most representative feature set for the final encrypted traffic anomaly detection task. The experimental results show that DETD has promising robustness in feature extraction, i.e., the feature extraction efficiency of DETD is 66% higher than that of the conventional stacked autoencoder, and the anomaly detection performance is as high as 99.998%, and thus DETD outperforms the deep full-range framework and other neural network anomaly detection algorithms.
随着越来越多的网络攻击采用加密通信,加密流量的异常检测对于确保可靠的网络运行至关重要。然而,现有的加密流量异常检测特征提取方法在提取特征方面存在困难,导致其效率低下。本文提出了一种基于并行自动特征提取的加密流量异常检测框架,称为深度加密流量检测(DETD)。所提出的 DETD 使用并行小规模多层堆叠自动编码器从加密流量中提取局部流量特征,然后采用基于 L1 正则化的特征选择算法选择最具代表性的特征集用于最终的加密流量异常检测任务。实验结果表明,DETD 在特征提取方面具有很好的鲁棒性,即 DETD 的特征提取效率比传统堆叠自动编码器高 66%,异常检测性能高达 99.998%,因此 DETD 优于深度全范围框架和其他神经网络异常检测算法。
