Anomaly detection in encrypted network traffic using self-supervised learning.

Privacy and security in network communication have been enhanced via encryption and traditional anomaly detection methods are no longer effective because of their payload inspection. In this paper, we describe ET-SSL, a new approach for encrypted data anomaly detection which uses self-supervised contrastive learning to identify informative representations in flow level, statistical features like packet length; inter arrival time; flow duration and protocol metadata to Detect anomalies in encrypted network traffic without the need for labelled datasets or payload analysis. ET-SSL extends the use of SSL based traffic classification in order to improve detection performance while keeping computational complexity low through the maximization of the difference between normal and anomalous traffic. On CIC-Darknet2020, ISCX VPN (nonVPN), and UNSW-NB15 datasets, ET-SSL achieves 96.8 percent accuracy, 92.7 percent true positive rate (TPR), 1.2 percent false positive rate (FPR), and can do real time anomaly detection with 15 ms to 25 ms latency and speeds up to 10 Gbps processing which makes it suitable for high speed and resource constrained environments. Compared with existing methods, ET-SSL does not rely on labeled data, scales better, and detects zero day attack in dynamic network environment more effectively, serving as a paradigm for private and energy efficient anomaly detection in encrypted traffic.