Encrypted Malicious Traffic Detection Based on Word2Vec
Electronics2022Vol. 11(5), pp. 679–679
Citations Over TimeTop 10% of 2022 papers
Abstract
Network-based intrusion detections become more difficult as Internet traffic is mostly encrypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.
Related Papers
- → Multiple Handshakes Security of TLS 1.3 Candidates(2016)24 cited
- → RATLS: Integrating Transport Layer Security with Remote Attestation(2022)6 cited
- → TLS 1.3 Handshake Analyzer(2022)1 cited
- → Running-mode analysis of the Security Socket Layer protocol(2004)2 cited
- Transport Layer Security (TLS) Secure Renegotiation(2009)