Since payload analysis cannot be performed without deciphering the encrypted traffic, existing commercial security solutions fall short in this situation. Cyber attackers or hackers gain the ability to bypass security precautions such as IDS/IPS and antivirus systems with using encrypted traffic. This situation, which is beneficial for normal users, is also used by attackers to hide. Encryption algorithms and protocols are used for this purpose. With this increase, it becomes important to ensure the confidentiality of the information in the traffic flowing over the internet. The rate of internet usage in the world is over 62% and this rate is increasing day by day. Our comprehensive experiments on the real-word dataset indicate that AS-DMF achieves lightweighting at both feature and data levels with a high performance of 0.9460 mAcc. Moreover, we propose a feature selection mechanism which can select the meaningful features of traffic efficiently. AS-DMF is a lightweight detection framework that combine the uncertainty sampling and density-based query strategy to query the informative and representative instances from the sample set and then train them in a detection (DMF) model. In this paper, we apply the active learning to the malicious encrypted traffic detection problem and propose AS-DMF framework.
And both methods rely heavily on a large number of labeled samples, which needs lots of human effort. However, the machine learning-based methods are limited by manual-design features, which have the problem of highly correlated multicollinearity. Solutions that based on machine learning and deep learning are becoming mainstream. The sharp increasing volume of encrypted traffic generated by malware brings a huge challenge to traditional payload-based malicious traffic detection methods.
0 kommentar(er)
