Anomaly Detection in Encrypted Internet Traffic Using Hybrid Deep Learning

An increasing number of Internet application services are relying on encrypted traffic to offer adequate consumer privacy. Anomaly detection in circumvent and mitigate cyber security threats is, however, an open ongoing research challenge due the limitation existing classification techniques. Deep learning is emerging as a promising paradigm, allowing reduction manual determination feature set increase accuracy. The present work develops deep learning-based model for anomalies network traffic. Three different publicly available datasets including NSL-KDD, UNSW-NB15, CIC-IDS-2017 used comprehensively analyze attacks targeting popular protocols. Instead single model, multiple schemes using convolutional (CNN), long short-term memory (LSTM), recurrent neural networks (RNNs) investigated. Our results report hybrid combination (CNN) gated unit (GRU) models outperforming others. approach benefits from low-latency derivation CNN, overall improved training dataset fitting. Additionally, highly effective generalization offered by GRU optimal time-domain-related extraction, resulting CNN scheme presenting best model.