Enhanced Encrypted Traffic Analysis Leveraging Graph Neural Networks and Optimized Feature Dimensionality Reduction-Reference-Cited by-同舟云学术

Enhanced Encrypted Traffic Analysis Leveraging Graph Neural Networks and Optimized Feature Dimensionality Reduction

Published:2024-06-12 Issue:6 Volume:16 Page:733
ISSN:2073-8994
Container-title:Symmetry
language:en
Short-container-title:Symmetry

Author:

Jung In-Su¹^ORCID,Song Yu-Rae¹^ORCID,Jilcha Lelisa Adeba²^ORCID,Kim Deuk-Hun³^ORCID,Im Sun-Young⁴^ORCID,Shim Shin-Woo⁴^ORCID,Kim Young-Hwan⁴^ORCID,Kwak Jin⁵^ORCID

Affiliation:

1. ISAA Lab., Department of Cyber Security, Ajou University, Suwon 16499, Republic of Korea

2. ISAA Lab., Department of AI Convergence Network, Ajou University, Suwon 16499, Republic of Korea

3. ISAA Lab., Institute for Computing and Informatics Research, Ajou University, Suwon 16499, Republic of Korea

4. LIG Nex1, Seongnam 13488, Republic of Korea

5. Department of Cyber Security, Ajou University, Suwon 16499, Republic of Korea

Abstract

With the continuously growing requirement for encryption in network environments, web browsers are increasingly employing hypertext transfer protocol security. Despite the increase in encrypted malicious network traffic, the encryption itself limits the data accessible for analyzing such behavior. To mitigate this, several studies have examined encrypted network traffic by analyzing metadata and payload bytes. Recent studies have furthered this approach, utilizing graph neural networks to analyze the structural data patterns within malicious encrypted traffic. This study proposed an enhanced encrypted traffic analysis leveraging graph neural networks which can model the symmetric or asymmetric spatial relations between nodes in the traffic network and optimized feature dimensionality reduction. It classified malicious network traffic by leveraging key features, including the IP address, port, CipherSuite, MessageLen, and JA3 features within the transport-layer-security session data, and then analyzed the correlation between normal and malicious network traffic data. The proposed approach outperformed previous models in terms of efficiency, using fewer features while maintaining a high accuracy rate of 99.5%. This demonstrates its research value as it can classify malicious network traffic with a high accuracy based on fewer features.

Funder

Korea Research Institute for Defense Technology Planning and Advancement (KRIT)—Grant funded by Defense Acquisition Program Administration

Publisher

MDPI AG

Link

https://www.mdpi.com/2073-8994/16/6/733/pdf

Reference47 articles.

1. Rescorla, E. (2023, May 16). The Transport Layer Security (TLS) Protocol Version 1.3. RFC. Available online: https://tools.ietf.org/html/rfc8446.

2. Google (2023, May 16). Google Transparency Report: HTTPS Encryption on the Web. Available online: https://transparencyreport.google.com/https/overview?hl=en.

3. Let’s Encrypt (2023, May 16). Let’s Encrypt Stats. Available online: https://letsencrypt.org/stats/.

4. Fu, C., Li, Q., Shen, M., and Xu, K. (2021, January 15–19). Realtime robust malicious traffic detection via frequency domain analysis. Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, New York, NY, USA.

5. A survey on encrypted network traffic analysis applications, techniques, and countermeasures;Papadogiannaki;ACM Comput. Surv.,2022