Encrypted malware detection methodology without decryption using deep learning-based approaches

Authors : Abhay Pratap Singh, Mahendra Singh, Karamjit Bhatia, Heman Pathak

Pages : 498-509

Doi:10.31127/tuje.1416933

View : 33 | Download : 73

Publication Date : 2024-07-28

Article Type : Research Paper

Abstract :The encrypted or https traffic on Internet accounts for the safe and secure communication between users and servers. However, cyber attackers are also exploiting https traffic to disguise their malignant activities. Detection of network threats in https traffic is a tiresome task for security experts owing to the convoluted nature of encrypted traffic on the web. Conventional detection techniques decrypt the network content, check it for threats, re-encrypt the network content, and then send it to the server. But this approach jeopardizes the secrecy of data and user. In recent time, deep learning (DL) has emerged as one of the most fruitful AI methods that diminishes the manual resolution of features to enhance classification accuracy. A DL based strategy is suggested for recognition of threat in encrypted communication without using decryption. The three DL algorithms, as used by the proposed approach are, multilayer perceptron (MLP), long short-term memory (LSTM) and 1-D convolutional neural network (1-D CNN), which are experimented on the CTU- 13 malware dataset containing flow-based attributes of network traffic. The outcome of the experiment exhibits that MLP based approach performs better in comparison to 1-D CNN and LSTM based ones and other existing approaches. Thus, the secrecy of the data is maintained and the capability of identifying threats in encrypted communication is augmented.
Keywords : Malware, Encrypted traffic, Deep learning, Network security