SimCSE for Encrypted Traffic Detection and Zero-Day Attack Detection

Rotem Bar; Chen Hajaj

doi:10.1109/ACCESS.2022.3177272

IEEE Access (Jan 2022)

SimCSE for Encrypted Traffic Detection and Zero-Day Attack Detection

Rotem Bar,
Chen Hajaj

Affiliations

Rotem Bar: ORCiD; School of Software Engineering: Intelligent Systems, Afeka College of Engineering, Tel Aviv, Israel
Chen Hajaj: ORCiD; Industrial Engineering and Management Department, Data Science and Artificial Intelligence Research Center, Ariel University, Ariel, Israel

DOI: https://doi.org/10.1109/ACCESS.2022.3177272
Journal volume & issue: Vol. 10
pp. 56952 – 56960

Abstract

Read online

Traffic detection has attracted much attention in recent years, playing an essential role in intrusion detection systems (IDS). This paper proposes a new approach for traffic detection at the packet level, inspired by natural language processing (NLP), using simple contrastive learning of sentence embeddings (SimCSE) as an embedding model. The new approach can learn the features of traffic from raw packet data. Experiments were conducted on two well-known datasets to evaluate our approach. For detecting malicious activity, our model achieved an accuracy of 99.99% on the USTC-TFC2016 dataset, whereas for detecting virtual private network (VPN) activity, our model achieved an accuracy of 99.98% on the ISCXVPN2016 dataset. Furthermore, the resulting model was found to be robust based on zero-day attack detection, which shows the model’s ability to detect attacks that have not been seen before. Experiments show that our approach can effectively detect network traffic and outperforms many other state-of-the-art methods.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords