Detection of Malicious Activity in Encrypted Traffic Presented as a Time Series

Marina Polyanskaya

doi:10.25559/SITITO.18.202201.144-151

Современные информационные технологии и IT-образование (Mar 2022)

Detection of Malicious Activity in Encrypted Traffic Presented as a Time Series

Marina Polyanskaya

Affiliations

Marina Polyanskaya: ORCiD; Lomonosov Moscow State University, Moscow, Russia

DOI: https://doi.org/10.25559/SITITO.18.202201.144-151
Journal volume & issue: Vol. 18, no. 1
pp. 144 – 151

Abstract

Read online

At the moment, traffic on the Internet is mostly encrypted; malware is also increasingly using encryption. To scan encrypted traffic for malicious activity, its metadata is used. For that purpose, traffic is divided into flows – sessions between two hosts. This paper is devoted to machine learning for analysis of encrypted traffic presented in the form of time series. This approach is considered in comparison with a more traditional approach to flow classification. The task is considered in the context of both supervised and unsupervised machine learning. Regarding decision-making on whether the host is infected as a whole, a model of a malware detector is proposed. The experiments were conducted on the case study of the network activity of ransomware. Specialized tools were used to analyze time series: recurrent and convolutional neural networks, dynamic time warping.

Published in Современные информационные технологии и IT-образование

ISSN: 2411-1473 (Print)
Publisher: The Fund for Promotion of Internet media, IT education, human development «League Internet Media»
Country of publisher: Russian Federation
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: http://sitito.cs.msu.ru

About the journal

Abstract

Keywords