Technical gazette, Vol. 32 No. 2, 2025.
Original scientific paper
https://doi.org/10.17559/TV-20240223001345
Network Encryption Traffic Anomaly Detection Based on Integrated Machine Learning
Xiaoqing Yang
orcid.org/0009-0008-4179-4720
; Faculty of Computer Engineering, Shanxi Vocational University of Engineering Science and Technology, No. 369, Wenhua Street, Yuci District, Jinzhong City, Shanxi Province, 030619, China
*
Niwat Angkawisittpan
orcid.org/0000-0001-5413-8417
; Research Unit for Electrical and Computer Engineering Technology (RECENT), Mahasarakham University, No. 41/20, Kantarawichai District, Maha Sarakham, 44150, Thailand
* Corresponding author.
Abstract
This paper presents an anomaly detection method for encrypted network traffic using integrated machine learning. A stream feature extraction technique is employed to extract key features such as the median value of stream packets, median value of stream bytes, contrast stream, port growth rate, and source IP growth rate from the encrypted traffic. These features are then fed into an anomaly detection model that combines a collaborative neural network and a random forest classifier. An improved Bagging method is used to fuse and identify the anomalous characteristics of the encrypted traffic by weighted summation. Experimental results using the Trace dataset demonstrate that the proposed method achieves high precision and zero false positives in detecting various types of anomalies under different attack scenarios. The proposed approach offers a promising solution for ensuring network security and protecting against threats in encrypted communication channels.
Keywords
anomaly detection; flow characteristics; improved Bagging method; integrated; machine learning; network encryption traffic
Hrčak ID:
328646
URI
Publication date:
27.2.2025.
Visits: 1.171 *