Network Encryption Traffic Anomaly Detection Based on Integrated Machine Learning

Abstract

This paper presents an anomaly detection method for encrypted network traffic using integrated machine learning. A stream feature extraction technique is employed to extract key features such as the median value of stream packets, median value of stream bytes, contrast stream, port growth rate, and source IP growth rate from the encrypted traffic. These features are then fed into an anomaly detection model that combines a collaborative neural network and a random forest classifier. An improved Bagging method is used to fuse and identify the anomalous characteristics of the encrypted traffic by weighted summation. Experimental results using the Trace dataset demonstrate that the proposed method achieves high precision and zero false positives in detecting various types of anomalies under different attack scenarios. The proposed approach offers a promising solution for ensuring network security and protecting against threats in encrypted communication channels.