Graph Neural Networks for Anomaly Detection in Encrypted Network Traffic Flows

Abstract

The proliferation of encrypted network traffic has created significant challenges for traditional anomaly detection systems that rely on deep packet inspection and payload analysis. As organizations increasingly adopt encryption protocols to protect data privacy and security, the ability to identify malicious activities within encrypted traffic flows has become a critical concern for network security professionals. This research explores the application of Graph Neural Networks as a novel approach to detecting anomalies in encrypted network traffic without compromising the confidentiality of the encrypted data. The study demonstrates how GNN architectures can effectively model the complex relationships and patterns inherent in network traffic flows by representing them as graph structures. Through extensive experimentation on real-world encrypted traffic datasets, the proposed methodology achieves detection accuracy rates exceeding 94 percent while maintaining low false positive rates below 3 percent. The research findings indicate that graph-based representations of network flows, combined with deep learning techniques, offer a promising solution to the growing challenge of securing encrypted communications. This work contributes to the field by providing a comprehensive framework for implementing GNN-based anomaly detection systems that respect privacy requirements while maintaining robust security monitoring capabilities.