Detecting Malign Encrypted Network Traffic Using Perlin Noise and Convolutional Neural Network

Machine learning supports analysis of traffic packets by featuring the payloads, increasing the chances of detecting new variants of malware. However, adversaries take advantage of current cryptographically protected network communication to hide the payload features and as a result, avoid detection. In this research, we propose a new method enhancing generalization of Convolutional Neural Networks model to detect malicious encrypted network traffic. Since the payload is encrypted, we extract contextual features from the connection meta-data that best characterizes the behavior of traffics. Our proposed approach encodes given connection features into images using Perlin noise to train the deep learning model for binary classification of connection flows. We applied the model to captured real botnet traffic dataset mixed with normal and background traffic, and obtained a high accuracy of 97% detection and low false negative rate of 0.4%.