The Role of Machine Learning for Detecting Malicious Internet Traffic
DOI:
https://doi.org/10.63282/3050-9262.IJAIDSML-V4I3P113Keywords:
Machine Learning, Malicious Traffic Detection, Encrypted Traffic, Deep Learning, Intrusion Detection SystemsAbstract
With the blistering development of the Internet, encrypted communication, cloud environments, and IoT systems, the magnitude and complexity of fraudulent network traffic have grown dramatically. Intrusion detection systems that rely on signature-based detection mechanisms are increasingly less effective due to the use of encryption, protocol obfuscation, and distributed device ecosystems by modern attackers to hide the malicious behaviour. With the increase in the heterogeneity and high-volume network environments, adaptive, behaviour-oriented mechanisms of detection have become paramount. The major difficulty is in the analysis of high-dimensional, highly encrypted, imbalanced, and distorted by sampling or incomplete visibility malicious traffic. Most network flows have finer behavioural deviations as opposed to explicit payload signatures. Further, IoT devices produce vast amounts of unreliable, resource-limited traffic and encrypted messages conceal content-based features. These circumstances compromise the performance of the conventional methods of detection and demand more sophisticated modelling strategies. The study focuses on critically reviewing how machine learning can be used to monitor malicious Internet traffic on general IP networks, cloud platforms, IoTs, and encrypted communication channels. The paper presents a synthesis of empirical findings of multiple machine-learning frameworks, such as flow-based classifiers, correlation-optimal IoT models, deep neural networks, multimodal encrypted-traffic models, and ensemble approaches to learning. The article measures the enhancement of machine learning in terms of accuracy, adaptability, imbalance sensitivity, and robustness under encryption by comparing performance based on detection. The article offers a concerted analytical evaluation of machine-learning-traffic detecting in 15 peer-reviewed studies; compares performance patterns in the cloud, IoT, and encrypted systems; detects the architectural and statistical variables that affect the accuracy of detection; exposes limitations, including sampling distortions and encryption opaque, and synthesises insights into a broad view of the process through which machine learning improves the detection of malicious Internet traffic in a changing network ecosystem
References
[1] A. Alshammari and A. Aldribi, “Apply machine learning techniques to detect malicious network traffic in cloud computing,” Journal of Big Data, vol. 8, no. 1, p. 90, 2021.
[2] M. Shafiq, Z. Tian, A. K. Bashir, X. Du, and M. Guizani, “CorrAUC: A malicious bot-IoT traffic detection method in IoT network using machine-learning techniques,” IEEE Internet of Things Journal, vol. 8, no. 5, pp. 3242–3254, 2020.
[3] L. Liu, P. Wang, J. Lin, and L. Liu, “Intrusion detection of imbalanced network traffic based on machine learning and deep learning,” IEEE Access, vol. 9, pp. 7550–7563, 2020.
[4] M. Rodríguez, Á. Alesanco, L. Mehavilla, and J. García, “Evaluation of machine learning techniques for traffic flow-based intrusion detection,” Sensors, vol. 22, no. 23, p. 9326, 2022.
[5] P. Maniriho, L. J. Mahoro, E. Niyigaba, Z. Bizimana, and T. Ahmad, “Detecting intrusions in computer network traffic with machine learning approaches,” International Journal of Intelligent Engineering and Systems, vol. 13, no. 3, pp. 433–445, 2020.
[6] M. Gao, L. Ma, H. Liu, Z. Zhang, Z. Ning, and J. Xu, “Malicious network traffic detection based on deep neural networks and association analysis,” Sensors, vol. 20, no. 5, p. 1452, 2020.
[7] Lotfollahi, M., Shirali Hossein Zade, R., Saberian, M., & GhasemiGol, M. (2020). Deep packet: A novel approach for encrypted traffic classification using deep learning. Soft Computing, 24(3), 1999–2012. https://doi.org/10.1007/s00500-018-03576-w
[8] Meidan, Y., Bohadana, M., Shabtai, A., Breitenbacher, D., Ochoa, M., Tippenhauer, N. O., & Elovici, Y. (2018). N-BaIoT — Network traffic-based detection of IoT botnet attacks using deep autoencoders. IEEE Pervasive Computing, 17(3), 12–22. https://doi.org/10.1109/MPRV.2018.032921659
[9] A. Amouri, V. T. Alaparthy, and S. D. Morgera, “A machine learning based intrusion detection system for mobile Internet of Things,” Sensors, vol. 20, no. 2, p. 461, 2020.
[10] J. Alikhanov, R. Jang, M. Abuhamad, D. Mohaisen, D. Nyang, and Y. Noh, “Investigating the effect of traffic sampling on machine learning-based network intrusion detection approaches,” IEEE Access, vol. 10, pp. 5801–5823, 2021.
[11] M. Lotfollahi, M. Jafari Siavoshani, R. Shirali Hossein Zade, and M. Saberian, “Deep packet: A novel approach for encrypted traffic classification using deep learning,” Soft Computing, vol. 24, no. 3, pp. 1999–2012, 2020.
[12] G. Aceto, D. Ciuonzo, A. Montieri, and A. Pescapé, “Toward effective mobile encrypted traffic classification through deep learning,” Neurocomputing, vol. 409, pp. 306–315, 2020.
[13] Wang, W., & Yang, X. (2019). Network traffic classification and prediction based on machine learning. International Journal of Distributed Sensor Networks, 15(5), 1550147719851010. https://doi.org/10.1177/1550147719851010
[14] G. Aceto, D. Ciuonzo, A. Montieri, and A. Pescapé, “DISTILLER: Encrypted traffic classification via multimodal multitask deep learning,” Journal of Network and Computer Applications, vol. 183, p. 102985, 2021.
[15] Z. Bu, B. Zhou, P. Cheng, K. Zhang, and Z. H. Ling, “Encrypted network traffic classification using deep and parallel network-in-network models,” IEEE Access, vol. 8, pp. 132950–132959, 2020.
