.png)
Author Name : Dileep Pulugu, Pallavi S. Thakare
Copyright: © 2025 | Pages: 33
DOI: 10.71443/9789349552388-03
Received: 25/11/2024 Accepted: 29/01/2025 Published: 10/03/2025
The increasing prevalence of encrypted traffic in modern networks presents significant challenges in detecting malicious activities, necessitating advanced techniques for effective security monitoring. This book chapter explores the integration of machine learning (ML) for encrypted malicious traffic detection, focusing on innovative feature selection methods. It delves into various techniques, including filter, wrapper, and embedded methods, evaluating their strengths, limitations, and application in network security. The chapter emphasizes the importance of feature extraction, representation, and selection in improving the accuracy of machine learning models while handling encrypted data. It discusses the unique challenges posed by encrypted traffic and how ML models, particularly supervised and unsupervised learning approaches, can address these issues. By comparing traditional detection methods with machine learning-driven solutions, this work highlights the potential of ML to enhance security measures in encrypted environments. The findings provide a roadmap for future research in the field of network traffic analysis and cybersecurity.
The rapid growth in internet usage and the expansion of digital services have dramatically altered the landscape of network security [1]. As data privacy becomes a critical concern, encryption has become the standard method for protecting sensitive information transmitted over the internet [2]. While encryption plays a crucial role in safeguarding privacy, it has also introduced significant challenges for network security, particularly in detecting malicious traffic [3,4]. Malicious actors often exploit encryption to hide their activities from traditional detection mechanisms, complicating efforts to maintain secure and efficient networks [5,6]. As a result, the detection of encrypted malicious traffic has emerged as one of the most pressing challenges in modern cybersecurity [7].
Traditional network security techniques, such as signature-based detection and deep packet inspection (DPI), rely on the ability to inspect the contents of network traffic [8,9]. However, encryption prevents these techniques from being effective, as the payload data was obscured [10]. This makes it difficult to identify and respond to potential threats, such as malware, data breaches, or botnet communications, that operate within encrypted traffic streams [11-14]. The lack of visibility into encrypted traffic has prompted security professionals to seek alternative methods that can detect malicious behavior without decrypting the data, which could otherwise compromise privacy [15,16]. These challenges have spurred the development of more advanced detection methods, such as machine learning-based models, which can analyze network traffic patterns and behaviors to identify anomalies indicative of malicious activity [17-19].
