SimCSE for Encrypted Traffic Detection and Zero-Day Attack Detection

Rotem Bar, Chen Hajaj

Research output: Contribution to journalArticlepeer-review

Abstract

Traffic detection has attracted much attention in recent years, playing an essential role in intrusion detection systems (IDS). This paper proposes a new approach for traffic detection at the packet level, inspired by natural language processing (NLP), using simple contrastive learning of sentence embeddings (SimCSE) as an embedding model. The new approach can learn the features of traffic from raw packet data. Experiments were conducted on two well-known datasets to evaluate our approach. For detecting malicious activity, our model achieved an accuracy of 99.99% on the USTC-TFC2016 dataset, whereas for detecting virtual private network (VPN) activity, our model achieved an accuracy of 99.98% on the ISCXVPN2016 dataset. Furthermore, the resulting model was found to be robust based on zero-day attack detection, which shows the model's ability to detect attacks that have not been seen before. Experiments show that our approach can effectively detect network traffic and outperforms many other state-of-the-art methods.

Original languageEnglish
Pages (from-to)56952-56960
Number of pages9
JournalIEEE Access
Volume10
DOIs
StatePublished - 2022

Keywords

  • Cyber security
  • Network traffic
  • Packet capture
  • SimCSE
  • Word2vec

All Science Journal Classification (ASJC) codes

  • General Engineering
  • General Computer Science
  • Electrical and Electronic Engineering
  • General Materials Science

Fingerprint

Dive into the research topics of 'SimCSE for Encrypted Traffic Detection and Zero-Day Attack Detection'. Together they form a unique fingerprint.

Cite this