An anomaly detection method of encrypted traffic based on user behavior

Abstract

With the development of enterprises and their gradual growth, their device terminals continue to expand in terms of types, numbers, and application ranges. The form of terminal security protection is becoming increasingly severe, and terminal vulnerabilities and viruses emerge endlessly. A high-quality, efficient, and secure corporate network and terminal environment is an important guarantee for the sound development of enterprises. However, the commonly used monitoring methods of existing equipment terminals, especially the detection methods for encrypted traffic, have been unable to meet the needs of some enterprises for real-time monitoring, rapid identification and timely blocking of high-risk behaviors of terminals. In this paper, an encryption traffic monitoring method for end users is proposed to realize abnormal user traffic detection. Deep neural network model is used to extract communication data features and abnormal traffic features for similarity comparison, so as to judge whether it is abnormal traffic.