Artificial Intelligence-Based Anomaly Detection Technology over Encrypted Traffic: A Systematic Literature Review
As cyber-attacks increase in unencrypted communication environments such as the traditional Internet, protected communication channels based on cryptographic protocols, such as transport layer security (TLS), have been introduced to the Internet. Accordingly, attackers have been carrying out cyber-a...
| الحاوية / القاعدة: | Sensors |
|---|---|
| المؤلفون الرئيسيون: | , , , , , |
| التنسيق: | مقال |
| اللغة: | الإنجليزية |
| منشور في: |
MDPI AG
2024-01-01
|
| الموضوعات: | |
| الوصول للمادة أونلاين: | https://www.mdpi.com/1424-8220/24/3/898 |
| _version_ | 1850119401625354240 |
|---|---|
| author | Il Hwan Ji Ju Hyeon Lee Min Ji Kang Woo Jin Park Seung Ho Jeon Jung Taek Seo |
| author_facet | Il Hwan Ji Ju Hyeon Lee Min Ji Kang Woo Jin Park Seung Ho Jeon Jung Taek Seo |
| author_sort | Il Hwan Ji |
| collection | DOAJ |
| container_title | Sensors |
| description | As cyber-attacks increase in unencrypted communication environments such as the traditional Internet, protected communication channels based on cryptographic protocols, such as transport layer security (TLS), have been introduced to the Internet. Accordingly, attackers have been carrying out cyber-attacks by hiding themselves in protected communication channels. However, the nature of channels protected by cryptographic protocols makes it difficult to distinguish between normal and malicious network traffic behaviors. This means that traditional anomaly detection models with features from packets extracted a deep packet inspection (DPI) have been neutralized. Recently, studies on anomaly detection using artificial intelligence (AI) and statistical characteristics of traffic have been proposed as an alternative. In this review, we provide a systematic review for AI-based anomaly detection techniques over encrypted traffic. We set several research questions on the review topic and collected research according to eligibility criteria. Through the screening process and quality assessment, 30 research articles were selected with high suitability to be included in the review from the collected literature. We reviewed the selected research in terms of dataset, feature extraction, feature selection, preprocessing, anomaly detection algorithm, and performance indicators. As a result of the literature review, it was confirmed that various techniques used for AI-based anomaly detection over encrypted traffic were used. Some techniques are similar to those used for AI-based anomaly detection over unencrypted traffic, but some technologies are different from those used for unencrypted traffic. |
| format | Article |
| id | doaj-art-ba3ba555a03e4d04bc8b9e3bc072be21 |
| institution | Directory of Open Access Journals |
| issn | 1424-8220 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | MDPI AG |
| record_format | Article |
| spelling | doaj-art-ba3ba555a03e4d04bc8b9e3bc072be212025-08-19T23:56:44ZengMDPI AGSensors1424-82202024-01-0124389810.3390/s24030898Artificial Intelligence-Based Anomaly Detection Technology over Encrypted Traffic: A Systematic Literature ReviewIl Hwan Ji0Ju Hyeon Lee1Min Ji Kang2Woo Jin Park3Seung Ho Jeon4Jung Taek Seo5Department of Information Security, Gachon University, Seongnam-si 1342, Republic of KoreaDepartment of Information Security, Gachon University, Seongnam-si 1342, Republic of KoreaDepartment of Computer Engineering (Smart Security), Gachon University, Seongnam-si 1342, Republic of KoreaDepartment of Software, Gachon University, Seongnam-si 1342, Republic of KoreaDepartment of Computer Engineering (Smart Security), Gachon University, Seongnam-si 1342, Republic of KoreaDepartment of Computer Engineering, Gachon University, Seongnam-si 1342, Republic of KoreaAs cyber-attacks increase in unencrypted communication environments such as the traditional Internet, protected communication channels based on cryptographic protocols, such as transport layer security (TLS), have been introduced to the Internet. Accordingly, attackers have been carrying out cyber-attacks by hiding themselves in protected communication channels. However, the nature of channels protected by cryptographic protocols makes it difficult to distinguish between normal and malicious network traffic behaviors. This means that traditional anomaly detection models with features from packets extracted a deep packet inspection (DPI) have been neutralized. Recently, studies on anomaly detection using artificial intelligence (AI) and statistical characteristics of traffic have been proposed as an alternative. In this review, we provide a systematic review for AI-based anomaly detection techniques over encrypted traffic. We set several research questions on the review topic and collected research according to eligibility criteria. Through the screening process and quality assessment, 30 research articles were selected with high suitability to be included in the review from the collected literature. We reviewed the selected research in terms of dataset, feature extraction, feature selection, preprocessing, anomaly detection algorithm, and performance indicators. As a result of the literature review, it was confirmed that various techniques used for AI-based anomaly detection over encrypted traffic were used. Some techniques are similar to those used for AI-based anomaly detection over unencrypted traffic, but some technologies are different from those used for unencrypted traffic.https://www.mdpi.com/1424-8220/24/3/898cyber securityanomaly detectionencrypted traffic |
| spellingShingle | Il Hwan Ji Ju Hyeon Lee Min Ji Kang Woo Jin Park Seung Ho Jeon Jung Taek Seo Artificial Intelligence-Based Anomaly Detection Technology over Encrypted Traffic: A Systematic Literature Review cyber security anomaly detection encrypted traffic |
| title | Artificial Intelligence-Based Anomaly Detection Technology over Encrypted Traffic: A Systematic Literature Review |
| title_full | Artificial Intelligence-Based Anomaly Detection Technology over Encrypted Traffic: A Systematic Literature Review |
| title_fullStr | Artificial Intelligence-Based Anomaly Detection Technology over Encrypted Traffic: A Systematic Literature Review |
| title_full_unstemmed | Artificial Intelligence-Based Anomaly Detection Technology over Encrypted Traffic: A Systematic Literature Review |
| title_short | Artificial Intelligence-Based Anomaly Detection Technology over Encrypted Traffic: A Systematic Literature Review |
| title_sort | artificial intelligence based anomaly detection technology over encrypted traffic a systematic literature review |
| topic | cyber security anomaly detection encrypted traffic |
| url | https://www.mdpi.com/1424-8220/24/3/898 |
| work_keys_str_mv | AT ilhwanji artificialintelligencebasedanomalydetectiontechnologyoverencryptedtrafficasystematicliteraturereview AT juhyeonlee artificialintelligencebasedanomalydetectiontechnologyoverencryptedtrafficasystematicliteraturereview AT minjikang artificialintelligencebasedanomalydetectiontechnologyoverencryptedtrafficasystematicliteraturereview AT woojinpark artificialintelligencebasedanomalydetectiontechnologyoverencryptedtrafficasystematicliteraturereview AT seunghojeon artificialintelligencebasedanomalydetectiontechnologyoverencryptedtrafficasystematicliteraturereview AT jungtaekseo artificialintelligencebasedanomalydetectiontechnologyoverencryptedtrafficasystematicliteraturereview |