Article contents

Paper title
Author(s)
Abstract
Article information
How to cite?
DOI
Copyright
Open access
References
Research Article

Explainable Anomaly Detection in Encrypted Network Traffic Using Data Analytics

Authors

  • Md Mukidur Rahman Master of Science in Business Analytics, Southern New Hampshire University
  • Md Shadman Soumik Master Of Science in Information Technology, Washington University of Science and Technology
  • Md Sheikh Farids Electrical & Electronic Engineering, Daffodil International University
  • Chowdhury Amin Abdullah Computer Science and Information Systems, Pace University
  • Badhon Sutrudhar Master of Science in Cyber Security, Bay Atlantic University
  • Mohammad Ali Master of Science in Business Analytics, Trine University
  • MD SHAHADAT HOSSAIN Master of Science in Business Analytics, Trine University

Abstract

The unsanctioned growth of the encrypted network traffic is a two-sided problem for the cybersecurity, on one hand, it preserves the privacy of the users, and, on the other hand, it obscures the malicious motive of the traditional intrusion detection systems. The current paper presents this challenge by the construction of a model of the encrypted traffic data anomaly that can be explained in data analytics. The solution proposed includes the classical machine learning (Random Forests, Support Vector Machines), deep learning (Autoencoders, LSTMs) algorithms, and explainability (SHAP, LIME, counterfactual analysis). This framework was tested and trained with several benchmark networks (CICIDS2017, ISCX VPN/Tor, UNSW-NB15) and guarantees the universality of the framework in different network settings. The findings show that the accuracy and recall of deep learning models can outperform those of hybrids, but hybrid ensembles (e.g., RF + Autoencoder) can be more accurate because they do not weaken the performance identified by them, but on the contrary, enhance their interpretability. Explainability profiling revealed that time spent in a flow, packets inter-arrival variance, and bytes distribution are the critical characteristics of traffic that are relevant in differentiating a deviant behavior and an ordinary encrypted traffic. The system has already been found to be practically applicable in case study of enterprise and IoT and telecom networks. In addition, explainable AI implementation will lead to improved trust in the analyst, regulatory bodies, and reduce ethical issues regarding black-box detection systems. The results show that accuracy and transparency ought to be an element of cybersecurity. Directions Future Future Future directions involve the application of federated learning to carry out privacy-preserving detection, real time explainability dashboards, standard controlled encrypted traffic benchmarks, and graph-based anomaly detection. The given work is a viable and efficient solution for anomaly detection in an encrypted space that contributes to the development of both technical and ethical components of the cybersecurity sector.

Article information

Journal

Journal of Computer Science and Technology Studies

Volume (Issue)

6 (1)

Pages

272-281

Published

2024-03-30

How to Cite

Md Mukidur Rahman, Soumik, M. S., Md Sheikh Farids, Chowdhury Amin Abdullah, Badhon Sutrudhar, Mohammad Ali, & MD SHAHADAT HOSSAIN. (2024). Explainable Anomaly Detection in Encrypted Network Traffic Using Data Analytics. Journal of Computer Science and Technology Studies, 6(1), 272-281. https://doi.org/10.32996/jcsts.2024.6.1.31

Downloads

Views

37

Downloads

9

Keywords:

Encrypted Network Traffic, Anomaly Detection , , Explainable Artificial Intelligence (XAI), Data Analytics in Cybersecurity, Machine Learning for Intrusion Detection