Enhancing Network Intrusion Detection for TLS Traffic Using Deep Learning

Abstract

The increased utilization of Transport Layer Security (TLS) encryption in contemporary network communication introduces new obstacles for Network Intrusion Detection Systems (NIDS), since encrypted traffic constrains the efficacy of traditional signature-based techniques. This study presents a real-time intrusion detection method for TLS traffic utilizing a combination of Convolutional Neural Networks (CNNs) and Bidirectional Long Short-Term Memory (BiLSTM) networks. CNNs are employed to derive spatial representations of TLS information from Suricata logs, including JA3 fingerprints, cipher suites, and connection statistics, and BiLSTM is utilized to capture bidirectional temporal dependencies of encrypted traffic to identify intricate anomaly patterns. This model was evaluated utilizing an extensive TLS dataset comprising both valid and malicious traffic, including Command-and-Control (C2) connections, malware communication, and data exfiltration. The experimental findings indicate that the CNN–BiLSTM model attained a detection accuracy of 98.7%, a False Positive Rate (FPR) of 1.4%, and an average processing time of 12.9 ms per session, rendering it appropriate for real-time application in corporate network security systems. This methodology enhances the capability of hybrid Deep Learning (DL) models to identify concealed dangers in TLS communication without requiring data decryption.

Access to Document

Other files and links

• Link to publication in Scopus
• Open Access Version Available

Fingerprint