Detecting Malware's Encrypted Network Traffic Using Perlin Noise and Convolutional Neural Network

The detection of malicious network traffic has been the focus of many researchers, especially with the use of machine learning. Unlike traditional signature-based detections, machine learning allows for a behavioral analysis of such traffic packets, increasing the chances of detecting new variants of malware as long as they share the same behavioral model. However, as more of the internet is shifting towards encrypted traffic to preserve the confidentiality and integrity of data, adversaries exploit such cryptographic methods to bypass traditional network detection techniques. In this research, the focus will be on detecting malware’s encrypted network traffic by designing a new method based on Convolutional Neural Networks. Our proposed approach encodes given connection features into images using Perlin noise to train the deep learning model for classification of connection flows as malign or benign. Since the payload is encrypted, we extract contextual features from the connection meta-data that best characterizes the behavior of malign and benign traffics, and then use our new feature augmentation method based on Perlin noise to generate trainable images. We use captured CTU-13 real botnet traffic dataset mixed with normal traffic and background traffic and analyze using CNN trained from the Perlin noised images. Our deep learning model has a high accuracy of 97% and low false negative rate of 0.4% and is compared with different machine learning methods such as SVM, NN, Gaussian Naïve Bayes and Random Forests.