{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T20:35:44Z","timestamp":1775421344112,"version":"3.50.1"},"reference-count":56,"publisher":"Wiley","license":[{"start":{"date-parts":[[2021,9,21]],"date-time":"2021-09-21T00:00:00Z","timestamp":1632182400000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2021,9,21]]},"abstract":"<jats:p>An increasing number of Internet application services are relying on encrypted traffic to offer adequate consumer privacy. Anomaly detection in encrypted traffic to circumvent and mitigate cyber security threats is, however, an open and ongoing research challenge due to the limitation of existing traffic classification techniques. Deep learning is emerging as a promising paradigm, allowing reduction in manual determination of feature set to increase classification accuracy. The present work develops a deep learning-based model for detection of anomalies in encrypted network traffic. Three different publicly available datasets including the NSL-KDD, UNSW-NB15, and CIC-IDS-2017 are used to comprehensively analyze encrypted attacks targeting popular protocols. Instead of relying on a single deep learning model, multiple schemes using convolutional (CNN), long short-term memory (LSTM), and recurrent neural networks (RNNs) are investigated. Our results report a hybrid combination of convolutional (CNN) and gated recurrent unit (GRU) models as outperforming others. The hybrid approach benefits from the low-latency feature derivation of the CNN, and an overall improved training dataset fitting. Additionally, the highly effective generalization offered by GRU results in optimal time-domain-related feature extraction, resulting in the CNN and GRU hybrid scheme presenting the best model.<\/jats:p>","DOI":"10.1155\/2021\/5363750","type":"journal-article","created":{"date-parts":[[2021,9,21]],"date-time":"2021-09-21T22:35:14Z","timestamp":1632263714000},"page":"1-16","source":"Crossref","is-referenced-by-count":43,"title":["Anomaly Detection in Encrypted Internet Traffic Using Hybrid Deep Learning"],"prefix":"10.1155","volume":"2021","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4750-7864","authenticated-orcid":true,"given":"Taimur","family":"Bakhshi","sequence":"first","affiliation":[{"name":"Center for Information Management & Cyber Security, National University of Computer & Emerging Sciences, Lahore, Pakistan"},{"name":"Center for Security, Communications & Networking Research, University of Plymouth, Plymouth, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1788-547X","authenticated-orcid":true,"given":"Bogdan","family":"Ghita","sequence":"additional","affiliation":[{"name":"Center for Security, Communications & Networking Research, University of Plymouth, Plymouth, UK"}]}],"member":"311","reference":[{"key":"1","doi-asserted-by":"publisher","DOI":"10.11959\/j.issn.1000-436x.2018135"},{"key":"2","doi-asserted-by":"crossref","DOI":"10.4018\/978-1-5225-8241-0.ch005","article-title":"IoT evolution and security challenges in cyber space","volume-title":"Countering Cyber Attacks and Preserving the Integrity and Availability of Critical Systems","author":"U. N. Dulhare","year":"2019"},{"key":"3","doi-asserted-by":"publisher","DOI":"10.1007\/s11554-019-00930-6"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1126\/science.1127647"},{"issue":"1","key":"5","first-page":"14","article-title":"Network traffic classification method based on deep convolutional neural network","volume":"39","author":"H. Z. W. Yong","year":"2018","journal-title":"Journal of Communications"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.1109\/access.2017.2747560"},{"key":"7","first-page":"43","article-title":"End-to-end encrypted traffic classification with one-dimensional convolution neural networks","author":"W. Wang"},{"key":"8","article-title":"Canadian Institute of Cyber Security","author":"NSL KDD Data Set"},{"key":"9","doi-asserted-by":"publisher","DOI":"10.1109\/milcis.2015.7348942"},{"key":"10","doi-asserted-by":"crossref","article-title":"Toward generating a new intrusion detection dataset and intrusion traffic characterization","author":"I. Sharafaldin","DOI":"10.5220\/0006639801080116"},{"key":"11","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2019.2899085"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2019.106944"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2019.8737507"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1038\/nature14539"},{"issue":"6","key":"15","article-title":"The perceptron: a probabilistic model for infor-mation storage and organization in the brain","volume":"65","author":"F. Rosenblatt","year":"1988","journal-title":"Science"},{"key":"16","volume-title":"The Monopoly of Violence in the Cyber Space:Challenges of Cyber Security","author":"R. G. Radu","year":"2012"},{"key":"17","volume-title":"The Cyber Threat and the Problem of Information security.a Critical Analysis of the Concepts of Cyber-Power and Cyber-Space","author":"S. Sarbu"},{"issue":"5","key":"18","first-page":"473","article-title":"The research of cyberspace and communication network security problems","volume":"6","author":"W. U. Wei","year":"2011","journal-title":"Journal of China Academy of Electronicsand Information Technology"},{"issue":"3","key":"19","first-page":"1","article-title":"Research on cyberspace and communication net-work security problems","volume":"38","author":"W. U. Wei","year":"2011","journal-title":"Radio and Communications Technology"},{"key":"20","doi-asserted-by":"publisher","DOI":"10.1145\/3351556.3351560"},{"key":"21","doi-asserted-by":"publisher","DOI":"10.1145\/3434402"},{"key":"22","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-15-9343-7_19"},{"key":"23","doi-asserted-by":"publisher","DOI":"10.1186\/s40537-020-00318-5"},{"key":"24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-57024-8_2"},{"key":"25","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2020.107332"},{"key":"26","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2020.100317"},{"key":"27","doi-asserted-by":"publisher","DOI":"10.3390\/electronics9111937"},{"key":"28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_1"},{"key":"29","volume-title":"Cisco to Showcase Lancope\u2019s Stealthwatch for Cyber Threat Defense at cisco Live","author":"I. Lancope","year":"2012"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2020.102767"},{"key":"31","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-020-05008-0"},{"key":"32","doi-asserted-by":"publisher","DOI":"10.7544\/issn1000-1239.2018.20170649"},{"key":"33","doi-asserted-by":"publisher","DOI":"10.1109\/mcom.2019.1800819"},{"key":"34","doi-asserted-by":"publisher","DOI":"10.1109\/hpcc\/smartcity\/dss.2018.00074"},{"key":"35","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2908225"},{"key":"36","article-title":"Deep packet: a novel approach for encrypted traffic classification using deep learning","volume":"24","author":"M. Lotfollahi","year":"2017","journal-title":"SoftComputing"},{"key":"37","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2021.102985"},{"key":"38","doi-asserted-by":"publisher","DOI":"10.3991\/ijet.v13i04.8466"},{"key":"39","first-page":"273","article-title":"Multi-task network anomaly detection using federated learning acm","author":"Y. Zhao"},{"key":"40","first-page":"407","article-title":"Characterization of encrypted and vpn traffic using time-related","author":"G. Draper"},{"key":"41","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.12.012"},{"key":"42","article-title":"Mampf: encrypted traffic classiffication based on multi-attribute Markov probability fingerprints","volume-title":"Quality of Service (IWQoS) 2018 IEEElACM 24th International Symposium on","author":"L. Chang"},{"key":"43","article-title":"An overview of multi-task learning in deep neural networks","author":"S. Ruder","year":"2017"},{"key":"44","article-title":"Keras API reference\/losses"},{"key":"45","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.05.011"},{"key":"46","doi-asserted-by":"publisher","DOI":"10.1016\/b978-0-12-804291-5.00010-6"},{"key":"47","article-title":"Searching for activation functions","author":"P. Ramachandran","year":"2017"},{"key":"48","first-page":"180","article-title":"6.2.2.3 softmax units for multinoulli output distributions","volume-title":"in Deep Learning","author":"I. Goodfellow","year":"2016"},{"key":"49","doi-asserted-by":"crossref","article-title":"A detailed analysis of the kdd cup 99 data set","author":"M. Tavallaee","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"50","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-319-59439-2_5","article-title":"Big Data Analytics for Intrusion Detection System: Statistical Decision-Making Using Finite Dirichlet Mixture Models","volume-title":"Data Analytics and Decision Support for Cybersecurity","author":"N. Moustafa","year":"2017"},{"key":"51","article-title":"Ecosystem","author":"A. I. Federated"},{"key":"52","article-title":"Keras 2.4.0, python-based deep learning API"},{"key":"53","article-title":"Tensorflow Open Source Machine Learning Platform"},{"issue":"1","key":"54","article-title":"Incorporating nesterov momentum into adam","author":"T. Dozat","year":"2016","journal-title":"ICLR Workshop"},{"key":"55","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2020.102890"},{"key":"56","article-title":"Quasi-recurrent neural networks","author":"J. Bradbury","year":"2016"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/5363750.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/5363750.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/5363750.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,21]],"date-time":"2021-09-21T22:35:34Z","timestamp":1632263734000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2021\/5363750\/"}},"subtitle":[],"editor":[{"given":"Khizar","family":"Hayat","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2021,9,21]]},"references-count":56,"alternative-id":["5363750","5363750"],"URL":"https:\/\/doi.org\/10.1155\/2021\/5363750","relation":{},"ISSN":["1939-0122","1939-0114"],"issn-type":[{"value":"1939-0122","type":"electronic"},{"value":"1939-0114","type":"print"}],"subject":[],"published":{"date-parts":[[2021,9,21]]}}}