IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v18y2025i1p8-d1825967.html

CNNRes-DIndRNN: A New Method for Detecting TLS-Encrypted Malicious Traffic

Author

Listed:
  • Jinsha Zhang

    (School of Computer Science and Engineering, Institute of Disaster Prevention, Langfang 065201, China
    Langfang Key Laboratory of Network Emergency Protection and Network Security, Langfang 065201, China)

  • Xiaoying Wang

    (School of Computer Science and Engineering, Institute of Disaster Prevention, Langfang 065201, China
    Langfang Key Laboratory of Network Emergency Protection and Network Security, Langfang 065201, China)

  • Chunhui Li

    (School of Computer Science and Engineering, Institute of Disaster Prevention, Langfang 065201, China
    Langfang Key Laboratory of Network Emergency Protection and Network Security, Langfang 065201, China)

  • Qingjie Zhang

    (School of Computer Science and Engineering, Institute of Disaster Prevention, Langfang 065201, China
    Langfang Key Laboratory of Network Emergency Protection and Network Security, Langfang 065201, China)

  • Guoqing Yang

    (School of Computer Science and Engineering, Institute of Disaster Prevention, Langfang 065201, China
    Langfang Key Laboratory of Network Emergency Protection and Network Security, Langfang 065201, China)

  • Xinyu Li

    (School of Computer Science and Engineering, Institute of Disaster Prevention, Langfang 065201, China
    Langfang Key Laboratory of Network Emergency Protection and Network Security, Langfang 065201, China)

  • Fangfang Cui

    (School of Computer Science and Engineering, Institute of Disaster Prevention, Langfang 065201, China
    Langfang Key Laboratory of Network Emergency Protection and Network Security, Langfang 065201, China)

  • Ruize Gu

    (School of Computer Science and Engineering, Institute of Disaster Prevention, Langfang 065201, China
    Langfang Key Laboratory of Network Emergency Protection and Network Security, Langfang 065201, China)

  • Panpan Qi

    (School of Computer Science and Engineering, Institute of Disaster Prevention, Langfang 065201, China
    Langfang Key Laboratory of Network Emergency Protection and Network Security, Langfang 065201, China)

  • Shuai Liu

    (School of Computer Science and Engineering, Institute of Disaster Prevention, Langfang 065201, China
    Langfang Key Laboratory of Network Emergency Protection and Network Security, Langfang 065201, China)

Abstract

While ensuring the accuracy of encrypted malicious traffic detection, improving model training speed remains a challenge. In order to solve this challenge, we propose CNNRes-DIndRNN for detecting encrypted malicious traffic classification. This model uses 1D-CNN to capture local feature relationships between data and IndRNN to capture their global dependency relationships. This method uses Zeek (version 7.0.0) to filter TLS datasets and NetTiSA to build time-series features that help models identify malicious behaviors. Combine time-series and encrypted features, then encode them with XLNet to improve model learning ability and speed training. In the final step, the encoded data is fed into CNNRes-DIndRNN. The results on five datasets including CTU-13 and MCFP showed that CNNRes-DIndRNN achieved 99.81% accuracy in binary classification and 99.67% in multi-class classification. These results represent improvements of 0.50–7.78% (binary) and 0.93–12.26% (multi-class) over all baseline methods. In performance comparisons, CNNRes-DIndRNN achieved the fastest training and testing times. It achieves the best comprehensive performance while maintaining high recognition accuracy.

Suggested Citation

  • Jinsha Zhang & Xiaoying Wang & Chunhui Li & Qingjie Zhang & Guoqing Yang & Xinyu Li & Fangfang Cui & Ruize Gu & Panpan Qi & Shuai Liu, 2025. "CNNRes-DIndRNN: A New Method for Detecting TLS-Encrypted Malicious Traffic," Future Internet, MDPI, vol. 18(1), pages 1-29, December.
    • Handle: RePEc:gam:jftint:v:18:y:2025:i:1:p:8-:d:1825967
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/18/1/8/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/18/1/8/
    Download Restriction: no
    ---><---

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:18:y:2025:i:1:p:8-:d:1825967. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.