Anomaly Detection in Encrypted Identity Resolution Traffic based on Machine Learning

Abstract

Identity resolution is an emerging network resource widely applied in Industrial Internet of Things. Although encryption improves the privacy of identity resolution, it also challenges DPI-based anomaly detection. Therefore, it is imperative to recognize and supplement the encrypted information of IDS. In this paper, we design a machine learning-based framework to automatically extract critical information of identity resolution system from network traffic. According to the characteristics of traffic, we use the hybrid feature of statistics and sequences to describe encrypted traffic. Besides, a supervised classification algorithm is applied to explore the effective classification of two communication processes, which are service attribution information for node addressing and operation behavior for data management. We tested this method based on the encrypted traffic collected from a realistic identity resolution system. The results indicate that our approach exhibits good performance, outperforms related works, and can be applied in resource-constrained industrial scenario. This is the first work analysing the identity resolution system from the perspective of traffic analysis.