# APT Encrypted Traffic Detection Method based on Two-Parties and   Multi-Session for IoT

**Authors:** Junfeng Xu, Weiguo Lin, Wenqing Fan

arXiv: 2302.13234 · 2023-02-28

## TL;DR

This paper proposes a novel APT encrypted traffic detection method for IoT that uses minimal features, converts traffic data into images, and employs CNNs for identification, demonstrating promising experimental results.

## Contribution

Introduces a two-parties and multi-session based detection approach that simplifies feature extraction and leverages image recognition for encrypted traffic detection.

## Key findings

- Achieves high detection accuracy in preliminary tests
- Uses minimal feature set for effective detection
- Verifies method's effectiveness through experiments

## Abstract

APT traffic detection is an important task in network security domain, which is of great significance in the field of enterprise security. Most APT traffic uses encrypted communication protocol as data transmission medium, which greatly increases the difficulty of detection. This paper analyzes the existing problems of current APT encrypted traffic detection methods based on machine learning, and proposes an APT encrypted traffic detection method based on two parties and multi-session. This method only needs to extract a small amount of features, such as session sequence, session time interval, upstream and downstream data size, and convert them into images. Then convolutional neural network method can be used to realize image recognition. Thus, network traffic identification can be realized too. In the preliminary test of five experiments, this method achieves good experimental results, which verifies the effectiveness of the method.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/2302.13234/full.md

## Figures

2 figures with captions in the complete paper: https://tomesphere.com/paper/2302.13234/full.md

## References

12 references — full list in the complete paper: https://tomesphere.com/paper/2302.13234/full.md

---
Source: https://tomesphere.com/paper/2302.13234