Anomaly detection in encrypted web traffic using deep learning mechanisms

Abstract

The increasing adoption of HTTPS encryption has significantly improved data confidentiality but has simultaneously challenged traditional anomaly detection systems that rely on content-based or signature-based inspection. This research addresses the critical problem of detecting anomalies in encrypted web traffic without decrypting the data, by leveraging deep learning techniques that operate solely on metadata and behavioural features. The study proposed and developed a dual-model anomaly detection system using supervised deep learning. Two classification models were trained independently: one on packet-based features and another on session-based features extracted from structured HTTPS datasets containing both benign and malicious traffic. The models achieved test accuracies of 98.64% and 99.66%, respectively. When combined using a voting-based decision strategy, the overall system achieved an exceptional detection accuracy of 99.995%. The methodology followed a Design Science Research (DSR) approach, encompassing problem identification, model development, and experimental validation. Although real-time deployment was not achieved due to hardware and infrastructure constraints, the system was successfully implemented and tested in a simulated environment, validating its feasibility and effectiveness. This research demonstrates that it is possible to detect encrypted traffic anomalies accurately and efficiently using metadata alone, without compromising privacy. The results lay the groundwork for future development of scalable, real-time, and privacy-preserving intrusion detection systems suitable for modern encrypted network environments.

Keywords: HTTPS, Deep learning, Anomaly detection, Encrypted web traffic, DSR