PREDICT THE TIME SERIES OF HTTPS TRAFFIC BASED ON STATISTICAL RULES TO DETECT SUSPICIOUS ACTIVITY IN CLOUD INFRASTRUCTURES
DOI:
https://doi.org/10.17308/sait/1995-5499/2025/4/75-89Keywords:
cybersecurity, cloud infrastructure, anomaly detection, time series forecasting, machine learning, BiLSTM, attention mechanism, statistical rule, HTTPs, data augmentationAbstract
This paper presents a study aimed at improving the efficiency of detecting suspicious activity in cloud infrastructures through the analysis of HTTPS traffic. A hybrid approach is proposed, combining the capabilities of deep learning and statistical analysis. In particular, a bidirectional recurrent neural network with long-term memory (BiLSTM) with an attention mechanism is used to predict the time series of HTTPS traffic, which allows you to identify complex dependencies in data. To improve the accuracy of prediction and anomaly detection, the model integrates statistical rules derived from the analysis of correlations and associative rules between different traffic characteristics. The study analyzed the correlations between the number of incoming and outgoing bytes, as well as the associative rules that link these parameters to des tination ports, which made it possible to identify anomalous behavior that is not noticeable when analyzing individual features. The developed approach allows you to take into account the con text of network interaction and detect attacks masquerading as legitimate traffic. Special atten tion is paid to the process of data augmentation using the developed software tool for generating synthetic data that simulates real HTTPS traffic and various types of attacks. The tool generates data that takes into account feature distribution and correlations in real traffic, which allows you to balance the classes of normal and anomalous activity in the training sample. The results of ex periments on real and synthetic datasets demonstrate the effectiveness of the proposed approach in detecting anomalies and improving the security of cloud infrastructures. The key advantage of the developed system is its ability to adapt to changing traffic characteristics and detect both known and new types of threats.
References
Comparison between Expert Systems, Machine Learning, and Big Data: An Overview / Maad M. Mijwil [et al.] // Asian Journal of Applied Sciences. – 2022. – Vol. 10, No 1. – P. 8388. – DOI: 10.24203/ajas.v10i1.6930.
Network Traffic Anomaly Detection Model Based on Feature Reduction and Bidirectional LSTM Neural Network Optimization / Hanqing Jiang [et al.] // Scientific Programming. – 2023. – Vol. 2023, No 4. – P. 1–18. – DOI: 10.1155/2023/2989533.
Correlation-aware Spatial-Temporal Graph Learning for Multivariate Time-series Anomaly Detection / Yu Zheng [et al.] // arXiv preprint. – 2023. – arXiv:2307.08390. – DOI: 10.48550/arXiv.2307.08390.
Ahmed Hasham Ibn E Tariq Hybrid AI-Driven Techniques for Enhancing ZeroDay Exploit Detection in Intrusion Detection System (IDS) / Ahmed Hasham Ibn E Tariq, Moazan Basoud Ibn E Tariq, Songfeng Lu // Proceedings of the 2024 3rd International Conference on Artificial Intelligence, Internet of Things and Cloud Computing Technology (AIoTC). – 2024. – DOI: 10.1109/AIoTC63215.2024.10748333.
Network traffic anomaly detection model based on feature grouping and multi-autoencoders integration / Yang Zhou [et al.] // Electronics Letters. – Wiley, 2024. – Vol. 60, No 23. – DOI: 10.1049/ell2.70103.
MindFlow: A Network Traffic Anomaly Detection Model Based on MindSpore / Qiuyan Xiang [et al.] // arXiv preprint. – 2025. – arXiv:2504.17678. – DOI: 10.48550/arXiv.2504.17678.
Emmanuel Ok Real-Time Network Traffic Anomaly Detection Using Hybrid Deep Learning Models / Emmanuel Ok, Mayowa Emmanuel. – 2025. – March.
Lixin Jiang A Network Anomaly Traffic Detection Method Based on CNN-LSTM / Lixin Jiang // Security and Privacy. – 2025. – Vol. 8, No 3. – DOI: 10.1002/spy2.70033.
Himanshu Sinha An Efficient Machine Learning Based Models for Anomaly Detection in Network Traffic / Himanshu Sinha // Proceedings of the Intelligent Computing and Sustainable Innovation in Technology (IC-SIT) 2024. – Silicon University, India, 2024. – DOI: 10.1109/ICSIT63503.2024.10862888.
Augmentation and Fusion: Multi-Feature Fusion Based Self-Supervised Learning Approach for Traffic Tables / Xuan Zheng [et al.] // IEEE Transactions on Network and Service Management. – 2025. – Vol. PP, No 99. – P. 1-1. – DOI: 10.1109/TNSM.2025.3554824.
Hongbo Shi Combining data augmentation and model fine-tuning for learning from limited data / Hongbo Shi, Ying Zhang, Bowen Wan // International Journal of Machine Learning and Cybernetics. – 2025. – DOI: 10.1007/s13042-025-02611-2.
Alhassan Mumuni Data augmentation with automated machine learning: approaches and performance comparison with classical data augmentation methods / Alhassan Mumuni, Fuseini Mumuni // Knowledge and Information Systems. – 2025. – Vol. 67, No 5. – P. 4035–4085. – DOI: 10.1007/s10115-025-02349-x.
Long Short Term Memory Networks for Anomaly Detection in Time Series / Pankaj Malhotra [et al.] // 23rd European Symposium on Artificial Neural Networks, Computational Intelligence and Machine Learning. – 2015.
Downloads
Published
Issue
Section
License
Условия передачи авторских прав in English
