| Title |
AI-Based Encrypted Remote Access Traffic Detection: Technological Evolution and a Roadmap for Future Research |
| DOI |
https://doi.org/10.5370/KIEE.2026.75.6.1427 |
| Keywords |
AI; anomaly detection; abnormal behavior; ssh; rdp; GAN; LLM; synthetic dataset |
| Abstract |
With the widespread adoption of cloud infrastructure and remote work, encrypted remote access traffic via protocols such as SSH and RDP has surged, emerging as a primary attack vector of network intrusions. Attackers are bypassing traditional Deep Packet Inspection through non-standard port manipulation and payload encryption, necessitating AI-based detection technologies capable of analyzing behavioral patterns without traffic decryption. This paper systematically presents design guidelines for an encrypted traffic detection platform, examining key challenges and the technological evolution of detection models across three stages: data collection, preprocessing, and detection model design. In particular, the author's empirical research on ML-based detection models and WGAN-GP based synthetic data generation is presented as practical case studies, and future research directions for anomaly behavior detection are proposed. Furthermore, this study explores the potential of future LLM based traffic synthesis through experimental analysis. Notably, incorporating synthetic traffic synthesized by the LLM-based model achieved a significant 21.4% enhancement in F1-score performance. |