计算机科学 ›› 2024, Vol. 51 ›› Issue (9): 365-370.doi: 10.11896/jsjkx.230800079
唐瑛, 王宝会
TANG Ying, WANG Baohui
摘要: 为实现SSL/TLS加密恶意流量的精准检测,针对传统机器学习方法过分依赖专家经验的问题,提出一种基于图神经网络的恶意加密流量检测模型。通过对SSL/TLS加密会话进行分析,利用图结构对流量会话交互信息进行表征,将恶意加密流量检测问题转化为图分类问题。生成的模型基于分层图池化架构,通过多层卷积池化的聚合,结合注意力机制,充分挖掘图中节点特征和图结构信息,实现了端到端的恶意加密流量检测方法。基于公开数据集CICAndMal2017进行验证,实验结果表明,所提模型在加密恶意流量二分类检测中,准确率高达97.1%,相较于其他模型,准确率、召回率、精确率、F1分数分别提升了2.1%,3.2%,1.6%,2.1%,说明所提方法对于恶意加密流量的表征能力和检测能力优于其他方法。
中图分类号:
| [1]ZHAO J J,LI Q,LIU S L.Towards traffic supervision in 6G:a graph neural network-based encrypted malicious traffic detection method[J].Chinese Science:Information Science,2022,52(2):270-286. [2]HTTPS encryption on the web(2023)[R/OL].Google Transparency Report.https://transparencyreport.google.com/https/overview?hl=en. [3]KANG P,YANG W Z,MA H Q.TLS Malicious EncryptedTraffic Identification Research [J].Computer Engineering and Applications,2022,58(12):1-11. [4]HU B.Research on the Detection of Malicious SSL/TLS Encrypted Traffic[D].Shanghai:Shanghai Jiao Tong University,2022. [5]LASHKARI A H,KADIR A F A,TAHERI L,et al.Toward developing a systematic approach to generate benchmark android malware datasets and classification[C]//2018 International Carnahan Conference on Security Technology(ICCST).IEEE,2018:1-7. [6]CHEN R,LI Y,FANG W.Android malware identification based on traffic analysis[C]//International Conference on Artificial Intelligence and Security.Cham:Springer International Publi-shing,2019:293-303. [7]ANDERSON B,MCGREW D.Identifying encrypted malwaretraffic with contextual flow data[C]//Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security.2016:35-46. [8]HUO Y H,ZHAO F Q.Encrypted Malicious Traffic Detection Based on Stacking and Multi-Feature Fusion[J].Computer Engineering,2023,49(5):165-172,180. [9]HUO Y H,ZHAO F Q,WU W H.Multi-feature fusion basedencrypted malicious traffic detection method for coal mine network [J].Journal of Mine Automation,2022,48(7):142-148. [10]CHEN J,HUANG J,LU X.Convolutional neural network-based identification of malicious traffic for TLS encryption[C]//2022 7th International Conference on Intelligent Computing and Signal Processing(ICSP).IEEE,2022:1544-1549. [11]YANG Z C,ZHU C W,CHOU J.Encrypted malicious traffic detection method based on TextCNN [J].Journal of Guangzhou University( Natural Science Edition),2022,21(1):1-9. [12]ZHOU Y,ZHANG J,JIANG B.Detection of Malicious Encryp-ted Traffic Based on LSTM Recurrent Neural Network [J].Computer Applications and Software,2020,37(2):308- 312. [13]LOPEZ-MARTIN M,CARRO B,SANCHEZ-ESGUEVILLASA,et al.Network traffic classifier with convolutional and recurrent neural networks for Internet of Things[J].IEEE Access,2017,5:18042-18050. [14]JIANG T T,YIN W X,CAI B.Encrypted Malicious TrafficIdentification Based on Hierarchical Spatiotemporal Feature and Multi-Head Attention [J].Computer Engineering,2021,47(7):101-108. [15]DAINOTTI A,PESCAPE A,CLAFFY K C.Issues and future directions in traffic classification[J].IEEE Network,2012,26(1):35-40. [16]CHEN M H,ZHU Y F,LU B.Classification of ApplicationType of Encrypted Traffic Based on Attention CNN [J].Computer Science,2021,48(4):325-332. [17]ZHANG X L,CHENG Q F,MA J F.Advance in TLS 1.3 Protocol Studies [J].Journal of Wuhan University(Natural Science Edition),2018,64(6):471-484. [18]WANG Q F,ZHAI J T,CHEN W.An encrypted traffic classification method based on graph convolutional neural networks [J].Electronic Measurement Technology,2022,45(14):109-115. [19]KIPF T N,WELLING M.Semi-supervised classification withgraph convolutional networks[J].arXiv:1609.02907,2016. [20]LEE J,LEE I,KANG J.Self-attention graph pooling [C]//International Conference on Machine Learning.PMLR,2019:3734-3743. [21]DENG H C.Research on Fake News Detection Based on Interaction Graph Hierarchical Pooling [D].Wuhan:Huazhong University of Science and Technology,2022. |
|
||
首页