Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (9): 365-370.doi: 10.11896/jsjkx.230800079

• Information Security • Previous Articles     Next Articles

Study on SSL/TLS Encrypted Malicious Traffic Detection Algorithm Based on Graph Neural Networks

TANG Ying, WANG Baohui   

  1. School of Software,Beihang University,Beijing 100191,China
  • Received:2023-08-14 Revised:2023-12-01 Online:2024-09-15 Published:2024-09-10
  • About author:TANG Ying,born in 1996,postgra-duate.Her main research interests include network security and graph neural networks,etc.
    WANG Baohui,born in 1973,senior engineer,master supervisor.His main research interests include network security,big data,artificial intelligence,etc.

PDF (PC)

440

Abstract: In order to achieve precise detection of SSL/TLS encrypted malicious traffic,a graph neural network-based model for malicious encrypted traffic detection is proposed,to address the issue of excessive reliance on expert experience in traditional machine learning methods.Through the analysis of SSL/TLS encrypted sessions,the interactive information within traffic sessions is characterized using a graph structure,transforming the problem of detecting malicious encrypted traffic into a graph classification task.The proposed model is based on a hierarchical graph pooling architecture,which aggregates through multiple layers of con-volutional pooling,incorporating attention mechanisms to fully exploit node features and graph structure information,resulting in an end-to-end approach for malicious encrypted traffic detection.The proposed model is evaluated on public CICAndMal2017 dataset.Experimental results demonstrate tha it achieves an accuracy of 97.1% in binary classification of encrypted malicious traffic detection,outperforming other models with an accuracy improvement of 2.1%,recall improvement of 3.2%,precision improvement of 1.6%,F1 score improvement of 2.1%.These results indicate that the proposed method exhibits superior representational and detection capabilities for malicious encrypted traffic in comparison to other methods.

Key words: SSL/TLS, Malicious encrypted traffic, Graph neural network, Graph classification, Hierarchical pooling

CLC Number: 

  • TP393.08
[1]ZHAO J J,LI Q,LIU S L.Towards traffic supervision in 6G:a graph neural network-based encrypted malicious traffic detection method[J].Chinese Science:Information Science,2022,52(2):270-286.
[2]HTTPS encryption on the web(2023)[R/OL].Google Transparency Report.https://transparencyreport.google.com/https/overview?hl=en.
[3]KANG P,YANG W Z,MA H Q.TLS Malicious EncryptedTraffic Identification Research [J].Computer Engineering and Applications,2022,58(12):1-11.
[4]HU B.Research on the Detection of Malicious SSL/TLS Encrypted Traffic[D].Shanghai:Shanghai Jiao Tong University,2022.
[5]LASHKARI A H,KADIR A F A,TAHERI L,et al.Toward developing a systematic approach to generate benchmark android malware datasets and classification[C]//2018 International Carnahan Conference on Security Technology(ICCST).IEEE,2018:1-7.
[6]CHEN R,LI Y,FANG W.Android malware identification based on traffic analysis[C]//International Conference on Artificial Intelligence and Security.Cham:Springer International Publi-shing,2019:293-303.
[7]ANDERSON B,MCGREW D.Identifying encrypted malwaretraffic with contextual flow data[C]//Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security.2016:35-46.
[8]HUO Y H,ZHAO F Q.Encrypted Malicious Traffic Detection Based on Stacking and Multi-Feature Fusion[J].Computer Engineering,2023,49(5):165-172,180.
[9]HUO Y H,ZHAO F Q,WU W H.Multi-feature fusion basedencrypted malicious traffic detection method for coal mine network [J].Journal of Mine Automation,2022,48(7):142-148.
[10]CHEN J,HUANG J,LU X.Convolutional neural network-based identification of malicious traffic for TLS encryption[C]//2022 7th International Conference on Intelligent Computing and Signal Processing(ICSP).IEEE,2022:1544-1549.
[11]YANG Z C,ZHU C W,CHOU J.Encrypted malicious traffic detection method based on TextCNN [J].Journal of Guangzhou University( Natural Science Edition),2022,21(1):1-9.
[12]ZHOU Y,ZHANG J,JIANG B.Detection of Malicious Encryp-ted Traffic Based on LSTM Recurrent Neural Network [J].Computer Applications and Software,2020,37(2):308- 312.
[13]LOPEZ-MARTIN M,CARRO B,SANCHEZ-ESGUEVILLASA,et al.Network traffic classifier with convolutional and recurrent neural networks for Internet of Things[J].IEEE Access,2017,5:18042-18050.
[14]JIANG T T,YIN W X,CAI B.Encrypted Malicious TrafficIdentification Based on Hierarchical Spatiotemporal Feature and Multi-Head Attention [J].Computer Engineering,2021,47(7):101-108.
[15]DAINOTTI A,PESCAPE A,CLAFFY K C.Issues and future directions in traffic classification[J].IEEE Network,2012,26(1):35-40.
[16]CHEN M H,ZHU Y F,LU B.Classification of ApplicationType of Encrypted Traffic Based on Attention CNN [J].Computer Science,2021,48(4):325-332.
[17]ZHANG X L,CHENG Q F,MA J F.Advance in TLS 1.3 Protocol Studies [J].Journal of Wuhan University(Natural Science Edition),2018,64(6):471-484.
[18]WANG Q F,ZHAI J T,CHEN W.An encrypted traffic classification method based on graph convolutional neural networks [J].Electronic Measurement Technology,2022,45(14):109-115.
[19]KIPF T N,WELLING M.Semi-supervised classification withgraph convolutional networks[J].arXiv:1609.02907,2016.
[20]LEE J,LEE I,KANG J.Self-attention graph pooling [C]//International Conference on Machine Learning.PMLR,2019:3734-3743.
[21]DENG H C.Research on Fake News Detection Based on Interaction Graph Hierarchical Pooling [D].Wuhan:Huazhong University of Science and Technology,2022.
[1] CHEN Liang, SUN Cong. Deep-learning Based DKOM Attack Detection for Linux System [J]. Computer Science, 2024, 51(9): 383-392.
[2] CHEN Shanshan, YAO Subin. Study on Recommendation Algorithms Based on Knowledge Graph and Neighbor PerceptionAttention Mechanism [J]. Computer Science, 2024, 51(8): 313-323.
[3] HU Haibo, YANG Dan, NIE Tiezheng, KOU Yue. Graph Contrastive Learning Incorporating Multi-influence and Preference for Social Recommendation [J]. Computer Science, 2024, 51(7): 146-155.
[4] WEI Ziang, PENG Jian, HUANG Feihu, JU Shenggen. Text Classification Method Based on Multi Graph Convolution and Hierarchical Pooling [J]. Computer Science, 2024, 51(7): 303-309.
[5] PENG Bo, LI Yaodong, GONG Xianfu, LI Hao. Method for Entity Relation Extraction Based on Heterogeneous Graph Neural Networks and TextSemantic Enhancement [J]. Computer Science, 2024, 51(6A): 230700071-5.
[6] DONG Wanqing, ZHAO Zirong, LIAO Huimin, XIAO Hui, ZHANG Xiaoliang. Research and Implementation of Urban Traffic Accident Risk Prediction in Dynamic Road Network [J]. Computer Science, 2024, 51(6A): 230500118-10.
[7] LIU Wei, SONG You, ZHUO Peiyan, WU Weiqiang, LIAN Xin. Study on Kcore-GCN Anti-fraud Algorithm Fusing Multi-source Graph Features [J]. Computer Science, 2024, 51(6A): 230600040-7.
[8] CHU Xiaoxi, ZHANG Jianhui, ZHANG Desheng, SU Hui. Browser Fingerprint Tracking Based on Improved GraphSAGE Algorithm [J]. Computer Science, 2024, 51(6): 409-415.
[9] CHEN Sishuo, WANG Xiaodong, LIU Xiyang. Survey of Breast Cancer Pathological Image Analysis Methods Based on Graph Neural Networks [J]. Computer Science, 2024, 51(6): 172-185.
[10] LU Min, YUAN Ziting. Graph Contrast Learning Based Multi-graph Neural Network for Session-based RecommendationMethod [J]. Computer Science, 2024, 51(5): 54-61.
[11] LAN Yongqi, HE Xingxing, LI Yingfang, LI Tianrui. New Graph Reduction Representation and Graph Neural Network Model for Premise Selection [J]. Computer Science, 2024, 51(5): 193-199.
[12] ZHANG Liying, SUN Haihang, SUN Yufa , SHI Bingbo. Review of Node Classification Methods Based on Graph Convolutional Neural Networks [J]. Computer Science, 2024, 51(4): 95-105.
[13] ZHANG Tao, LIAO Bin, YU Jiong, LI Ming, SUN Ruina. Benchmarking and Analysis for Graph Neural Network Node Classification Task [J]. Computer Science, 2024, 51(4): 132-150.
[14] LUO Zeyang, TIAN Hua, DOU Yingtong, LI Manwen, ZHANG Zehua. Fake Review Detection Based on Residual Networks Fusion of Multi-relationship Review Features [J]. Computer Science, 2024, 51(4): 314-323.
[15] ZHENG Cheng, SHI Jingwei, WEI Suhua, CHENG Jiaming. Dual Feature Adaptive Fusion Network Based on Dependency Type Pruning for Aspect-basedSentiment Analysis [J]. Computer Science, 2024, 51(3): 205-213.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.