基于特征融合的恶意加密流量识别
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

基金项目:


Malicious Encrypted Traffic Identification Based on Feature Fusion
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 增强出版
  • |
  • 文章评论
    摘要:

    随着加密技术的全面应用, 越来越多的恶意软件同样采用加密的方式隐藏自身的网络活动, 导致基于规则和特征的传统方法无法满足准确性和普适性的要求. 针对上述问题, 提出一种层次特征融合和注意力的恶意加密流量识别方法. 算法具备层次结构, 依次提取数据包的特征和会话流的特征, 前一阶段设计全局混合池化方法进行特征融合; 后一阶段使用注意力机制提高BiLSTM网络分析序列关系的能力. 最终, 实验采用CIC-AndMal 2017数据集进行验证, 结果表明: 模型设计合理, 相比TextCNN模型和HST-MHSA模型, 漏报率分别降低5.8%和2.6%, 加权F1值分别提高4.7%和3.5%, 在恶意加密流量识别和分类方面体现良好的优化效果.

    Abstract:

    With the comprehensive application of encryption techniques, a growing number of malware also resort to encryption to hide their activities online, consequently preventing traditional methods based on patterns and features from meeting the requirements of accuracy and universality. To solve this problem, this study proposes a malicious encrypted traffic identification method based on hierarchical feature fusion and attention. The algorithm has a hierarchical structure and sequentially extracts the features of data packets and session flows. In the former phase, a global mixed pooling method is designed for feature fusion. In the latter phase, the attention mechanism is used to improve the ability of the bidirectional long short-term memory (BiLSTM) network to analyze sequential relationships. Finally, verification experiments are conducted on the CIC-AndMal 2017 dataset, and the results show that the proposed model is well-designed. Compared with the text convolutional neural network (TextCNN) model and the hierarchical spatiotemporal feature and multi-head self-attention (HST-MHSA) model, the proposed model reduces the false negative rate respectively by 5.8% and 2.6% and increases the weighted F1-score respectively by 4.7% and 3.5%. In other words, the proposed model achieves a satisfactory optimization effect in the identification and classification of malicious encrypted traffic.

    参考文献
    相似文献
    引证文献
引用本文

包文博,沙乐天,曹晓梅.基于特征融合的恶意加密流量识别.计算机系统应用,2023,(1):358-367

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2022-04-17
  • 最后修改日期:2022-07-20
  • 录用日期:
  • 在线发布日期: 2022-11-04
  • 出版日期:
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京海淀区中关村南四街4号 中科院软件园区 7号楼305房间,邮政编码:100190
电话:010-62661041 传真: Email:csa (a) iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号