首页|期刊导航|通信学报|基于混合结构深度神经网络的HTTP 恶意流量检测方法

基于混合结构深度神经网络的HTTP 恶意流量检测方法

李佳云晓春李书豪张永铮谢江方方

通信学报2019，Vol.40Issue(1)：24-33,10.

通信学报2019，Vol.40Issue(1)：24-33,10.DOI:10.11959/j.issn.1000-436x.2019019

基于混合结构深度神经网络的HTTP 恶意流量检测方法

HTTP malicious traffic detection method based on hybrid structure deep neural network

李佳 ¹云晓春 ²李书豪 ¹张永铮 ¹谢江 ³方方¹

作者信息

1. 中国科学院信息工程研究所,北京 100093
2. 中国科学院大学网络空间安全学院,北京 100049
3. 中国科学院网络测评技术重点实验室,北京 100195
折叠

摘要

Abstract

In response to the HTTP malicious traffic detection problem, a preprocessing method based on cutting mechanism and statistical association was proposed to perform statistical information correlation as well as normalization processing of traffic. Then, a hybrid neural network was proposed based on the combination of raw data and empirical feature engineering. It combined convolutional neural network (CNN) and multilayer perceptron (MLP) to process text and statistical information. The effect of the model was significantly improved compared with traditional machine learning algorithms (e.g., SVM). The F1 value reached 99.38％ and had a lower time complexity. At the same time, a data set consisting of more than 450 000 malicious traffic and more than 20 million non-malicious traffic was created. In addition, prototype system based on model was designed with detection precision of 98.1％～99.99％ and recall rate of 97.2％～ 99.5％. The application is excellent in real network environment.

关键词

异常检测/恶意流量数据/卷积神经网络/多层感知机制

Key words

abnormal detection/malicious traffic data/convolutional neural network/multilayer perceptron

分类

信息技术与安全科学

引用本文复制引用

李佳,云晓春,李书豪,张永铮,谢江,方方..基于混合结构深度神经网络的HTTP 恶意流量检测方法[J].通信学报,2019,40(1):24-33,10.

基金项目

国家重点研究发展计划("973"计划)基金资助项目(No.2016YFB0801502) （"973"计划）

国家自然科学基金资助项目(No.U1736218) （No.U1736218）

通信学报

OA北大核心CSCDCSTPCD

ISSN：1000-436X

访问量0

下载量0

段落导航