基于图表示的恶意TLS流量检测方法OACSTPCD

Owing to the need for privacy protection,encryption services online are becoming increasingly popular.However,this also provides an avenue for malicious traffic to hide itself.As a result,the identification of encrypted malicious traffic has become an important task for network management.Currently,some mainstream techniques based on machine learning and deep learning have achieved good results.However,most of these methods ignore the structure of traffic and do not provide in-depth analysis of encryption protocols.To address this problem,this paper proposes a graph representation method for SSL/TLS traffic,summarizes the key features of TLS traffic and considers traffic correlation from the perspective of multiple attributes such as source IP,destination port and packet count of the flow.Furthermore,this paper establishes a malicious traffic identification framework GCN-RF based on graph convolutional neural network and random forest algorithm.This method transforms traffic into graph structure,integrates the structural information and node features of traffic for identification and classification.Experimental results on real public datasets show that the classification accuracy of this method is higher than that of current mainstream models.