信息安全研究2024,Vol.10Issue(3):209-215,7.DOI:10.12379/j.issn.2096-1057.2024.03.03
基于图表示的恶意TLS流量检测方法
Malicious TLS Traffic Detection Based on Graph Representation
摘要
Abstract
Owing to the need for privacy protection,encryption services online are becoming increasingly popular.However,this also provides an avenue for malicious traffic to hide itself.As a result,the identification of encrypted malicious traffic has become an important task for network management.Currently,some mainstream techniques based on machine learning and deep learning have achieved good results.However,most of these methods ignore the structure of traffic and do not provide in-depth analysis of encryption protocols.To address this problem,this paper proposes a graph representation method for SSL/TLS traffic,summarizes the key features of TLS traffic and considers traffic correlation from the perspective of multiple attributes such as source IP,destination port and packet count of the flow.Furthermore,this paper establishes a malicious traffic identification framework GCN-RF based on graph convolutional neural network and random forest algorithm.This method transforms traffic into graph structure,integrates the structural information and node features of traffic for identification and classification.Experimental results on real public datasets show that the classification accuracy of this method is higher than that of current mainstream models.关键词
加密流量/恶意流量/图卷积神经网络/深度学习/加密协议Key words
encrypted traffic/malicious traffic/graph convolutional networks/deep learning/encrypted protocols分类
信息技术与安全科学引用本文复制引用
赵荻,尹志超,崔苏苏,曹中华,卢志刚..基于图表示的恶意TLS流量检测方法[J].信息安全研究,2024,10(3):209-215,7.基金项目
国家重点研发计划项目(2021YFF0307203) (2021YFF0307203)
中国科学院战略性先导科技专项(C类)项目(XDC02040100) (C类)
中国科学院信息工程研究所攀登计划项目(E3Z0101) (E3Z0101)
