摘要
Abstract
The malicious TLS traffic detection aims to identify network traffic that involves malicious activities transmitted through the TLS protocol.Due to the encryption properties of the TLS protocol,traditional text-based traffic analysis methods have limited effectiveness when dealing with encrypted traffic.To address this issue,a malicious TLS traffic detection method called Multi-Modal Feature Fusion for TLS Traffic Detection(MTBRL)has been proposed.This method extracts and fuses features from different modalities to detect malicious TLS traffic.Firstly,expert knowledge is employed for feature engineering,extracting key features from encrypted traffic,including protocol versions,encryption suites,and certificate information.These features are processed and transformed into two-dimensional image representations.Then,ResNet is utilized to encode these images and extract their features.Simultaneously,an encrypted traffic pre-trained BERT model is used to encode TLS flows,allowing the learning of contextual and semantic features of the TLS traffic.Additionally,an LSTM model is employed to encode the sequence of packet length distributions of the encrypted traffic,capturing temporal characteristics.Finally,through feature fusion techniques,the different modality features are integrated,and the model's weight parameters are automatically learned and optimized using the backpropagation algorithm to accurately predict malicious TLS traffic.Experimental results demonstrate that this method achieves accuracy,precision,recall,and F1-score of 94.94%,94.85%,94.15%,and 94.45%,on the DataCon2020 dataset.This performance is significantly superior to traditional machine learning and deep learning methods.关键词
加密流量/网络安全/入侵检测/多模态/深度学习Key words
encrypted traffic/network security/intrusion detection/multi-modal/deep learning分类
信息技术与安全科学
