计算机与现代化Issue(12):61-65,73,122,7.DOI:10.3969/j.issn.1006-2475.2025.12.009
对比学习的恶意加密流量检测方法
Contrastive Learning Method for Detecting Malicious Encrypted Traffic
摘要
Abstract
To address the issue of insufficient representation capability in malicious encrypted traffic detection models,a mali-cious encrypted traffic detection method based on contrastive learning is proposed,with the goal of enhancing the model's repre-sentation ability and thereby improving the detection accuracy of malicious encrypted traffic.This method diverges from tradi-tional approaches that directly extract features from traffic data,focusing instead on learning the intrinsic representations of the data prior to feature extraction.Specifically,local and global features of encrypted traffic are extracted using a multi-scale mechanism to capture key information at different scales.Then,in the metric space of contrastive learning,the distance between encrypted traffic and the correct classification label is minimized,while the distance from the incorrect classification label is maximized by optimizing the objective function,enabling the model to better distinguish between malicious and normal encrypted traffic.After training,the model captures more discriminative features of encrypted traffic,ultimately improving detection accu-racy.The experimental dataset is composed of sampling from multiple public datasets including UNSW NS 2019,CICIDS-2017,CIC-AndMal 2017,Malware Capture Facility Project Dataset,and CICIDS-2012.The results show that the method achieves 97.59%detection accuracy,exceeding comparative models,with 3.16 percentage points increase over the random forest bench-mark.Furthermore,the interpretability and detection rate of the method are also improved.关键词
加密流量/恶意流量/深度学习/对比学习/多尺度特征Key words
encrypted traffic/malicious traffic/deep learning/contrastive learning/multi-scale features分类
信息技术与安全科学引用本文复制引用
吴佳宏..对比学习的恶意加密流量检测方法[J].计算机与现代化,2025,(12):61-65,73,122,7.基金项目
广州市重点领域研发计划项目(202007010004) (202007010004)
