| With more and more people accessing the Internet,Internet technology has seen rapid development and explosive growth in traffic,which is interspersed with malicious traffic and encrypted traffic accounted for an increasing proportion,while the development of encryption technology also makes the detection of malicious traffic more and more difficult,seriously affecting the security of cyberspace.Network traffic detection technology is thus created,network traffic detection is essentially the classification of network traffic,the purpose is to distinguish the network of malicious traffic and normal traffic.With the continuous changes in network technology network traffic classification technology is also evolving,from the original simplest port number-based,to deep packet inspection-based,and now the more popular machine learning and deep learning-based.In this paper,we propose a malicious traffic detection model mainly for malicious traffic and encrypted traffic in the network.Firstly,this paper proposes a one-dimensional CNN-based malicious traffic detection model for malicious traffic in the network,considering that port-based and deep packet detection-based methods are not suitable for the current network environment.The model combines the feature engineering in machine learning with the automatic learning in deep learning,and combines the traffic features(such as connection features,content features,statistical features,etc.)extracted by manual in the network traffic into a multi-dimensional feature vector as the input of 1D CNN after pre-processing,and carries out deep extraction and classification by 1D CNN model.Finally,the effectiveness of the model for malicious traffic detection in the network is verified by experimental comparison and analysis.Secondly,in view of the current situation that encrypted traffic has become the main traffic in today’s network,this paper considers that although the behavioral features of encrypted traffic can be extracted manually as ordinary traffic,the content features cannot be extracted,and analyzes the characteristics of the most common HTTPS encrypted traffic in the TLS handshake process,and finds that the malicious traffic in the TLS handshake process is different from the normal traffic.Therefore,we propose an encrypted malicious traffic detection model based on CNN and GRU.The model takes the first 20 packets in the network traffic,first extracts the packet-level feature vectors automatically by CNN,and then uses the extracted middle feature vector of each packet as the input of GRU to automatically extract the time-series features at the network traffic level,and uses the results for classification.Finally,the model is validated by experimental comparison analysis for malicious traffic detection of encrypted traffic in the network. |
PDF Full Text Request