Research On Malware Traffic Classification Based On Triplet Network

In recent years,machine learning technology has been widely used in malicious traffic classification tasks.It uses the network flow features extracted manually,and achieves good classification results in business level(such as streaming media,games)and protocol family level(such as mail,file transfer),but for specific application-oriented(such as wechat,xunlei)fine-grained traffic classification The ability of feature representation is not enough when the task is classified into two classes.Due to the strong ability of automatic feature extraction and the remarkable effect in the field of face recognition,deep learning is gradually applied to the task of malicious traffic classification.Although the powerful feature representation ability of deep learning can obtain more distinguishing feature representation for different types of network traffic data,there are still problems of intra class diversity and inter class similarity in the application level classification of malicious traffic,which hinder the more accurate classification of malicious traffic.Therefore,this thesis proposes a malware traffic classification method based on triplet network to solve this problem and improve the accuracy of malware traffic classification.The main work of this thesis is as follows: firstly,by using the idea of deep learning in the field of image classification,this thesis transforms the original malicious network traffic of malware into image format as the input of this feature extraction model,and effectively applies the idea of deep learning in the field of malicious traffic classification.Secondly,an improved triple loss function based on batch center is proposed to solve the problem of intra class diversity and inter class similarity when using deep learning model to extract malware traffic characteristics.Thirdly,this thesis proposes a malware traffic classification method based on triplet network to classify malware traffic at fine-grained application level.Triplet network is used in this method Network model,as a feature extractor,aims to obtain more discriminative low dimensional features from malicious traffic,and then uses SVM multi classification algorithm to classify the extracted features.This method can effectively make the application level classification task of malicious software traffic obtain higher accuracy.Finally,the proposed method of malware traffic classification based on triplet network is verified and analyzed.The effectiveness of the proposed method is verified by two groups of control experiments.