Design Of Real-time Detection System For TLS Encrypted WEB Malicious Traffic Based On Machine Learning

The detection of malicious network traffic is a hot spot in the field of network security today,and it is the main component of network security situational awareness.With the development of security technology,more and more Website systems use encryption technology to transmit data to and from users.On the one hand,encryption technology protects users’ personal privacy from leaking and illegal interception,but on the other hand,it follows The problem is that this technology also makes hacker attacks concealed,making detection more difficult.The existing technology mainly studies the overall characteristics of encrypted traffic,and has learning and detection effects for the long-term attack characteristics of familyized malware,but it is not capable of responding to the complex and diversified development trend of current malicious attacks,and it does not effectively detect single-frame network data.means.In order to solve the above problems,this article conducts research on the detection of malicious Website traffic.First,it analyzes the characteristics of the network traffic data of the Website system,and then extracts and generalizes the effective attack information in the authoritative message data set,and submits it to the HMM and SVM algorithm for training.It is verified that the HMM and SVM algorithms have the ability to evaluate and judge multiple types of attack information against Websites.By adjusting the algorithm,parameters,feature optimization methods and other methods,the detection accuracy of the SVM algorithm is finally 99.88%.At the same time,experiments have verified that the SVM algorithm is superior to the HMM algorithm in terms of execution efficiency and accuracy.Furthermore,the migration and generalization ability of the optimal model generated by the test SVM can reach 99.44%.So I designed a real-time network packet capture parsing program that includes a TLS decryption module,and studied the combination of the above machine learning SVM classification model,and designed and implemented a system for real-time detection of data packets flowing through it frame by frame.In order to test the actual network malicious traffic detection effect,a real WEB system supporting the TLS encryption protocol was built,and 50,000 to 80,000 network data packets containing 26,066 malicious data packets were sent using the automatic connection packet sending program.Both sets of tests were performed.25,956 malicious messages were correctly detected,and the test accuracy rate also reached 99.44%.The experimental results proved the effectiveness of the WEB site encryption malicious traffic detection system designed in this thesis,which met the research needs and solved the problems raised in the article.