Design And Implementation Of Encrypted Malicious Traffic Detection Based On Attention Mechanism

With the rapid development of the network,people’s requirements for data security and information security are increasing day by day,and data encryption transmission has become the main means to protect user privacy and ensure network security.However,while network encryption ensures the confidentiality and integrity of user data,more and more attackers are also trying to hide attack behavior through encryption,conduct C&C connections through Https to transmit instructions,and bypass firewalls and intrusion detection systems through encryption.The above problems bring new challenges for malicious traffic identification.How to effectively detect malicious encrypted traffic without decrypting traffic to protect user privacy has become an urgent problem to be solved.Traditional rule-based and manual feature-based encrypted malicious traffic detection methods have the disadvantages of low detection rate and easy to be attacked by attackers.In recent years due to the continuous development of deep learning and its good nonlinear modeling ability,feature self-learning Deep learning has gradually emerged and realized end-to-end encrypted malicious traffic detection,but most studies only use a single network CNN,RNN,and SAE to detect encrypted malicious traffic.This paper combines deep learning to discuss problems such as extracting a single feature in malicious detection of encrypted traffic,difficulty in effectively identifying malicious features in encrypted traffic,and finegrained classification,and proposes a complete scheme for identifying encrypted malicious traffic.First of all,to solve the problem of low identification efficiency caused by the single extraction feature in the current encrypted traffic identification,this paper proposes an encrypted traffic identification scheme based on Vision Transformer fusion of temporal features.After preprocessing,the encrypted traffic is processed into encrypted traffic graph,the spatial features are extracted from the original encrypted traffic by BoTNet,and the spatial features are further integrated by Transformer,and the temporal features are extracted from the original encrypted traffic by BiLSTM.The two sub-networks are combined in parallel by early fusion,and finally the encrypted traffic is identified by the fused features.The model improves the recognition accuracy by extracting deeper and richer encryption features.The experimental results show that the method in this paper can enhance the identification performance of encrypted traffic by fusing multi-dimensional features,which is better than the existing schemes.The accuracy rate is more than 99%,and the influence of the hyperparameter head in the multi-head attention mechanism on the result and the influence of the size of the encrypted traffic image on the recognition effect are studied through experiments.Then,in the current encrypted malicious traffic detection,there are problems such as difficulty in effectively extracting malicious features and low efficiency of encrypted malicious traffic detection.This paper proposes an encrypted malicious traffic detection method based on TLS/SSL combining spatiotemporal features and double-layer attention mechanism.The spatial features in encrypted traffic packets are extracted through a one-dimensional convolutional network,and then the soft attention mechanism is used at the packet level.Further feature extraction is performed.At the stream level,BiGRU is used to extract the temporal features between encrypted streams,and then the malicious features are aggregated through the second layer of soft attention mechanism.The experimental results show that this model can detect encrypted malicious traffic at multiple granularities.It is superior to the existing schemes,and the effectiveness of each module is proved by its own comparative experiments.