Research And Implementation Of Malware Detection System Based On Encrypted Traffic

The increasing concern about personal privacy has led to the growing popularity of network encryption protocols that protect users’ information.However,encryption technology has also enabled malware to conceal its malicious behavior,creating a significant challenge to cybersecurity.Traditional detection methods exhibit low accuracy in identifying malware attacks hidden in encrypted traffic,rendering research into malware detection based on encrypted traffic increasingly vital.This thesis presents an introduction to the fundamental principles of malware detection,with a focus on traffic-based detection methods.Subsequently,a summary of recent domestic and foreign research on malware detection is provided,with a specific emphasis on the detection of malicious encrypted traffic using machine learning and deep learning techniques.Second,this thesis presents the development of a novel network-based model,METFusion(Malicious Encrypted Traffic Fusion Model),which utilizes multi-head self-attention and token mechanisms to detect malicious encrypted traffic.By incorporating side-channel and payload characteristics of traffic in multiple dimensions,METFusion provides a more comprehensive and accurate approach to detection.To evaluate the effectiveness of the model,the thesis proposes the creation of the MET2022 dataset by integrating several public datasets and captured malicious traffic.METFusion is trained on this dataset,addressing the issue of sample imbalance and outdated malicious traffic data present in previous datasets.Combined with the comparative experiments on other public datasets,the experimental results show that the evaluation indexes of METFusion on each dataset are improved compared with the traditional methods,and the recognition accuracy can be improved by about 6%at the highest.Finally,this thesis proposes the development of METAnalyzer(Malicious Encrypted Traffic Analyzer),a system designed to address the issue of insufficient security measures in the internal network environment of some public institutions.The system can capture and record network traffic in real time and perform encrypted traffic analysis to identify potential malware attack behavior.To validate the feasibility of the system in real-world scenarios,functional and performance tests have been conducted.The results demonstrate the utility of the system for future research and its potential to improve the security of internal networks.This thesis contributes to the field of malware detection by proposing a practical solution for the detection of potential threats in real-time.