摘要
随着互联网应用加密业务流的快速增长,流量加密在保护隐私的同时也给网络安全防御带来了巨大的挑战,恶意加密流量检测是互联网安全领域的一个重点问题。文章首先介绍了TLS协议特点、流量识别方法;然后,从TLS特征、数据元特征、上下文数据三个方面分析了恶意加密流量的特征,给出了基于机器学习的TLS恶意流量检测相关方法;最后,通过构建基于机器学习的分布式自动化的恶意流量检测体系,实现对恶意流量的动态检测,并具备增量式学习能力。
As the flow of encrypted network traffic growing rapidly,the encryption of data protects privacy while poses a great threat to cyberthreat defense.Identifying threats contained within encrypted network traffic is a key issue in the network security domain.In this paper,we begin by introduce the characteristics of TLS protocol and the methodology of identifying network traffic.Then,we analyze the characteristics of encrypted malware traffic from TLS data,observable metadata and contextual flow data.This study is used to design the methodology of detecting malicious traffic's use of TLS based on machine learning.Finally,we manage to detect malicious traffic dynamically with incremental learning ability by building a distributed automation malicious traffic detecting system based on machine learning.
作者
骆子铭
许书彬
王杰勋
Luo Ziming;Xu Shubin(The 54th Research Institute of China Electronics Technology Group Corporation,HebeiShijiazhuang 050081)
出处
《网络空间安全》
2019年第7期89-94,共6页
Cyberspace Security
关键词
机器学习
流量识别
安全传输层
machine learning
encrypted traffic
Transport Layer Security
