摘要
首先介绍了安全传输层(TLS,transport layer security)协议的特点、流量识别方法;然后给出了一种基于机器学习的分布式自动化的恶意加密流量检测体系;进而从TLS特征、数据元特征、上下文数据特征3个方面分析了恶意加密流量的特征;最后,通过实验对几种常见机器学习算法的性能进行对比,实现了对恶意加密流量的高效检测。
Based on analyzing the characteristics of transport layer security(TLS)protocol,a distributed automation malicious traffic detecting system based on machine learning was designed.The characteristics of encrypted malware traffic from TLS data,observable metadata and contextual flow data was extracted.Support vector machine,random forest and extreme gradient boosting were used to compare the performance of the mainstream malicious encryption traffic identification which realized the efficient detection of malicious encryption traffic,and verified the validity of the detection system of malicious encryption traffic.
作者
骆子铭
许书彬
刘晓东
LUO Ziming;XU Shubin;LIU Xiaodong(The 54th Research Institute of China Electronics Technology Group Corporation,Shijiazhuang 050081,China;Shijiazhuang Communication Observation and Control Technology Institute,Shijiazhuang 050081,China)
出处
《网络与信息安全学报》
2020年第1期77-83,共7页
Chinese Journal of Network and Information Security
基金
国家重点研发计划基金资助项目(No.2016YFB0800302)
信息保障技术重点实验室基金资助项目(No.614211203020717)。
关键词
安全传输层
恶意加密流量
机器学习
transport layer security
encrypted malware traffic
machine learning
