首页 | 本学科首页   官方微博 | 高级检索  
     

加密流量中的恶意流量识别技术
引用本文:曾勇,吴正远,董丽华,刘志宏,马建峰,李赞. 加密流量中的恶意流量识别技术[J]. 西安电子科技大学学报(自然科学版), 2021, 48(3): 170-187. DOI: 10.19665/j.issn1001-2400.2021.03.022
作者姓名:曾勇  吴正远  董丽华  刘志宏  马建峰  李赞
摘    要:网络流量的加密传输是互联网的发展趋势之一,而加密流量中的恶意流量识别是维护网络空间安全的重要手段.识别恶意流量需要将加密流量进行密/非密、应用程序以及加密算法的细粒度区分以提高识别效率,再将不同精细度区分后的流量经过预处理后转化为图像、矩阵和N-gram等形式导入机器学习训练模型中进行训练,实现良性/恶意流量的二分类以...

关 键 词:加密流量  恶意流量  机器学习  密码学
收稿时间:2020-12-18

Research on malicious traffic identification technology in encrypted traffic
ZENG Yong,WU Zhengyuan,DONG Lihua,LIU Zhihong,MA Jianfeng,LI Zan. Research on malicious traffic identification technology in encrypted traffic[J]. Journal of Xidian University, 2021, 48(3): 170-187. DOI: 10.19665/j.issn1001-2400.2021.03.022
Authors:ZENG Yong  WU Zhengyuan  DONG Lihua  LIU Zhihong  MA Jianfeng  LI Zan
Affiliation:1. School of Cyber Engineering,Xidian University,Xi’an 710071,China;2. State Key Laboratory of Integrated Service Networks,Xidian University,Xi’an 710071,China
Abstract:The encrypted transmission of network traffic is one of the development trends of the Internet.The identification of malicious traffic in encrypted traffic is an important way to maintain the security of cyberspace.One of the prior tasks of identifying malicious traffic is to classify encrypted traffic into the encrypted/unencrypted,different kinds of the application programs and encryption algorithms in order to improve the efficiency of identification.Then they are transformed into the image,matrix,n-gram or other forms which will be sent into the machine learning training model,so as to realize the binary classification and multi classification of benign malicious traffic.However,the machine learning based way relies seriously on the number and quality of samples,and can not effectively deal with the data after traffic shaping or confusion.Fortunately,cryptography based malicious traffic identification can search malicious keywords over encrypted traffic to avoid such problems,which must integrate searchable encryption technology,deep packet inspection and a provable security model to protect both data and rules.Finally,some unsolved problems of malicious traffic identification technology in encrypted traffic are presented.
Keywords:encrypted traffic  malicious traffic  machine learning  cryptography  
点击此处可从《西安电子科技大学学报(自然科学版)》浏览原始摘要信息
点击此处可从《西安电子科技大学学报(自然科学版)》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号