首页 | 本学科首页   官方微博 | 高级检索  
     

基于迁移学习的加密恶意流量检测方法
引用本文:张稣荣,陈博,卜佑军,路祥雨,孙嘉. 基于迁移学习的加密恶意流量检测方法[J]. 计算机工程与应用, 2022, 58(17): 130-138. DOI: 10.3778/j.issn.1002-8331.2106-0143
作者姓名:张稣荣  陈博  卜佑军  路祥雨  孙嘉
作者单位:1.中国人民解放军战略支援部队信息工程大学 信息技术研究所,郑州 4500002.郑州大学 软件学院,郑州 450000
摘    要:现有加密恶意流量检测方法需要利用大量准确标记的样本进行训练,以达到较好的检测效果。但在实际网络环境中,加密流量数据由于其内容不可见而难以进行正确标记。针对上述问题,提出了一种基于迁移学习的加密恶意流量检测方法,首次将基于ImageNet数据集预训练的模型Efficientnet-B0,迁移到加密流量数据集上,保留其卷积层结构和参数,对全连接层进行替换和再训练,利用迁移学习的思想实现小样本条件下的高性能检测。该方法利用端到端的框架设计,能够直接从原始流量数据中提取特征并进行检测和细粒度分类,避免了繁杂的手动特征提取过程。实验结果表明,该方法对正常、恶意流量的二分类准确率能够达到99.87%,加密恶意流量细粒度分类准确率可达到98.88%,并且在训练集中各类流量样本数量减少到100条时,也能够达到96.35%的细粒度分类准确率。

关 键 词:加密恶意流量检测  迁移学习  Efficientnet  小样本  加密流量  

Encrypted Malicious Traffic Detection Method Based on Transfer Learning
ZHANG Surong,CHEN Bo,BU Youjun,LU Xiangyu,SUN Jia. Encrypted Malicious Traffic Detection Method Based on Transfer Learning[J]. Computer Engineering and Applications, 2022, 58(17): 130-138. DOI: 10.3778/j.issn.1002-8331.2106-0143
Authors:ZHANG Surong  CHEN Bo  BU Youjun  LU Xiangyu  SUN Jia
Affiliation:1.Information Technology Institute, PLA Strategic Support Force Information Engineering University, Zhengzhou 450000, China2.School of Software, Zhengzhou University, Zhengzhou 450000, China
Abstract:The existing encryption malicious traffic detection methods need to use a large number of accurately marked samples for training, to achieve a better detection effect. But in the real network environment, it is difficult to mark the encrypted traffic data correctly because its content is not visible. In view of the above problems, an encrypted malicious traffic detection method based on tranfer learning is proposed. The Eficientnet-B0, a pre-trained model based on the Imagenet dataset, is transferred to the encrypted traffic dataset for the first time. Its convolution layer structure and parameters are preserved, and the fully connected layers are replaced and retrained. By the idea of migration learning, the high detection performance under small sample condition is realized. Utilizing the end-to-end framework design, this method can extract the features from the original traffic data directly, then detect and classify them in fine-grained way, which avoids the complicated manual feature extraction process. The experimental results show that this method can achieve 99.87% binary classification accuracy and 98.88% fine-grained classification accuracy. Furthermore, when the number of various traffic samples in the training set is reduced to 100, it can also reach 96.35% of fine-grained classification accuracy.
Keywords:encrypted malicious traffic detection   transfer learning   Efficientnet   few-shot   encrypted traffic  
点击此处可从《计算机工程与应用》浏览原始摘要信息
点击此处可从《计算机工程与应用》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号