| 基于机器学习的TLS恶意加密流量检测方案 |
| |
| 作者姓名: | 骆子铭 许书彬 刘晓东 |
| |
| 作者单位: | 1. 中国电子科技集团公司第五十四研究所,河北 石家庄 050081;2. 石家庄通信测控技术研究所,河北 石家庄 050081 |
| |
| 基金项目: | 国家重点研发计划基金资助项目(2016YFB0800302);信息保障技术重点实验室基金资助项目(614211203020717) |
| |
| 摘 要: | 首先介绍了安全传输层(TLS,transport layer security)协议的特点、流量识别方法;然后给出了一种基于机器学习的分布式自动化的恶意加密流量检测体系;进而从 TLS 特征、数据元特征、上下文数据特征3个方面分析了恶意加密流量的特征;最后,通过实验对几种常见机器学习算法的性能进行对比,实现了对恶意加密流量的高效检测。
|
| 关 键 词: | 安全传输层 恶意加密流量 机器学习 |
Scheme for identifying malware traffic with TLS data based on machine learning |
| |
| Authors: | Ziming LUO Shubin XU Xiaodong LIU |
| |
| Affiliation: | 1. The 54th Research Institute of China Electronics Technology Group Corporation,Shijiazhuang 050081,China;2. Shijiazhuang Communication Observation and Control Technology Institute,Shijiazhuang 050081,China |
| |
| Abstract: | Based on analyzing the characteristics of transport layer security (TLS) protocol,a distributed automation malicious traffic detecting system based on machine learning was designed.The characteristics of encrypted malware traffic from TLS data,observable metadata and contextual flow data was extracted.Support vector machine,random forest and extreme gradient boosting were used to compare the performance of the mainstream malicious encryption traffic identification which realized the efficient detection of malicious encryption traffic,and verified the validity of the detection system of malicious encryption traffic. |
| |
| Keywords: | transport layer security encrypted malware traffic machine learning |
|
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
