基于深度学习的加密恶意流量检测研究

随着网络安全防范意识增强,加密通信占据主流,加密流量快速增长。流量加密在保护隐私的同时,也掩饰非法企图,改变威胁形式。深度学习作为机器学习领域的重要分支,是流量分类的有力工具。近年来,将深度学习方法应用于入侵检测的研究不断深入,取得良好效果。在深入调研文献的基础上,将加密恶意流量检测的步骤总结归纳为“六步法”的一般检测框架模型,结合模型对数据处理及检测算法进行回顾总结,指出各类算法模型的优缺点,并对未来研究方向进行展望,以期为下一步研究提供帮助。

Survey of encrypted malicious traffic detection based on deep learning

With the increasing awareness of network security,encrypted communication dominates and encrypted traffic grows rapidly.Traffic encryption,while protecting privacy,also masks illegal attempts and changes the form of threats.As one of the most important branch of machine learning,deep learning performs well in traffic classification.For several years,research on deep-learning based intrusion detection has been deepened and achieved good results.The steps of encrypted malicious traffic detection were introduced to be a general detection framework model named “six-step method”.Then,discussion and induction of data processing and detection algorithms were carried out combined with this model.Both advantages and disadvantages of various algorithm models were given as well.Finally,future research directions were pointed out with a view to providing assistance for further research.