YANG Yan zhao, ZHU Cheng wei, QIU Jing, TONG Yong xin
Journal of Guangzhou University(Natural Science Edition).
2022, 21(1):
1-9.
With the rapid development of Internet technology, 95% of traffic is encrypted using SSL / TLS protocol, which hides a large amount of malicious traffic. Because of the large volume of network traffic and the invisibility of encrypted data, how to detect encrypted malicious traffic without decryption becomes an important topic. Existing methods based on pattern matching cannot handle encrypted traffic. Methods based on statistical features and temporal features rely on expert experience and re quire a lot of time to extract features manually. In this paper, the deep learning algorithm is combined with the field of encrypted malicious traffic detection. First, the original network traffic is segmented, cleaned, converted and pruned into a one dimensional sequence of uniform length. Then, the Text CNN network structure is customized, and the context features are automatically extracted from the original traffic through multiple groups of one dimensional convolution, and these features are used to classify the traffic. In order to prove the effectiveness of this method, real network traffic samples were used for experiments and compared with network models such as CNN, LSTM and GRU. Experimental data show that the method proposed in this paper has strong generalization ability on unknown da ta, high detection accuracy and a low false positive rate.