计算机与现代化 ›› 2022, Vol. 0 ›› Issue (04): 121-126.

• 信息安全 • 上一篇    

基于深度生成对抗网络的恶意TLS流量识别

  

  1. (1.新疆师范大学计算机科学技术学院,新疆乌鲁木齐830054;2.中国科学院新疆理化技术研究所,新疆乌鲁木齐830011)
  • 出版日期:2022-05-07 发布日期:2022-05-07
  • 作者简介:秦鸣乐(1996—),女,河南郑州人,硕士研究生,研究方向:网络安全,流量识别,E-mail: 2843644461@qq.com; 通信作者:年梅(1970—),女,新疆阿拉尔人,教授,博士,研究方向:计算机网络,E-mail: 2468830639@qq.com; 张俊(1983—),男,新疆乌鲁木齐人,高级工程师,硕士,研究方向:计算机网络,网络安全,E-mail: 120123547@qq.com。
  • 基金资助:
    新疆维吾尔自治区高等学校科研计划项目(XJEDU2017S032); 新疆师范大学“数据安全”重点实验室招标项目(XJNUSYS102017B04)

Malicious TLS Traffic Identification Based on Deep Generation Adversarial Network

  1. (1. College of Computer Science and Technology, Xinjiang Normal University, Urumqi 830054, China;
    2. Xinjiang Technical Institute of Physics and Chemistry, Chinese Academy of Sciences, Urumqi 830011, China)
  • Online:2022-05-07 Published:2022-05-07

摘要: 恶意加密流量识别公开数据集中存在的类不平衡问题,严重影响着恶意流量预测的性能。本文提出使用深度生成对抗网络DGAN中的生成器和鉴别器,模拟真实数据集生成并扩展小样本数据,形成平衡数据集。此外,针对传统机器学习方法依赖人工特征提取导致分类准确度下降等问题,提出一种基于双向门控循环单元BiGRU与注意力机制相融合的恶意流量识别模型,由深度学习算法自动获取数据集不同时序的重要特征向量,进行恶意流量得识别。实验表明,与常用恶意流量识别算法相比,该模型在精度、召回率、F1等指标上都有较好的提升,能有效实现恶意加密流量的识别。

关键词: 恶意加密流量, 生成对抗网络, 类不平衡, 流量识别

Abstract: The class imbalance problem in the public data sets of malicious encrypted traffic identification seriously affects the performance of malicious traffic prediction. In this paper, we propose to use the generator and discriminator in the depth generation adversarial network DGAN to simulate the generation of real data sets and the expansion of small sample data to form balanced data sets. In addition, in order to solve the problems that traditional machine learning methods rely on artificial feature extraction, which leads to the decrease of classification accuracy, a malicious traffic recognition model based on the combination of two-way gating loop unit BiGRU and attention mechanism is proposed. The deep learning algorithm automatically obtains the important feature vectors of different time series of data sets to identify malicious traffic. Experiments show that compared with the common malicious traffic recognition algorithms, the model has a good improvement in accuracy, recall, F1 and other indicators, and can effectively realize the identification of malicious encrypted traffic.

Key words: malicious encrypted traffic, generation adversarial network, class imbalance, traffic identification