基于深度生成对抗网络的恶意TLS流量识别

计算机与现代化 ›› 2022, Vol. 0 ›› Issue (04): 121-126.

• 信息安全 • 上一篇

基于深度生成对抗网络的恶意TLS流量识别

(1.新疆师范大学计算机科学技术学院，新疆乌鲁木齐830054;2.中国科学院新疆理化技术研究所，新疆乌鲁木齐830011)

出版日期:2022-05-07 发布日期:2022-05-07
作者简介:秦鸣乐（1996—），女，河南郑州人，硕士研究生，研究方向：网络安全，流量识别，E-mail: 2843644461@qq.com; 通信作者：年梅（1970—），女，新疆阿拉尔人，教授，博士，研究方向：计算机网络，E-mail: 2468830639@qq.com; 张俊（1983—），男，新疆乌鲁木齐人，高级工程师，硕士，研究方向：计算机网络，网络安全，E-mail: 120123547@qq.com。
基金资助:
新疆维吾尔自治区高等学校科研计划项目(XJEDU2017S032); 新疆师范大学“数据安全”重点实验室招标项目(XJNUSYS102017B04)

Malicious TLS Traffic Identification Based on Deep Generation Adversarial Network

(1. College of Computer Science and Technology, Xinjiang Normal University, Urumqi 830054, China;
2. Xinjiang Technical Institute of Physics and Chemistry, Chinese Academy of Sciences, Urumqi 830011, China)

Online:2022-05-07 Published:2022-05-07

摘要/Abstract

摘要： 恶意加密流量识别公开数据集中存在的类不平衡问题，严重影响着恶意流量预测的性能。本文提出使用深度生成对抗网络DGAN中的生成器和鉴别器，模拟真实数据集生成并扩展小样本数据，形成平衡数据集。此外，针对传统机器学习方法依赖人工特征提取导致分类准确度下降等问题，提出一种基于双向门控循环单元BiGRU与注意力机制相融合的恶意流量识别模型，由深度学习算法自动获取数据集不同时序的重要特征向量，进行恶意流量得识别。实验表明，与常用恶意流量识别算法相比，该模型在精度、召回率、F1等指标上都有较好的提升，能有效实现恶意加密流量的识别。

关键词: 恶意加密流量, 生成对抗网络, 类不平衡, 流量识别

Abstract: The class imbalance problem in the public data sets of malicious encrypted traffic identification seriously affects the performance of malicious traffic prediction. In this paper, we propose to use the generator and discriminator in the depth generation adversarial network DGAN to simulate the generation of real data sets and the expansion of small sample data to form balanced data sets. In addition, in order to solve the problems that traditional machine learning methods rely on artificial feature extraction, which leads to the decrease of classification accuracy, a malicious traffic recognition model based on the combination of two-way gating loop unit BiGRU and attention mechanism is proposed. The deep learning algorithm automatically obtains the important feature vectors of different time series of data sets to identify malicious traffic. Experiments show that compared with the common malicious traffic recognition algorithms, the model has a good improvement in accuracy, recall, F1 and other indicators, and can effectively realize the identification of malicious encrypted traffic.

Key words: malicious encrypted traffic, generation adversarial network, class imbalance, traffic identification

秦鸣乐, 年梅, 张俊, . 基于深度生成对抗网络的恶意TLS流量识别[J]. 计算机与现代化, 2022, 0(04): 121-126.

QIN Ming-yue, NIAN Mei, ZHANG Jun, . Malicious TLS Traffic Identification Based on Deep Generation Adversarial Network[J]. Computer and Modernization, 2022, 0(04): 121-126.

参考文献

［1］ Cisco. Encrypted traffic analytics (ETA)［EB/OL］. ［2021-03-27］. https://www.cisco.com/c/en/us/solutions/enterprise-networks/enterprise-network-security/eta.html.
［2］ ISRG互联网安全研究小组. Let’s Encrypt统计数据［EB/OL］. ［2021-03-27］. https://letsencrypt.org/zh-cn/stats/.
［3］ Cisco. Encrypted traffic analytics white paper［EB/OL］. ［2018-12-31］. https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/enterprise-network-security/nb-09-encrytd-traf-anlytcs-wp-cte-en.pdf.
［4］陈良臣,高曙,刘宝旭,等. 网络加密流量识别研究进展及发展趋势［J］. 信息网络安全, 2019,19(3):19-25.
［5］潘吴斌,程光,郭晓军,等. 网络加密流量识别研究综述及展望［J］. 通信学报, 2016,37(9):154-167.
［6］ ANDERSON B, PAUL S, MCGREW D. Deciphering malware’s use of TLS (without decryption)［J］. Journal of Computer Virology and Hacking Techniques, 2018,14(3):195-211.
［7］ ZHOU H Y, WANG Y, LEI X C, et al. A method of improved CNN traffic classification［C］// Proceedings of the 2017 13th International Conference on Computational Intelligence and Security (CIS). 2017:177-181.
［8］ KIM J, KIM J, THU H L T, et al. Long short term memory recurrent neural network classifier for intrusion detection［C］// Proceedings of the 2016 International Conference on Platform Technology and Service (PlatCon). 2016. DOI: 10.1109/PlatCon.2016.7456805.
［9］ CHAWLA N V, BOWYER K W, HALL L O, et al. SMOTE: Synthetic minority over-sampling technique［J］. Journal of Artificial Intelligence Research, 2002,16(1):321-357.
［10］BATISTA G E A P A, CARVALHO A C P L F, MONARD M C. Applying one-sided selection to unbalanced datasets［C］// Proceedings of the 2000 Mexican International Conference on Artificial Intelligence: Advances in Artificial Intelligence. 2000:315-325.
［11］YEN S J, LEE Y S. Cluster-based under-sampling approaches for imbalanced data distributions［J］. Expert Systems with Applications, 2009,36(3):5718-5727.
［12］GOODFELLOW I J, SHLENS J, SZEGEDY C. Explaining and harnessing adversarial examples［J］. arXiv preprint arXiv:1412.6572, 2014.
［13］李沛洋,李璇,陈俊杰,等. 面向规避僵尸网络流量检测的对抗样本生成［J/OL］. 计算机工程与应用:1-9(2021-01-29)［2021-03-27］. https://kns.cnki.net/kcms/detail/11.2127.TP.20210129.1053.004.html.
［14］谭越,邹福泰. 基于ResNet和BiLSTM的僵尸网络检测方法［J］. 通信技术, 2019,52(12):2975-2981.
［15］林雍博,凌捷. 基于残差网络和GRU的XSS攻击检测方法［J/OL］. 计算机工程与应用:1-8(2021-04-20)［2021-04-28］. https://kns.cnki.net/kcms/detail/11.2127.TP.20210420.1038.030.html.
［16］万子云,陈世伟,秦斌,等. 基于深度学习的MOOC作弊行为检测研究［J］. 信息安全学报, 2021,6(1):32-39.
［17］王晓茹,张珩. 基于注意力机制和图卷积的小样本分类网络［J/OL］. 计算机工程与应用:1-8(2021-06-24)［2021-06-25］. https://kns.cnki.net/kcms/detail/11.2127.tp.20210624.1629.006.html.
［18］VASWANI A, SHAZEER N, PARMAR N, et al. Attention is all you need［C］// Proceedings of the 31st International Conference on Neural Information Processing Systems. 2017:6000-6010.
［19］王伟. 基于深度学习的网络流量分类及异常检测方法研究［D］. 合肥:中国科学技术大学, 2018.
［20］蒋彤彤,尹魏昕,蔡冰,等. 基于多头注意力的恶意加密流量识别［J/OL］. 计算机工程:1-14［2021-05-08］. https://doi.org/10.19678/j.issn.1000-3428.0058517.
［21］李道全,王雪,于波,等. 基于一维卷积神经网络的网络流量分类方法［J］. 计算机工程与应用, 2020,56(3):94-99.
［22］University of New Brunswick. Intrusion detection evaluation dataset (CIC-IDS2017)［EB/OL］. ［2021-05-08］. https://www.unb.ca/cic/datasets/ids-2017.html.
［23］DUNCAN B. Malware-traffic-analysis［EB/OL］. ［2021-05-08］. https://www.malware-traffic-analysis.net.
［24］Stratosphere Lab. Malware capture facility project［EB/OL］. ［2021-05-08］. https://www.stratosphereips.org/datasets-malware.
［25］RADFORD A, METZ L, CHINTALA S. Unsupervised representation learning with deep convolutional generative adversarial networks［J］. arXiv preprint arXiv:1511.06434, 2015.
［26］WANG W, ZHU M, WANG J L, et al. End-to-end encrypted traffic classification with one-dimensional convolution neural networks［C］// Proceedings of the 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). 2017:43-48.

[1]	徐新爱, 李钢. 基于DCGAN的课堂表情图像生成方法[J]. 计算机与现代化, 2024, 0(08): 88-91.
[2]	王志强, 郑爽. 基于半监督学习的StyleGAN图像生成模型[J]. 计算机与现代化, 2024, 0(06): 14-18.
[3]	钟海龙1, 2, 何月顺1, 何璘琳1, 陈杰1, 田鸣3, 郑瑞银4. 基于代价敏感卷积神经网络的加密流量分类#br# #br#[J]. 计算机与现代化, 2024, 0(05): 55-60.
[4]	卢梓菡1, 张东1, 杨艳1, 杨双2. 基于生成对抗网络的乳腺癌免疫组化图像生成[J]. 计算机与现代化, 2024, 0(03): 92-96.
[5]	刘彦红, 杨秋翔. 改进生成对抗网络的图像去雾算法[J]. 计算机与现代化, 2024, 0(02): 56-63.
[6]	付鸿林, 张太红, 杨雅婷, 艾孜麦提·艾瓦尼尔, 马博. 基于生成对抗网络的维语场景文字修改网络[J]. 计算机与现代化, 2024, 0(01): 41-46.
[7]	王鑫, 肖韬睿. 基于生成对抗网络的人脸识别对抗攻击[J]. 计算机与现代化, 2023, 0(10): 115-120.
[8]	江蕾, 唐建, 杨超越, 吕婷婷. 基于CWGAN-GP与CNN的轴承故障诊断方法[J]. 计算机与现代化, 2023, 0(07): 1-6.
[9]	李海涛, 胡泽涛, 张俊虎. 基于NS-StyleGAN2的鱼类图像扩充方法[J]. 计算机与现代化, 2023, 0(01): 13-17.
[10]	庄文华, 唐晓刚, 张斌权, 原光明. 基于生成对抗网络的高照度可见光图像生成[J]. 计算机与现代化, 2023, 0(01): 1-6.
[11]	彭鹏菲, 周琳茹. 加入奖励的GRU对抗网络文本生成模型[J]. 计算机与现代化, 2022, 0(07): 121-126.
[12]	翟慧聪, 张明, 邓星, 王利群. 基于生成对抗网络的图像动漫化[J]. 计算机与现代化, 2022, 0(07): 21-26.
[13]	陈云翔, 王巍, 宁娟, 陈怡丹, 赵永新, 周庆华. PSWGAN-GP:改进梯度惩罚的生成对抗网络[J]. 计算机与现代化, 2022, 0(04): 21-26.
[14]	李阳阳, 杨英光. 基于生成对抗网络的社交机器人检测[J]. 计算机与现代化, 2022, 0(03): 1-6.
[15]	陈圆圆, 刘惠义. 基于生成对抗网络的破损老照片修复[J]. 计算机与现代化, 2021, 0(04): 42-47.

基于深度生成对抗网络的恶意TLS流量识别

Malicious TLS Traffic Identification Based on Deep Generation Adversarial Network

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价