Contrastive Learning Method for Detecting Malicious Encrypted Traffic

doi:10.3969/j.issn.1006-2475.2025.12.009

Abstract

Abstract: Abstract: To address the issue of insufficient representation capability in malicious encrypted traffic detection models， a malicious encrypted traffic detection method based on contrastive learning is proposed， with the goal of enhancing the model’s representation ability and thereby improving the detection accuracy of malicious encrypted traffic. This method diverges from traditional approaches that directly extract features from traffic data， focusing instead on learning the intrinsic representations of the data prior to feature extraction. Specifically， local and global features of encrypted traffic are extracted using a multi-scale mechanism to capture key information at different scales. Then， in the metric space of contrastive learning， the distance between encrypted traffic and the correct classification label is minimized， while the distance from the incorrect classification label is maximized by optimizing the objective function， enabling the model to better distinguish between malicious and normal encrypted traffic. After training， the model captures more discriminative features of encrypted traffic， ultimately improving detection accuracy. The experimental dataset is composed of sampling from multiple public datasets including UNSW NS 2019， CICIDS-2017， CIC-AndMal 2017， Malware Capture Facility Project Dataset， and CICIDS-2012. The results show that the method achieves 97.59% detection accuracy， exceeding comparative models， with 3.16 percentage points increase over the random forest benchmark. Furthermore， the interpretability and detection rate of the method are also improved.

Key words: Key words: encrypted traffic, malicious traffic, deep learning, contrastive learning, multi-scale features

CLC Number:

中图分类号：TP393

WU Jiahong. Contrastive Learning Method for Detecting Malicious Encrypted Traffic [J]. Computer and Modernization, 2025, 0(12): 61-65.

References

［1］ SHEN M， YE K， LIU X T， et al. Machine learning-powered encrypted network traffic analysis: A comprehensive survey［J］. IEEE Communications Surveys & Tutorials， 2022，25（1）:791-824
［2］温纤纤，柳毅，凌捷，等. 基于1DCNN-GRU的网络入侵检测混合模型［J］. 计算机应用与软件， 2023，40（6）:282-287.
［3］龚星宇，来源，李娜，等. 基于多尺度融合和时空特征的网络入侵检测模型［J］. 计算机工程与设计， 2024，45（6）:1640 -1646.
［4］邓昕，刘朝晖，欧阳燕，等. 基于CNN CBAM-BiGRU Attention的加密恶意流量识别［J］. 计算机工程， 2023，49（11）:178-186.
［5］巩思越，刘辉，王宝会. 基于会话统计编码器的恶意加密流量检测方法研究［J］. 计算机科学， 2024，51（11）:340-346.
［6］ ZHANG S R， BU Y J， CHEN B， et al. Transfer learning for encrypted malicious traffic detection based on efficientnet［C］// 2021 3rd International Conference on Advances in Computer Technology， Information Science and Communication （CTISC）. IEEE， 2021:72-76.
［7］ HONG Y P， LI Q， YANG Y Q， et al. Graph based encrypted malicious traffic detection with hybrid analysis of multi-view features［J］. Information Sciences， 2023，644. DOI: 10.1016/j.ins.2023.119229.
［8］ YANG H， HE Q， LIU Z Y， et al. Malicious encryption traffic detection based on NLP［J］. Security and Communication Networks， 2021，2021. DOI: 10.1155/2021/9960822.
［9］ YANG J， LIANG G， LI B B， et al. A deep-learning- and reinforcement-learning-based system for encrypted network malicious traffic detection［J］. Electronics Letters， 2021，57（9）:363-365
［10］ WANG Z H， FOK K W， THING V L L. Machine learning for encrypted malicious traffic detection: Approaches， datasets and comparative study［J］. Computers & Security， 2022，113（C）. DOI: 10.1016/j.cose.2021.102542.
［11］ JAISWAL A， BABU A R， ZADEH M Z， et al. A survey on contrastive self-supervised learning ［J］. Technologies， 2020，9（1）. DOI: 10.3390/technologies9010002.
［12］李希，刘喜平，李旺才，等. 对比学习研究综述［J］. 小型微型计算机系统， 2023，44（4）:787-797.
［13］ CHEN T， KORNBLITH S， NOROUZI M， et al. A simple framework for contrastive learning of visual representations［C］// Proceedings of the 37th International Conference on Machine Learning. PMLR， 2020:1597-1607.
［14］ GUNEL B， DU J F， CONNEAU A， et al. Supervised contrastive learning for pre-trained language model fine-tuning［J］. arXiv preprint arXiv:2011.01403， 2020.
［15］ HAN T D， XIE W D， ZISSERMAN A. Self-supervised co-training for video representation learning［C］// Proceedings of the 34th International Conference on Neural Information Processing Systems. ACM， 2020:5679-5690.
［16］ HE K M， FAN H Q， WU Y X， et al. Momentum contrast for unsupervised visual representation learning［C］// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. IEEE， 2020:9729-9738.
［17］ HU Q J， WANG X， HU W， et al. AdCo: Adversarial contrast for efficient learning of unsupervised representations from self-trained negative adversaries ［C］// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. IEEE， 2021:1074-1083.
［18］ ZHAO Z Y， GUO Y Y， WANG J H， et al. CL-ETC: A contrastive learning method for encrypted traffic classification［C］// 2022 IFIP Networking Conference （IFIP Networking）. IEEE， 2022. DOI: 10.23919/IFIPNetworking550
13.2022.9829767.
［19］ HE K M， ZHANG X Y， REN S Q， et al. Spatial pyramid pooling in deep convolutional networks for visual recognition ［J］. IEEE Transactions on Pattern Analysis and Machine Intelligence， 2015，37（9）:1904-1916.
［20］ LOPEZ-MARTIN M， SANCHEZ-ESGUEVILLAS A， ARR-IBAS J I， et al. Supervised contrastive learning over prototype-label embeddings for network intrusion detection［J］. Information Fusion， 2022，79（C）:200-228.
［21］陈良臣，高曙，刘宝旭，等. 网络加密流量识别研究进展及发展趋势［J］. 信息网络安全， 2019（3）:19-25.
［22］ LIU J Y， TIAN Z Y， ZHENG R F， et al. A distance-based method for building an encrypted malware traffic identification framework［J］. IEEE Access， 2019，7:100014-100028.
［23］ KHALID S， KHALIL T， NASREEN S. A survey of feature selection and feature extraction techniques in machine learning［C］// 2014 Science and Information Conference. IEEE， 2014:372-378.
［24］侯剑，鲁辉，刘方爱，等. 加密恶意流量检测及对抗综述［J］. 软件学报， 2024，35（1）:333-355.
［25］ SHAHHOSSEINI M， MASHAYEKHI H， REZVANI M. A deep learning approach for botnet detection using raw network traffic data［J］. Journal of Network and Systems Management， 2022，30（3）:Article Number 44.
［26］ CELIK Z B， WALLS R J， MCDANIEL P， et al. Malware traffic detection using tamper resistant features［C］// MILC
OM 2015-2015 IEEE Military Communications Conference. IEEE， 2015:330-335.
［27］ SARKAR D， VINOD P， YERIMA S Y. Detection of Tor traffic using deep learning［C］// 2020 IEEE/ACS 17th International Conference on Computer Systems and Applications （AICCSA）. IEEE， 2020. DOI: 10.1109/AICCSA50499.2020.9316533.

[1]	LI Jingyang1, XUE Huajian2, 3, YANG Yong1, REN Ge1. Intelligent Proctoring System Based on Edge Computing [J]. Computer and Modernization, 2025, 0(12): 26-31.
[2]	LIU Jianlong1, CEN Ying2, XU Bin3, JIAO Xuan4. Multi-view IM-NET for Fine Reconstruction of 3D Object [J]. Computer and Modernization, 2025, 0(12): 46-53.
[3]	TANG Hui1, LIU Xin2, HU Biwei1, LIU Fan1. KD-NeRF: Knowledge Distillation-enhanced Neural Radiance Field Reconstruction Method for Fruit Trees [J]. Computer and Modernization, 2025, 0(12): 66-73.
[4]	TU Zijian1, 2, WANG Zi2, TANG Jin1, 2, 3. Multi-experts Contrastive Learning Method for Hand Hygiene Assessment [J]. Computer and Modernization, 2025, 0(12): 88-96.
[5]	LUO Guancong1, FENG Yue1, XU Hong2, QING Chuanbo1, LI Fufeng3, QIAN Peng3, LIU Huilin3. Facial Color Diagnosis Classification Method Optimized by Meta-learning [J]. Computer and Modernization, 2025, 0(12): 115-122.
[6]	WANG Jingpeng, CUI Yuyong, CAI Changlin, HE Ming’ao, LI Yinghao, TANG Zhonghe. Improved SOD Algorithm with Cross Modal Interaction and Multi Scale Aggregation [J]. Computer and Modernization, 2025, 0(11): 71-79.
[7]	HUANG Shanshan, LUO Wang, HAO Yunhe. Power Vision System Based on Knowledge Distillation Technology [J]. Computer and Modernization, 2025, 0(10): 20-24.
[8]	LI Xue, WEI Yan, LI Linjun. Hybrid Model for Electricity Price Prediction Based on DWT-SCINet-MDSC [J]. Computer and Modernization, 2025, 0(10): 37-43.
[9]	YAO Minjia1, SONG Wenai1, SUN Xue2, WANG Ziyu3, LEI Yi4, WANG Qing4, ZHAO Li5. InstantMesh: Three-Dimensional Reconstruction Method for Early Gastric#br# Cancer Images [J]. Computer and Modernization, 2025, 0(10): 51-56.
[10]	LI Xiongqing1, 2, PENG Mingtian1, 2, LI Yong1, 2, WANG Junfei1, 2, LIU Dezhi1, 3, BIAN Yuxuan1, 3, CHAI Yuelin1, 3, LIU Yuntao1, 3. Survey on Bundle Recommendation Algorithms [J]. Computer and Modernization, 2025, 0(09): 1-13.
[11]	ZHANG Jingying1, GENG Lin2, LIU Ningzhong2. Low-data Fine-grained Image Classification Based on Self-distillation and Self-attention Enhancement [J]. Computer and Modernization, 2025, 0(09): 27-34.
[12]	WEI Huimin1, 2, ZHOU Jiake1, 2, WEN Yongjun1, 2, TANG Lijun1, 2. Chinese Entity Relation Joint Extraction Method Based on Deep Learning [J]. Computer and Modernization, 2025, 0(08): 10-15.
[13]	LI Jia. Classification and Diagnosis of Breast Cancer Histopathological Images Based on Transfer Learning [J]. Computer and Modernization, 2025, 0(08): 89-96.
[14]	ZHANG Shanlu1, ZHANG Wei2. Face Anti-spoofing Based on Domain Synthesis and Contrastive Learning [J]. Computer and Modernization, 2025, 0(07): 1-8.
[15]	LIU Shaojun, SHA Yitian, JIN Qianqian, CHEN Peng, WU Yue. LDA-IDF Process Log Anomaly Detection Method for Smart Grids [J]. Computer and Modernization, 2025, 0(06): 114-119.