基于启发式搜索特征选择的加密流量恶意行为检测技术  被引量：5

作　　者：俞赛赛 王小娟[2] 章倩倩 YU Sai-sai;WANG Xiao-juan;ZHANG Qian-qian(Consensus 30Research Institute of China Electronics Technology Group,Chengdu 610096,China;School of Electronic Engineering,Beijing University of Posts and Telecommunications,Beijing 100089,China;Naval Academy Library,Bengbu,Anhui 233040,China)

机构地区：[1]中国电子科技集团共识第三十研究所,成都610096 [2]北京邮电大学电子工程学院,北京100089 [3]海军士官学校图书馆,安徽蚌埠233040

出　　处：《计算机科学》2022年第S02期734-739,共6页Computer Science

摘　　要：随着加密流量在网络中的占比越来越大,隐藏在加密流量中的恶意行为也越来越多,网络安全威胁形势越来越严峻。具有某些恶意行为的加密流量包含有多种流量特征,其特征之间本身也存在一定的冗余性。冗余的特征会增加检测时间,降低模型检测的效率。文中依据启发式搜索策略原理对加密流量包含的多种不同的特征进行筛选,找出具有代表性的特征组合。首先根据随机森林算法对特征重要度进行排序,筛选出对分类结果影响较大的特征,然后利用Pearson相关系数计算所有特征之间的相似度,筛选出彼此之间较为独立的特征组合。在数据集CTU-13上的实验结果表明,通过筛选出具有代表性的特征组合,在不降低检测准确率的情况下,减少了检测时间,提高了对加密流量恶意行为的检测效率。With the proportion of encrypted traffic in the network increasing,there are more and more malicious behaviors hidden in the encrypted traffic,which makes the situation of network security more and more serious.Encrypted traffic with some malicious behavior contains a variety of traffic characteristics,among which there is some redundancy.Redundant features will increase the detection time and reduce the efficiency of model detection.Based on the principle of heuristic search strategy,this paper selects many different features of encrypted traffic and finds out the representative combination of features.Firstly,the feature importance is sorted according to the random forest algorithm,and the features that have a great impact on the classification results are selected.Then,the similarity between all features is calculated by Pearson correlation coefficient,and the relatively independent feature combinations are selected.Experimental results on the data set CTU-13show that,by screening representative feature combinations,detection time is reduced and the detection efficiency of encrypted traffic malicious behavior can be improved without decreasing the detection accuracy.

关 键 词：加密流量 恶意行为 启发式搜索策略 特征选择 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]