基于集成学习的恶意加密流量类型识别方法  

Malicious Encrypted Traffic Type Identification Method Based on Ensemble Learning

在线阅读下载全文

作  者:才九荣 CAI Jiurong(School of Information,Shenyang Institute of Engineering,Shenyang 110136,Liaoning Province)

机构地区:[1]沈阳工程学院信息学院,辽宁沈阳110136

出  处:《沈阳工程学院学报(自然科学版)》2025年第2期84-89,共6页Journal of Shenyang Institute of Engineering:Natural Science

摘  要:对恶意软件的加密通信流量进行解密再检测会显著降低设备性能,且不适合旁路部署的高级持续威胁的检测设备。为此,人工智能方法检测恶意加密流量成为安全研究的新热点,但遇到加密恶意样本难以大规模收集、恶意行为难以定性等问题。针对此问题,提出基于集成学习的恶意加密流量类型识别方法。首先,对相似恶意软件或同一软件的变种样本进行聚类;其次,用集成学习算法先训练一个二分类模型,快速识别加密流量是否为恶意,再对识别为恶意加密流量训练一个多分类模型进行恶意加密流量通信类型识别;最后,对识别的结果进行多样化威胁取证,解决恶意加密通信取证难的问题。Decrypting and re-inspecting encrypted traffic for malware significantly degrades device performance and is not suitable for detection appliances for advanced persistent threats deployed on a side-road.For this reason,malicious encrypted traffic detection under non-decryption using AI algorithms has become a new hot spot in security research.But AI algorithms still have the problems such as the difficulty of large-scale collection of encrypted malicious samples and the difficulty of characterizing malicious behaviors.This paper aims to employ an ensemble learning algorithm for the detection of malware types and tools within malicious encrypted traffic.Firstly,clusteringsamples of similar malware or variants of the same software,then uses the ensemble learning algorithm to train a binary classification model to quickly identify whether the encrypted traffic is malicious,and then trains a multi-classification model to identify the malicious encrypted traffic communication type for malicious encrypted traffic.Finally,key evidence extraction,threat hunting and attacker tracing are carried out based on the detection results,thereby providing an effective method for malicious encrypted traffic detection problems.

关 键 词:恶意加密流量 高级持续威胁 集成学习算法 恶意加密通信类型识别 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象