工业互联网中融入域适应的混合神经网络加密恶意流量检测  

作　　者：张浩和 韩刚 杨甜甜[1,2] 黄睿 Zhang Haohe;Han Gang;Yang Tiantian;Huang Rui(School of Cyberspace Security,Xi’an University of Posts and Telecommunications,Xi’an 710121;State Key Laboratory of Integrated Services Networks(Xidian University),Xi’an 710126)

机构地区：[1]西安邮电大学网络空间安全学院,西安710121 [2]空天地一体化综合业务网全国重点实验室(西安电子科技大学),西安710126

出　　处：《信息安全研究》2025年第5期457-464,共8页Journal of Information Security Research

基　　金：国家自然科学基金项目(62102312);陕西省重点研发计划项目(2024GX-YBXM-079);ISN全国重点实验室开放课题(ISN24-13);陕西省科协青年人才托举计划项目(20210119);陕西省高校青年创新团队项目(23JP162)。

摘　　要：随着信息化技术在工控领域的快速发展,工业互联网逐渐成为网络攻击的重要目标,恶意流量检测显得尤为重要.然而,加密技术的普及使得攻击者可以轻松隐藏恶意通信内容,传统基于内容分析的流量检测方法已难以有效应对.提出一种基于混合神经网络和域适应的加密恶意流量检测方案,融合ResNet网络、ResNext网络、DenseNet网络和相似度检测算法构建混合神经网络.在此基础上,加入域适应模块减少数据的偏差.通过对工业互联网公共数据集进行流预处理,在勿需解密流量的情况下从加密流量中提取深层次特征,使用混合神经网络输出一组充分利用各模型特长的更高维特征向量,随后采用域适应模块中的域分类器提升模型在不同的网络环境和时间段的稳定性和泛化能力.实验结果表明,提出的方案在加密恶意流量检测任务上表现出较好的性能和效率,提高了加密恶意流量检测的准确性.With the rapid development of information technology in the field of industrial control,the industrial Internet has become a major target for cyberattacks,making malicious traffic detection increasingly important.However,the widespread use of encryption allows attackers to easily hide malicious communication content,rendering traditional content-based detection methods ineffective.This paper proposes an encrypted malicious traffic detection scheme based on a hybrid neural network and domain adaptation.The scheme integrates ResNet,ResNext,DenseNet,and similarity detection algorithms to construct a hybrid neural network.On this basis,a domain adaptation module is added to reduce data bias.By preprocessing streams from a public industrial Internet dataset,deep features are extracted from encrypted traffic without decryption.The hybrid neural network outputs higher-dimensional feature vectors that leverage the strengths of each model.A domain classifier within the domain adaptation module enhances the model’s stability and generalization across different network environments and time periods,enabling accurate classification of malicious traffic.Experimental results show that the proposed scheme improves accuracy and efficiency in detecting encrypted malicious traffic.

关 键 词：工业互联网 混合神经网络 加密恶意流量 相似度检测 域适应 

分 类 号：TP393.0[自动化与计算机技术—计算机应用技术]