网络与信息安全学报 ›› 2020, Vol. 6 ›› Issue (3): 66-77.doi: 10.11959/j.issn.2096-109x.2020034

• 学术论文 • 上一篇    下一篇

基于深度学习的加密恶意流量检测研究

翟明芳(),张兴明,赵博   

  1. 国家数字交换系统工程技术研究中心,河南 郑州 450002
  • 修回日期:2020-01-21 出版日期:2020-06-01 发布日期:2020-07-01
  • 作者简介:翟明芳(1986- ),男,河南巩义人,国家数字交换系统工程技术研究中心硕士生,主要研究方向为网络空间安全及深度学习算法|张兴明(1963- ),男,河南新乡人,博士,国家数字交换系统工程技术研究中心教授,主要研究方向为网络空间安全、高性能计算、软硬件协同设计和深度学习|赵博(1981- ),男,吉林公主岭人,博士,国家数字交换系统工程技术研究中心副研究员,主要研究方向为网络空间安全和拟态防御体系结构
  • 基金资助:
    高安全等级网络基础设施关键装备核心芯片及软件研发项目(2017ZX01030301)

Survey of encrypted malicious traffic detection based on deep learning

Mingfang ZHAI(),Xingming ZHANG,Bo ZHAO   

  1. National Digital Switching System Engineering and Technological Research Center,Zhengzhou 450002,China
  • Revised:2020-01-21 Online:2020-06-01 Published:2020-07-01
  • Supported by:
    High Level Security Network Infrastructure Key Equipment Core Chip and Software Development Funding Project(2017ZX01030301)

摘要:

随着网络安全防范意识增强,加密通信占据主流,加密流量快速增长。流量加密在保护隐私的同时,也掩饰非法企图,改变威胁形式。深度学习作为机器学习领域的重要分支,是流量分类的有力工具。近年来,将深度学习方法应用于入侵检测的研究不断深入,取得良好效果。在深入调研文献的基础上,将加密恶意流量检测的步骤总结归纳为“六步法”的一般检测框架模型,结合模型对数据处理及检测算法进行回顾总结,指出各类算法模型的优缺点,并对未来研究方向进行展望,以期为下一步研究提供帮助。

关键词: 加密流量, 恶意流量检测, 深度学习, 数据处理

Abstract:

With the increasing awareness of network security,encrypted communication dominates and encrypted traffic grows rapidly.Traffic encryption,while protecting privacy,also masks illegal attempts and changes the form of threats.As one of the most important branch of machine learning,deep learning performs well in traffic classification.For several years,research on deep-learning based intrusion detection has been deepened and achieved good results.The steps of encrypted malicious traffic detection were introduced to be a general detection framework model named “six-step method”.Then,discussion and induction of data processing and detection algorithms were carried out combined with this model.Both advantages and disadvantages of various algorithm models were given as well.Finally,future research directions were pointed out with a view to providing assistance for further research.

Key words: encrypted traffic, malicious traffic detection, deep learning, data processing

中图分类号: 

No Suggested Reading articles found!