Chinese Journal of Network and Information Security ›› 2020, Vol. 6 ›› Issue (1): 77-83.doi: 10.11959/j.issn.2096-109x.2020008

• Papers • Previous Articles     Next Articles

Scheme for identifying malware traffic with TLS data based on machine learning

Ziming LUO1,2,Shubin XU1,Xiaodong LIU1   

  1. 1 The 54th Research Institute of China Electronics Technology Group Corporation,Shijiazhuang 050081,China
    2 Shijiazhuang Communication Observation and Control Technology Institute,Shijiazhuang 050081,China
  • Revised:2020-01-21 Online:2020-02-15 Published:2020-03-23
  • Supported by:
    The National Key R&D Program of China(2016YFB0800302);Foundation of Science and Technology on Information Assurance Laboratory(614211203020717)

Abstract:

Based on analyzing the characteristics of transport layer security (TLS) protocol,a distributed automation malicious traffic detecting system based on machine learning was designed.The characteristics of encrypted malware traffic from TLS data,observable metadata and contextual flow data was extracted.Support vector machine,random forest and extreme gradient boosting were used to compare the performance of the mainstream malicious encryption traffic identification which realized the efficient detection of malicious encryption traffic,and verified the validity of the detection system of malicious encryption traffic.

Key words: transport layer security, encrypted malware traffic, machine learning

CLC Number: 

No Suggested Reading articles found!