通信学报 ›› 2022, Vol. 43 ›› Issue (2): 156-170.doi: 10.11959/j.issn.1000-436x.2022034

• 学术论文 • 上一篇    下一篇

支持数据隐私保护的恶意加密流量检测确认方法

何高峰1, 魏千峰1, 肖咸财1, 朱海婷1, 徐丙凤2   

  1. 1 南京邮电大学物联网学院,江苏 南京 210003
    2 南京林业大学信息科学技术学院,江苏 南京 210042
  • 修回日期:2022-01-19 出版日期:2022-02-25 发布日期:2022-02-01
  • 作者简介:何高峰(1984-),男,安徽安庆人,博士,南京邮电大学讲师、硕士生导师,主要研究方向为网络异常检测、可证明安全的网络安全防御等
    魏千峰(1997-),男,江苏徐州人,南京邮电大学硕士生,主要研究方向为网络流量异常检测
    肖咸财(1998-),男,江西赣州人,南京邮电大学硕士生,主要研究方向为加密网络流量分析
    朱海婷(1983-),女,江苏如皋人,博士,南京邮电大学讲师、硕士生导师,主要研究方向为网络管理和网络性能优化
    徐丙凤(1986-),女,安徽安庆人,博士,南京林业大学讲师、硕士生导师,主要研究方向为网络安全威胁建模与评估
  • 基金资助:
    国家自然科学基金资助项目(61802192);国家自然科学基金资助项目(61702282);南京邮电大学校级自然科学基金项目(NY221096);南京航空航天大学基本科研业务费科研基地创新基金资助项目(NJ2020022)

Confirmation method for the detection of malicious encrypted traffic with data privacy protection

Gaofeng HE1, Qianfeng WEI1, Xiancai XIAO1, Haiting ZHU1, Bingfeng XU2   

  1. 1 School of Internet of Things, Nanjing University of Posts and Telecommunications, Nanjing 210003, China
    2 College of Information Science and Technology, Nanjing Forestry University, Nanjing 210042, China
  • Revised:2022-01-19 Online:2022-02-25 Published:2022-02-01
  • Supported by:
    The National Natural Science Foundation of China(61802192);The National Natural Science Foundation of China(61702282);The Natural Science Foundation of Nanjing University of Posts and Telecommunications(NY221096);The Fundamental Research Funds for the Central Universities, NUAA(NJ2020022)

摘要:

为解决基于机器学习的恶意加密流量检测易产生大量误报的问题,利用安全两方计算,在不泄露具体数据内容的前提下实现网络流量内容和入侵检测特征间的字符段比对。基于字符段比对结果,设计入侵检测特征匹配方法,完成关键词的精准匹配。为保证所提方法的有效执行,提出用户终端输入随机验证策略,使恶意用户终端难以使用任意数据参与安全两方计算进而躲避检测确认。对所提方法的安全性和性能进行了理论分析,并采用真实部署和仿真实验相结合的方式进行验证。实验结果表明,所提方法能显著提升检测效果,且资源消耗低。

关键词: 恶意加密流量, 机器学习, 安全两方计算, 自动确认

Abstract:

In order to solve the problem that excessive false positives in the detection of encrypted malicious traffic based on machine learning, secure two-party computation was used to compare character segments between network traffic and intrusion detection rulers without revealing the data content.Based on the comparison results, an intrusion detection feature matching algorithm was designed to accurately match keywords.A random verification strategy for users’ input was also proposed to facilitate the method.As a result, malicious users couldn’t use arbitrary data to participate in secure two-party calculations and avoid confirmation.The security and resource consumption of the method were theoretically analyzed and verified by a combination of real deployment and simulation experiments.The experimental results show that the proposed method can significantly improve the detection performance with low system resources.

Key words: malicious encrypt traffic, machine learning, secure two-party computation, automatic confirmation

中图分类号: 

No Suggested Reading articles found!