基于混合结构深度神经网络的HTTP恶意流量检测方法

doi:10.11959/j.issn.1000-436x.2019019

Abstract

Abstract:

In response to the HTTP malicious traffic detection problem,a preprocessing method based on cutting mechanism and statistical association was proposed to perform statistical information correlation as well as normalization processing of traffic.Then,a hybrid neural network was proposed based on the combination of raw data and empirical feature engineering.It combined convolutional neural network (CNN) and multilayer perceptron (MLP) to process text and statistical information.The effect of the model was significantly improved compared with traditional machine learning algorithms (e.g.,SVM).The F₁value reached 99.38% and had a lower time complexity.At the same time,a data set consisting of more than 450 000 malicious traffic and more than 20 million non-malicious traffic was created.In addition,prototype system based on model was designed with detection precision of 98.1%~99.99% and recall rate of 97.2%~99.5%.The application is excellent in real network environment.

Key words: abnormal detection, malicious traffic data, convolutional neural network, multilayer perceptron

CLC Number:

TP393

Jia LI,Xiaochun YUN,Shuhao LI,Yongzheng ZHANG,Jiang XIE,Fang FANG. HTTP malicious traffic detection method based on hybrid structure deep neural network[J]. Journal on Communications, 2019, 40(1): 24-33.

Figures/Tables 16

References 17

[2]	国家互联网应急中心. 2016 年中国互联网网络安全报告[R]. 国家互联网应急中心. 2017.
	NIEC. A survey of china's internet security situation[R]. China Internet Network Information Center. National Internet Emergency Center. 2017
[3]	LI Z , ZHANG K , XIE Y ,et al. Knowing your enemy:understanding and detecting malicious web advertising[C]// The 2012 ACM Conference on Computer and Communications Security. 2012: 674-686.
[4]	GU G , ZHANG J , LEE W . BotSniffer:detecting botnet command and control channels in network traffic[C]// The Network and Distributed System Security Symposium. 2008.
[5]	GU G , PERDISCI R , ZHANG J ,et al. BotMiner:clustering analysis of network traffic for protocol-and structure-independent botnet detection[C]// The 17th USENIX Security Symposium. 2018: 139-154.
[6]	CAO J , LI Q , Y JI ,et al. Detection of forwarding-based malicious URLs in online social networks[J]. International Journal of Parallel Programming, 2016,44(1): 163-180.
[7]	ADEWOLE K S , ANUAR N B ,et al. Malicious accounts:dark of the social networks[J]. Journal of Network and Computer Applications, 2017,79: 41-67.
[8]	SHIN E C R , SONG D , MOAZZEZI R . Recognizing functions in binaries with neural networks[C]// USENIX Security Symposium. 2015: 611-626.
[9]	YUAN Z , LU Y , WANG Z ,et al. Droid-sec:deep learning in android malware detection[C]// ACM SIGCOMM Computer Communication Review. 2014,44(4): 371-372.
[10]	YUAN Z , LU Y , XUE Y . Droiddetector:android malware characterization and detection using deep learning[J]. Tsinghua Science and Technology, 2016,21(1): 114-123.
[11]	KIM J , KIM J , THU H L T ,et al. Long short term memory recurrent neural network classifier for intrusion detection[C]// Platform Technology and Service (PlatCon),2016 International Conference on. IEEE, 2016: 1-5.
[12]	SALAMA M A , EID H F , RAMADAN R A ,et al. Hybrid intelligent intrusion detection scheme[M]. Soft Berlin Computing in Industrial Applications. 2011: 293-303.
[1]	中国互联网络信息中心. 中国互联网络发展状况统计报告[R]. 中国互联网络信息中心. 2018.
	INIC. The statistical report on internet development in China[R]. China Internet Network Information Center. 2018.
[13]	NASRABADI N M . Pattern recognition and machine learning[J]. Journal of Electronic Imaging, 2007,16(4):049901
[14]	ROSENBLATT F . The perceptron:a probabilistic model for information storage and organization in the brain[J]. Psychological Review, 1958,65(6): 386.
[15]	RUMELHART D E , HINTON G E , WILLIAMS R J . Learning representations by back-propagating errors[J]. Nature, 1986,323(6088): 533.
[16]	WATSON M R , MARNERIDES A K , MAUTHE A ,et al. Malware detection in cloud computing infrastructures[J]. IEEE Transactions on Dependable and Secure Computing, 2016,13(2): 192-205.
[17]	MO Y , XING L , ZHONG F ,et al. Reliability evaluation of network systems with dependent propagated failures using decision diagrams[J]. IEEE Transactions on Dependable and Secure Computing, 2016,13(6): 672-683.

Metrics

Recommended 0

No Suggested Reading articles found!

统计信息	对应向量
端口号	l₁
HTTP版本	l₂
首部字段行数	l₃
各行字段名长度	l₄…l_2-1
URL长度	l₂₂
各行字段值长度	l₂₃…l₄₀
实体内容长度	l₄₁

HTTP malicious traffic detection method based on hybrid structure deep neural network

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 16

References 17

Related Articles 15

Metrics

Recommended 0

[1]	Yurong LIAO, Haining WANG, Cunbao LIN, Yang LI, Yuqiang FANG, Shuyan NI. Research progress of deep learning-based object detection of optical remote sensing image [J]. Journal on Communications, 2022, 43(5): 190-203.
[2]	Fan ZHANG, Yun HUANG, Zizhuo FANG, Wei GUO. Lost-minimum post-training parameter quantization method for convolutional neural network [J]. Journal on Communications, 2022, 43(4): 114-122.
[3]	Zhengyu ZHU, Gengwang HOU, Chongwen HUANG, Gangcan SUN, Wanming HAO, Jing LIANG. Systems resource allocation algorithm for RIS-assisted D2D secure communication based on parallel CNN [J]. Journal on Communications, 2022, 43(3): 172-179.
[4]	Huijuan ZHU, Jinfu CHEN, Zhiyuan LI, Shangnan YIN. Block-chain abnormal transaction detection method based on adaptive multi-feature fusion [J]. Journal on Communications, 2021, 42(5): 41-50.
[5]	Hongyan WANG, Libin ZHANG, Guoqiang CHEN, Zumin WANG, Zhiyuan GUAN. Approach of target tracking combining particle filter and metric learning [J]. Journal on Communications, 2021, 42(5): 98-110.
[6]	Nianwen SI, Wenlin ZHANG, Dan QU, Heyu CHANG, Shengxiang LI, Tong NIU. Generalized Grad-CAM attacking method based on adversarial patch [J]. Journal on Communications, 2021, 42(3): 23-35.
[7]	Hongmin GAO, Xueying CAO, Zhonghao CHEN, Zaijun HUA, Chenming LI, Yue CHEN. Hyperspectral image classification method based on multi-scale proximal feature concatenate network [J]. Journal on Communications, 2021, 42(2): 92-102.
[8]	Jun YANG,Jisheng DANG. Semantic segmentation of 3D point cloud based on contextual attention CNN [J]. Journal on Communications, 2020, 41(7): 195-203.
[9]	Hongmin GAO,Xueying CAO,Yao YANG,Zaijun HUA,Chenming LI. Application of bilateral fusion model based on CNN in hyperspectral image classification [J]. Journal on Communications, 2020, 41(11): 132-140.
[10]	Meng ZHANG,Haoliang SUN,Peng YANG. Identification of DNS covert channel based on improved convolutional neural network [J]. Journal on Communications, 2020, 41(1): 169-179.
[11]	Xin ZHOU,Xiaoxin HE,Changwen ZHENG. Radio signal recognition based on image deep learning [J]. Journal on Communications, 2019, 40(7): 114-125.
[12]	Linhui LI,Bo QIAN,Jing LIAN,Weina ZHENG,Yafu ZHOU. Study on traffic scene semantic segmentation method based on convolutional neural network [J]. Journal on Communications, 2018, 39(4): 123-130.
[13]	Hengjun WANG,Nianwen SI,Yulong SONG,Yidong SHAN. Neural network model for dependency parsing incorporating global vector feature [J]. Journal on Communications, 2018, 39(2): 53-64.
[14]	Wanliang WANG,Zhuorong LI. Advances in generative adversarial network [J]. Journal on Communications, 2018, 39(2): 135-148.
[15]	Yong WANG,Huiyi ZHOU,Hao FENG,Miao YE,Wenlong KE. Network traffic classification method basing on CNN [J]. Journal on Communications, 2018, 39(1): 14-23.