Malicious traffic detection method and system, computer and medium

Abstract

The invention provides a malicious traffic detection method and system, a computer and a medium. The method comprises the following steps: acquiring traffic data to be detected; extracting a to-be-analyzed field information set of the to-be-detected traffic data, and dividing the to-be-analyzed field information set into a training set and a test set according to a preset proportion; determining to-be-analyzed features of the training set and the test set; inputting the to-be-analyzed features of the training set into a plurality of preset classifiers for training, and integrating the plurality of preset classifiers through a soft voting method to obtain a malicious traffic detection model; and inputting the to-be-analyzed features of the test set into the malicious traffic detection model for testing to obtain a prediction result. The technical effect that malicious traffic can be accurately recognized without decryption is achieved, the generalization ability and safety of the malicious traffic detection model are improved, and the invention can be deployed on different firewalls, intrusion detection systems and intrusion prevention systems and has good universality.

Description

Technical field [0001] The present invention relates to malicious traffic detection technology, and particularly relates to a method of detecting malicious traffic model based on multiple voting, the system, apparatus and computer storage media. Background technique [0002] With the rapid development of Internet technology, the individual Internet chat, shopping, payment transfers between, entertainment and communications companies have gradually become another social life indispensable part. To ensure the security of information on the Internet and personal business, to ensure confidentiality and data integrity TLS (Transport LayerSecurity) application layer protocol data emerged, and according to the "HTTPS encryption situation in Chrome" Google Transparency Report, Chrome loads the proportion enable encryption of web pages already up to 95%, but the user uses the TLS protocol to encrypt traffic are not legitimate users, many of them large number of attackers also use TLS prot...

AI Technical Summary

Problems solved by technology

Although the above-mentioned malicious traffic detection methods can realize malicious traffic detection to a certain extent, they all have corresponding defects that cannot be ignored in practical applications: (1) The detection method based on the port number is very simple and foolish, and it is easy to be used by Attackers use well-known port numbers or avoid using standard registered port numbers to reduce the accuracy of port number-based detection methods to bypass detection of malicious traffic; (2) deep packet inspection methods can only handle unencrypted traffic and cannot To process encrypted traffic, if the encrypted traffic is processed, the traffic needs to be decrypted and an

Images