Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Encrypted malicious traffic detection method

A detection method and technology for malicious traffic, applied in digital transmission systems, electrical components, transmission systems, etc., can solve the problem of high false positive rate, machine learning model is not suitable for processing multiple heterogeneity, TLS encrypted malicious traffic detection recall rate is low, etc. problem, to achieve the effect of low false alarm rate, reduce overall complexity, and prevent training overfitting

Active Publication Date: 2022-03-11
CHINA UNIV OF MINING & TECH (BEIJING)
View PDF7 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Nowadays, the malicious traffic detection method based on machine learning has become the mainstream research method. However, TLS encrypted traffic detection has the following problems: (1) TLS encrypted traffic features are diverse, and a single machine learning model is not suitable for dealing with multiple heterogeneous features. ; (2) TLS encrypted malicious traffic detection has a low recall rate and a high false positive rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Encrypted malicious traffic detection method
  • Encrypted malicious traffic detection method
  • Encrypted malicious traffic detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039]The technical solutions in the examples of the present invention will be analyzed and expressed in a more comprehensive and complete manner below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only part of the embodiments of the present invention. In order to further improve the present invention Explanations are provided to enable those skilled in the art to clearly and thoroughly understand the present invention, and are not intended to limit the present invention.

[0040] like Figure 1-4 As shown, the design process of an encrypted malicious traffic detection method provided by the embodiment of the present invention is as follows: divide the original traffic packets into benign traffic packets and malicious traffic packets, perform feature extraction, feature subset construction, feature encoding, and dimensionality reduction. Create a classifier model for each feature subset after...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an encrypted malicious traffic detection method. According to the method, a Wreshark tool is utilized to process a traffic packet; filtering out invalid IP checksums, preprocessing the sample set and marking malicious / benign tags; performing preliminary feature extraction on the preprocessed traffic packet; constructing three feature subsets for the preliminarily extracted features, and standardizing and encoding the three feature subsets; carrying out feature dimension reduction on each type of feature subsets by adopting a machine learning or principal component analysis method; respectively establishing a random forest, an XGBoost classifier model and a Gaussian naive Bayes classifier model for the three feature subsets; the three classifier models are combined according to a Stacking strategy to form a DMMFC detection model; performing stream fingerprint fusion on the three feature subsets to form a sample set, dividing the sample set into a training set and a test set, and training a model; testing the model, and evaluating the test effect of the DMMFC model by using the evaluation indexes of the accuracy rate, the F1 score and the false alarm rate; encrypted malicious traffic detection is performed by adopting a method of combining multi-feature fusion and a Stacking strategy, and the method has relatively high detection capability.

Description

technical field [0001] The invention belongs to the field of encrypted malicious traffic detection in data identification, and in particular relates to a double-layer multi-model fusion (DMMFC) encrypted malicious traffic detection method of stacking strategy. Background technique [0002] In recent years, all walks of life have accelerated their digital transformation, and cyber-attack methods have become diverse, with frequent security incidents such as data leakage and ransomware. In order to protect the security of users surfing the Internet, many websites have adopted transmission encryption protocols. According to a Sophos News report, the percentage of Chrome loaded web pages with encryption enabled will go from 40% in 2014 to 98% in 2021. Unfortunately, while legitimate traffic is encrypted, malicious traffic also uses the TLS encryption protocol to mask its attack. In 2020, 23% of detected malware communicating with remote systems over the Internet used TransportL...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L41/142H04L41/16
CPCH04L63/1416H04L63/20H04L41/142H04L41/16
Inventor 霍跃华赵法起李晓宇裴超曹洪治
Owner CHINA UNIV OF MINING & TECH (BEIJING)
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products