Research On The Detection Of Malicious SSL/TLS Encrypted Traffic

Posted on:2021-03-23

Degree:Master

Type:Thesis

Country:China

Candidate:B Hu

Full Text:PDF

GTID:2518306503473714

Subject:Electronics and Communications Engineering

Abstract/Summary:

PDF Full Text Request

In recent years,the growth of encrypted SSL / TLS traffic has shown an explosive trend,while malicious behaviors use encrypted SSL / TLS traffic to be hidden in it,and the growth trend is fast,posing a threat to the communication security of users,enterprises and countries,including information leakage and malicious attacks,Botnet communication,etc.Therefore,this paper studies the detection technology of malicious SSL /TLS encrypted traffic.Based on the analysis of malicious SSL / TLS encrypted traffic characteristics,this paper proposes two malicious SSL / TLS encrypted traffic detection algorithms and implements the corresponding detection systems.The specific work of this article is as follows:This paper first proposes a malicious SSL / TLS encrypted traffic detection algorithm based on FTM-JF(Five-Tuple Masking & Joint Features),which hides the five-tuple information of the traffic and extracts it from it.As a classification rule,a joint feature based on message load characteristics and flow fingerprint characteristics is used.The joint feature is used as the input of a logistic regression classifier to test the effectiveness of the algorithm in detecting the known data in a complex network environment with high accuracy.Then this paper proposes a malicious SSL / TLS traffic detection algorithm based on feature adaptive learning.Clustering features in malicious SSL / TLS encrypted traffic by feature adaptation learning method.At the same time,the impact of traffic clipping size on the detection effect during data preprocessing is discussed,the feature extraction effect of feature adaptation learning is tested,and the unsupervised malicious SSL / TLS encrypted traffic detection technology can achieve better detection in this field effect.Finally,this article develops a malicious SSL / TLS encrypted traffic detection system.The system uses an algorithm based on feature adaptive learning as the detection kernel,including three main modules of data preprocessing,feature adaptive learning,and logistic regression classification,and uses the front end of the web page as a display.

Keywords/Search Tags:

Unsupervised neural network, SSL / TLS traffic, malicious traffic detection, features self-learning, autoencoder

PDF Full Text Request

Related items

1	Network Traffic Anomaly Detection Based On Autoencoder
2	Research On Malicious Traffic Detection Based On Deep Learning
3	Research And Implementation Of Unsupervised Anomaly Traffic Detection Method
4	Research On Network Malicious Traffic Detection Technology
5	Research And Implementation Of Encryption Malicious Traffic Detection Technology Based On Sequence Multi-granularity Feature
6	Research On Malicious Network Traffic Detection Technology Based On Neural Network
7	Research On Detection Method Of Network Malicious Traffic Based On Deep Learning
8	A Malicious Traffic Identification Model Based On Contrastive Learning And Its Application
9	Design And Implementation Of Malicious Encrypted Traffic Detection System Based On Deep Learning
10	Research Of The Malicious Traffic Detection Technology Based On Deep Learning