Research On Malicious Certificate Detection Method Based On Deep Learning

Along with the development of the digital,digital certificate encryption technology is playing an increasingly important role in the field of network security and encryption technology promotion and the emergence of free certificate,certificate using rapid growth,but also more use certificate malicious software to hide their malicious activities,including malicious certificate is a certificate found in the malicious software.Sites that use digital certificates increase user trust by displaying a green logo in the address bar,which gives users a false sense of security.In fact,users' cognition of certificates is superficial,so it is difficult to deal with browser certificate warnings effectively and for a long time.Malware makes use of users' cognition to carry out illegal or unauthorized operations,which invisibly brings great security risks to users.The vulnerability of the public key infrastructure itself,the attack of the certificate authority,or the malicious operation,leads to the emergence of more malicious certificates.Therefore,it is imperative to detect malicious certificates and it is particularly important to protect end users from malicious software attacks.The powerful information mining capabilities of deep learning can help detect malicious patterns in certificates.Therefore,this paper proposes a malicious certificate detection method based on deep learning to realize the prevention of malicious software.The main research contents of this paper are as follows:(1)A characteristic index model suitable for malicious certificate detection is constructed.Through data collection and data cleaning and decryption,1632 malware certificate and 6438 benign data,analysis of typical patterns of the attacker to use malicious,and combined with feature selection methods,build the malicious certificate is suitable for the detection of characteristic index model,build characteristic index model contains 40 numerical characteristics,two text features and classification of eight.On this basis,the original index dataset with 8070 rows and 50 columns is generated.In the feature analysis,it is found that there are few certificate extension attributes in malicious certificates.(2)The label coding method for processing classification feature coding is improved,and the CLE method of label coding based on statistics is proposed.On the basis of the label coding method,this method completes the vectorization of 8 classification features by adding the reverse sorting attribute of data statistics.This encoding method can better represent the malicious certificate data.(3)Based on the deep learning model of multimodal transformers,the application research is carried out,and the multi-feature linkage method and pre-training model suitable for the detection of malicious digital certificates are selected through experimental comparison.Firstly,by comparing ten feature linking methods based on weighting mechanism,such as typical gating mechanism and attention mechanism,it is verified that the feature linking method based on gating mechanism has better model adaptability.Second,by comparing Bert,XLMRoberta and other five Transformers pretraining models,the performance of XLMRoberta pre-training model is verified to be superior,and the accuracy rate of the model reaches 99.26%.(4)On the basis of the above research,a prototype system of malicious certificate detection based on B/S architecture is developed.Through the system design,four modules of certificate input,data cleaning,feature extraction and model detection are further realized to verify the security of the certificate.The interface is encapsulated by Web API,and functions such as uploading digital certificate or viewing test results of domain name are realized on graphical interface.