| Encrypted network traffic is one of the main foundations of secure network communication,which helps to ensure the privacy and integrity of users'private information.However,due to the use of network traffic encryption technology,encrypted network traffic will also mask the characteristics of data and increase the difficulty of detecting malicious traffic,thus providing shelter for malicious network behavior.Therefore,the study of effective detection methods for encrypted network traffic is necessary for the application and development of encrypted network traffic technology and is of great significance to network communication security.Malicious traffic detection is essentially a traffic classification problem.At present,the more commonly used traffic classification methods are the method based on statistical features and the method based on graphs.However,the former only focuses on the internal information of the network flow itself and ignores the external connections between the network flows,while the latter is just the opposite.As a result,the two existing methods cannot efficiently solve the problem of detecting malicious encrypted traffic.This paper proposes a new high-efficiency encryption malicious traffic detection method based on Graph Convolutional Network(GCN),named GCN-ETA.When detecting encrypted malicious traffic,this new method not only pays attention to the flow's own information but also considers the external connection between the flows,while ensuring the detection performance,it greatly reduces the training time and detection time of the model.This article specifically includes the following three aspects of research work:(1)Research on encrypted malicious traffic detection based on network flow statistical features.This article splits the encrypted traffic into one-way network flows and then extracts the basic flow statistical characteristics and the artificially constructed flow statistical characteristics in this article.Then use Decision Trees,Random Forests,KNN,and XGBoost algorithms to build an encrypted malicious traffic detection model based on 5 basic statistical features and 22 statistical features(including manually constructed statistical features).By analyzing the detection effect of the model,this paper finds that only focusing on the internal information of the network flow itself cannot achieve high detection performance of encrypted malicious traffic.(2)Research on encrypted malicious traffic detection based on traffic trajectory graph.After splitting the encrypted traffic into network flows,this article constructs a traffic trajectory graph according to the definition of this article.And use the node embedding algorithm LINE and Node2Vec as the feature extractor of the flow trajectory graph to extract the feature of the flow-node.Finally,a Decision Tree,Random Forest,KNN,and XGBoost algorithm are used to establish an encrypted malicious traffic detection model based on the obtained node representation vector.By analyzing the detection effect of the model,this paper finds that only focusing on the external connections between the network flows cannot achieve high detection performance of encrypted malicious traffic.(3)Research on encrypted malicious traffic detection integrating flow statistical features and traffic trajectory graph.This paper proposes a new detection method GCN-ETA on the basis of the first two types of research.By comparing the detection effect and detection speed of GCN-ETA with multiple baseline models,it is found that GCN-ETA has a better detection effect and faster detection speed.The accuracy,precision,recall,and 1F-score of the new method are all over 98%,and the number of network flows detected per second has reached 835,and the detection speed is 14 times that of the model with the same detection effect. |
PDF Full Text Request