| The Hyper Text Transfer Protocol over Secure Socket Layer(HTTPS)is an extension of the Transport Layer Security protocol based on the Hypertext Transfer Protocol to ensure data integrity and confidentiality.However,in recent years,more and more criminals use HTTPS encryption technology to cover up attacks and evade detection,which brings huge security risks to the internet space.Therefore,malware encrypted traffic detection is one of the research hotspots in the field of internet space security.The traditional traffic inspection is to detect the plaintext load in the data packet,which is called the deep packet inspection method,but with the wide application of HTTPS,the traditional method is no longer applicable.The researchers propose to perform artificial feature extraction on encrypted traffic and use machine learning classification algorithms for classification detection.However,due to the limitation of professional knowledge,such methods perform poorly in terms of robustness and accuracy.After that,researchers hope to use deep neural networks for automatic feature extraction,but there are still difficulties: one is that a large number of labeled datasets are required for training,and the malware update iteration speed is fast,making it difficult to collect a large number of datasets,and the other is that in Faced with new malicious traffic samples,the model needs to be retrained for detection.In order to effectively detect HTTPS malicious traffic,thesis proposes a HTTPS malware traffic detection method based on multi-perspective,which analyzes the characteristics of malicious traffic samples from multiple perspectives.The encrypted traffic is divided into two parts: observable and encrypted payload,and corresponding classifiers are constructed for the observable part from the perspectives of packet length distribution,flow statistics,TLS handshake and certificate information.thesis proposes a combination of HTTPS malware traffic detection scenarios and meta-learning algorithm application scenarios,and designs a ResNet residual network for feature extraction and embedding MAML meta-learning algorithm detection methods,using meta-learning small sample learning and learning to learn.feature to detect small sample data of emerging HTTPS malicious traffic,so as to solve the difficulties of deep learning.Finally,the detection results of the four perspectives are integrated,and a voting mechanism is used to obtain the final detection results.At the same time,thesis also designs a prototype system based on the proposed method for real-time or offline traffic sample detection.Finally,thesis uses the combination of capturing malware traffic and public data set as a data set,and divides it into a known training set and an unknown validation set to test the method proposed in thesis,and compares it with other malicious encrypted traffic detection methods.It shows that the detection method proposed in thesis has improved the accuracy and precision,especially in the face of the unknown validation set,the accuracy of the comparative test is greatly reduced,and the method in thesis can still have a high accuracy.The detection accuracy rate can reach 97.4%. |