Research On Malicious Encrypted Traffic Detection Technology Based On Graph Neural Networks

With the rapid development of information technology and the rapid growth of Internet penetration,people’s awareness of network privacy protection is also increasing,and network traffic encryption protocols are becoming more and more popular.However,more and more malicious attack traffic uses encryption protocols to hide their attack behavior,which poses a great threat to network security.The detection of malicious encrypted traffic has the following difficulties mainly:on the one hand,traditional traffic detection methods,such as methods based on port matching,are no longer applicable to encrypted malicious traffic;on the other hand,the original byte data of encrypted traffic,which as a semistructured data type,in addition to its own data information,it also contains rich structural information.However,existing research only considers data features of encrypted traffic but ignores structural features of encrypted traffic.How to realize the fusion of encrypted traffic data features and structural features is of great significance for malicious encrypted traffic detection tasks.In view of above problems,this paper focuses on the detection of malicious encrypted traffic based on graph neural networks.(1)Research on graph-based encrypted traffic representation methodThis paper proposes a graph-based representation of encrypted traffic.Based on the improved K-nearest neighbor algorithm,the method reconstructs the original data of encrypted traffic in the form of a graph,realizes the deep fusion of encrypted traffic data features and structural features,and provides a good data representation for the malicious encrypted traffic detection models proposed later.(2)Research on malicious encrypted traffic detection method based on graph attention networkThis paper proposes a malicious encrypted traffic detection method based on graph attention network.This method introduces attention mechanism into graph convolutional network,which improves the problem that graph convolutional network cannot assign different learning weights to different neighbor nodes.Compared with other existing research methods,this method improves detection effect of malicious encrypted traffic.(3)Research on malicious encrypted traffic detection method based on improved graph convolutional networkThis paper proposes a malicious encrypted traffic detection method based on an improved graph convolutional network.This method combines the autoencoder structure with the graph convolutional network structure,which improves the problem that graph convolutional network overemphasizes the relationship between nodes and ignores data characteristics of the nodes themselves.Compared with other existing research methods,this method improves detection effect of malicious encrypted traffic.