SSL Malicious Traffic Detection Based On Multi-view Features

Proceedings of the 2019 9th International Conference on Communication and Network Security Pub Date : 2019-11-15 DOI:10.1145/3371676.3371697

Rui Dai, Chuan Gao, Bo Lang, Lixia Yang, Hongyu Liu, Shaojie Chen

{"title":"SSL Malicious Traffic Detection Based On Multi-view Features","authors":"Rui Dai, Chuan Gao, Bo Lang, Lixia Yang, Hongyu Liu, Shaojie Chen","doi":"10.1145/3371676.3371697","DOIUrl":null,"url":null,"abstract":"In recent years, as more and more softwares use SSL encryption protocol to improve the security and integrity of communications, the encrypted traffic is growing, which brings new challenges to cyber attack detection. Since most of the SSL traffic is unreadable ciphertext, traditional pattern recognition and deep packet inspection are not applicable. In addition, the current machine learning methods are not fully applicable to encrypted traffic detection. The detection of encrypted malicious traffic is still an open problem. In this paper, we propose an SSL malicious traffic detection method based on multi-view features. Our method comprehensively extracts features from multiple views, including flow statistics, SSL handshake field, and certificate to retain key original information. We test four machine learning models, i.e., SVM, Decision Tree, Random Forest, and XGBoost on the CTU Malware dataset. The results show that XGBoost performs best reaching an accuracy of 97.71%, which is better than other studies on the CTU dataset.","PeriodicalId":352443,"journal":{"name":"Proceedings of the 2019 9th International Conference on Communication and Network Security","volume":"34 1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2019 9th International Conference on Communication and Network Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3371676.3371697","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

Abstract

In recent years, as more and more softwares use SSL encryption protocol to improve the security and integrity of communications, the encrypted traffic is growing, which brings new challenges to cyber attack detection. Since most of the SSL traffic is unreadable ciphertext, traditional pattern recognition and deep packet inspection are not applicable. In addition, the current machine learning methods are not fully applicable to encrypted traffic detection. The detection of encrypted malicious traffic is still an open problem. In this paper, we propose an SSL malicious traffic detection method based on multi-view features. Our method comprehensively extracts features from multiple views, including flow statistics, SSL handshake field, and certificate to retain key original information. We test four machine learning models, i.e., SVM, Decision Tree, Random Forest, and XGBoost on the CTU Malware dataset. The results show that XGBoost performs best reaching an accuracy of 97.71%, which is better than other studies on the CTU dataset.

查看原文本刊更多论文

基于多视图特征的SSL恶意流量检测

近年来，随着越来越多的软件采用SSL加密协议来提高通信的安全性和完整性，加密流量越来越大，这给网络攻击检测带来了新的挑战。由于大多数SSL流量都是不可读的密文，传统的模式识别和深度报文检测都不适用。此外，目前的机器学习方法还不能完全适用于加密流量检测。对加密恶意流量的检测仍然是一个有待解决的问题。本文提出了一种基于多视图特征的SSL恶意流量检测方法。该方法从流量统计、SSL握手字段、证书等多个视图综合提取特征，保留关键原始信息。我们在CTU恶意软件数据集上测试了四种机器学习模型，即SVM、Decision Tree、Random Forest和XGBoost。结果表明，XGBoost的准确率最高，达到97.71%，优于CTU数据集上的其他研究。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2019 9th International Conference on Communication and Network Security

自引率

0.00%

发文量