HMMED: A Multimodal Model with Separate Head and Payload Processing for Malicious Encrypted Traffic Detection

4区 计算机科学 Q3 Computer Science
Peng Xiao, Ying Yan, Jian Hu, Zhenhong Zhang
{"title":"HMMED: A Multimodal Model with Separate Head and Payload Processing for Malicious Encrypted Traffic Detection","authors":"Peng Xiao, Ying Yan, Jian Hu, Zhenhong Zhang","doi":"10.1155/2024/8725832","DOIUrl":null,"url":null,"abstract":"Malicious encrypted traffic detection is a critical component of network security management. Previous detection methods can be categorized into two classes as follows: one is to use the feature engineering method to construct traffic features for classification and the other is to use the end-to-end method that directly inputs the original traffic to obtain traffic features for classification. Both of the abovementioned two methods have the problem that the obtained features cannot fully characterize the traffic. To this end, this paper proposes a hierarchical multimodal deep learning model (HMMED) for malicious encrypted traffic detection. This model adopts the abovementioned two feature generation methods to learn the features of payload and header, respectively, then fuses the features to get the final traffic features, and finally inputs the final traffic features into the softmax classifier for classification. In addition, since traditional deep learning is highly dependent on the training set size and data distribution, resulting in a model that is not very generalizable and difficult to adapt to unseen encrypted traffic, the model proposed in this paper uses a large amount of unlabeled encrypted traffic in the pretraining layer to pretrain a submodel used to obtain a generic packet payload representation. The test results on the USTC-TFC2016 dataset show that the proposed model can effectively solve the problem of insufficient feature extraction of traditional detection methods and improve the ACC of malicious encrypted traffic detection.","PeriodicalId":49554,"journal":{"name":"Security and Communication Networks","volume":"45 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Security and Communication Networks","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1155/2024/8725832","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Computer Science","Score":null,"Total":0}
引用次数: 0

Abstract

Malicious encrypted traffic detection is a critical component of network security management. Previous detection methods can be categorized into two classes as follows: one is to use the feature engineering method to construct traffic features for classification and the other is to use the end-to-end method that directly inputs the original traffic to obtain traffic features for classification. Both of the abovementioned two methods have the problem that the obtained features cannot fully characterize the traffic. To this end, this paper proposes a hierarchical multimodal deep learning model (HMMED) for malicious encrypted traffic detection. This model adopts the abovementioned two feature generation methods to learn the features of payload and header, respectively, then fuses the features to get the final traffic features, and finally inputs the final traffic features into the softmax classifier for classification. In addition, since traditional deep learning is highly dependent on the training set size and data distribution, resulting in a model that is not very generalizable and difficult to adapt to unseen encrypted traffic, the model proposed in this paper uses a large amount of unlabeled encrypted traffic in the pretraining layer to pretrain a submodel used to obtain a generic packet payload representation. The test results on the USTC-TFC2016 dataset show that the proposed model can effectively solve the problem of insufficient feature extraction of traditional detection methods and improve the ACC of malicious encrypted traffic detection.
HMMED:分别处理头部和有效载荷的多模态模型,用于恶意加密流量检测
恶意加密流量检测是网络安全管理的重要组成部分。以往的检测方法可分为以下两类:一类是使用特征工程方法构建流量特征进行分类,另一类是使用端到端方法直接输入原始流量获取流量特征进行分类。上述两种方法都存在一个问题,即获得的特征不能完全表征流量。为此,本文提出了一种用于恶意加密流量检测的分层多模态深度学习模型(HMMED)。该模型采用上述两种特征生成方法,分别学习有效载荷和头部特征,然后将特征融合得到最终流量特征,最后将最终流量特征输入 softmax 分类器进行分类。此外,由于传统的深度学习高度依赖于训练集的大小和数据分布,导致模型的通用性不强,难以适应未见过的加密流量,因此本文提出的模型在预训练层使用大量未标记的加密流量来预训练一个子模型,用于获得通用的数据包有效载荷表示。在 USTC-TFC2016 数据集上的测试结果表明,本文提出的模型能有效解决传统检测方法特征提取不足的问题,提高恶意加密流量检测的 ACC。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Security and Communication Networks
Security and Communication Networks COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS
自引率
0.00%
发文量
1274
审稿时长
11.3 months
期刊介绍: Security and Communication Networks is an international journal publishing original research and review papers on all security areas including network security, cryptography, cyber security, etc. The emphasis is on security protocols, approaches and techniques applied to all types of information and communication networks, including wired, wireless and optical transmission platforms. The journal provides a prestigious forum for the R&D community in academia and industry working at the inter-disciplinary nexus of next generation communications technologies for security implementations in all network layers. Answering the highly practical and commercial importance of network security R&D, submissions of applications-oriented papers describing case studies and simulations are encouraged as well as research analysis-type papers.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信