Open set identification of malicious encrypted traffic based on multi-feature fusion

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2024-09-26 DOI:10.1016/j.comnet.2024.110824

Xingwen Zhao, Han Zhang, Hui Li, Xuangui Chen

{"title":"Open set identification of malicious encrypted traffic based on multi-feature fusion","authors":"Xingwen Zhao, Han Zhang, Hui Li, Xuangui Chen","doi":"10.1016/j.comnet.2024.110824","DOIUrl":null,"url":null,"abstract":"<div><div>In the current network environment, an increasing amount of malicious traffic is transmitted through encrypted channels, carrying control commands and data. With the continuous development of communication protocols and applications, new types of malicious encrypted traffic are emerging, posing significant challenges for network management (e.g., traffic engineering). Therefore, accurately identifying malicious traffic in complex open network spaces has become a hot research topic in network security. In this study, we draw inspiration from channel theory in image science and innovatively convert traffic data into Red-Green-Blue (RGB) image format to achieve the fusion of multiple features. Inspired by image recognition technologies, we have designed a multi-granularity network model that integrates both global and local features, serving as our core network architecture. At the top of the model, we have equipped each known category with a unique autoencoder, using its generated manifold to replace traditional prototypes for model construction. Classification is accomplished through a scoring mechanism that evaluates category membership and by setting thresholds to achieve open set recognition of unknown categories. Relying on our self-created dataset,Malicious and Encrypted Traffic 2024 (MNET2024), we conduct a series of extensive experiments. The results demonstrate that our proposed method exhibits outstanding performance in both closed-set and open-set recognition tasks.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":null,"pages":null},"PeriodicalIF":4.4000,"publicationDate":"2024-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S138912862400656X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

In the current network environment, an increasing amount of malicious traffic is transmitted through encrypted channels, carrying control commands and data. With the continuous development of communication protocols and applications, new types of malicious encrypted traffic are emerging, posing significant challenges for network management (e.g., traffic engineering). Therefore, accurately identifying malicious traffic in complex open network spaces has become a hot research topic in network security. In this study, we draw inspiration from channel theory in image science and innovatively convert traffic data into Red-Green-Blue (RGB) image format to achieve the fusion of multiple features. Inspired by image recognition technologies, we have designed a multi-granularity network model that integrates both global and local features, serving as our core network architecture. At the top of the model, we have equipped each known category with a unique autoencoder, using its generated manifold to replace traditional prototypes for model construction. Classification is accomplished through a scoring mechanism that evaluates category membership and by setting thresholds to achieve open set recognition of unknown categories. Relying on our self-created dataset,Malicious and Encrypted Traffic 2024 (MNET2024), we conduct a series of extensive experiments. The results demonstrate that our proposed method exhibits outstanding performance in both closed-set and open-set recognition tasks.

查看原文本刊更多论文

基于多特征融合的恶意加密流量开放集识别

在当前的网络环境中，越来越多的恶意流量通过加密信道传输，携带控制指令和数据。随着通信协议和应用的不断发展，新型恶意加密流量层出不穷，给网络管理（如流量工程）带来了巨大挑战。因此，在复杂的开放网络空间中准确识别恶意流量已成为网络安全领域的热门研究课题。在本研究中，我们从图像科学的信道理论中汲取灵感，创新性地将流量数据转换为红绿蓝（RGB）图像格式，实现了多种特征的融合。受图像识别技术的启发，我们设计了一个多粒度网络模型，将全局和局部特征整合在一起，作为我们的核心网络架构。在模型的顶层，我们为每个已知类别配备了一个独特的自动编码器，利用其生成的流形取代传统的原型来构建模型。分类是通过评估类别成员资格的评分机制和设置阈值来完成的，以实现对未知类别的开放集识别。我们利用自建的数据集 "恶意和加密流量 2024（MNET2024）"进行了一系列广泛的实验。结果表明，我们提出的方法在封闭集和开放集识别任务中都表现出了出色的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.