A communication-channel-based method for detecting deeply camouflaged malicious traffic

被引：7

作者：

Fang, Yong ^{[1
]}

Li, Kai ^{[1
]}

Zheng, Rongfeng ^{[2
]}

Liao, Shan ^{[1
]}

Wang, Yue ^{[1
]}

机构：

[1] Sichuan Univ, Sch Cyber Sci & Engn, Chengdu 610065, Peoples R China

[2] Sichuan Univ, Sch Elect & Informat Engn, Chengdu 610065, Peoples R China

来源：

COMPUTER NETWORKS | 2021年 / 197卷

关键词：

Transport layer security (TLS); Deeply camouflaged malicious traffic; Communication channel; Encrypted traffic classification; Feature selection; ATTACK DETECTION; CLASSIFICATION; NETWORKS;

D O I：

10.1016/j.comnet.2021.108297

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

We present a novel method for detecting malicious TLS traffic based on communication channels that can detect deeply camouflaged malicious traffic. Moreover, we designed and extracted three types of channel features, namely, distribution features, consistency features of the Transport Layer Security (TLS) handshake field, and statistical features. Simultaneously, an efficacy feature selection method comprising a genetic algorithm is presented to obtain a global optimal feature subset, which reduces feature dimensions by 64% and increases accuracy by 1.5%. Comparison experiment results show that the proposed method possesses a more stable detection efficacy on different datasets with an accuracy of 97.65% and a much higher F1-score compared with other state-of-the-art classification methods.

引用

页数：14

共 50 条

[1] A communication-channel-based representation system for software
Demirezen, Zekai
Tanik, Murat M.
Aksit, Mehmet
Skjellum, Anthony
[J]. INTEGRATED COMPUTER-AIDED ENGINEERING, 2014, 21 (03) : 235 - 247
[2] Detecting and blocking malicious traffic caused by IRC protocol based botnets
Chi, Zhenhua
Zhao, Zixiang
[J]. 2007 IFIP INTERNATIONAL CONFERENCE ON NETWORK AND PARALLEL COMPUTING WORKSHOPS, PROCEEDINGS, 2007, : 485 - 489
[3] Detecting APT Malware Infections Based on Malicious DNS and Traffic Analysis
Zhao, Guodong
Xu, Ke
Xu, Lei
Wu, Bo
[J]. IEEE ACCESS, 2015, 3 : 1132 - 1142
[4] Detecting IoT Malicious Traffic based on Autoencoder and Convolutional Neural Network
Hwang, Ren-Hung
Peng, Min-Chun
Huang, Chien-Wei
[J]. 2019 IEEE GLOBECOM WORKSHOPS (GC WKSHPS), 2019,
[5] Escape method of malicious traffic based on backdoor attack
Ma, Bowen
Guo, Yuanbo
Ma, Jun
Zhang, Qi
Fang, Chen
[J]. Tongxin Xuebao/Journal on Communications, 2024, 45 (04): : 73 - 83
[6] Detecting unknown HTTP-based malicious communication behavior via generated adversarial flows and hierarchical traffic features
Yun, Xiaochun
Xie, Jiang
Li, Shuhao
Zhang, Yongzheng
Sun, Peishuai
[J]. Computers and Security, 2022, 121
[7] Detecting unknown HTTP-based malicious communication behavior via generated adversarial flows and hierarchical traffic features
Yun, Xiaochun
Xie, Jiang
Li, Shuhao
Zhang, Yongzheng
Sun, Peishuai
[J]. COMPUTERS & SECURITY, 2022, 121
[8] METHOD FOR DETECTING THE OBFUSCATED MALICIOUS CODE BASED ON BEHAVIOR CONNECTION
Li, Wenwu
Li, Chao
Duan, Miyi
[J]. 2014 IEEE 3RD INTERNATIONAL CONFERENCE ON CLOUD COMPUTING AND INTELLIGENCE SYSTEMS (CCIS), 2014, : 234 - 240
[9] A Detecting Method for Malicious Mobile Application Based on Incremental SVM
Li, Yong
Ma, YuanYuan
Chen, Mu
Dai, ZaoJian
[J]. PROCEEDINGS OF 2017 3RD IEEE INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATIONS (ICCC), 2017, : 1246 - 1250
[10] A Malicious Domains Detection Method Based on File Sandbox Traffic
He, Daojing
Dai, Jiayu
Gu, Hongjie
Zhu, Shanshan
Chan, Sammy
Su, Jingyong
Guizani, Mohsen
[J]. IEEE NETWORK, 2023, 37 (06): : 182 - 188

← 1 2 3 4 5 →