Identification of Malicious Encrypted Traffic Through Feature Fusion

Abstract

The popularity of encrypted communication has grown due to increased security awareness and rapid internet development. End-to-end encryption can prevent data attacks but also poses new cybersecurity threats. Thus, identifying malicious encrypted traffic is a focus of research in network behavior analysis and anomaly detection. Recently, deep learning has brought new directions for the development of traffic classification and anomaly detection. Based on deep learning technology, this paper starts from the two directions of data preprocessing and model selection, studies and analyzes multi-dimensional traffic characteristics and multi-granularity carrier characteristics, and proposes corresponding solutions, and finally designs and proposes a malware-oriented Identification scheme for encrypted traffic. This paper first proposes a malicious encrypted traffic identification scheme MET-FMF based on fine-grained multi-feature fusion. Two sets of comparative experiments were designed to compare the multi-dimensional traffic features and the multi-branch network model on the recognition results. The results show that the combination of three-dimensional traffic characteristics and three-branch network model has the best results, with an average accuracy rate of 95.08%.Finally, compared with other schemes, it is found that this scheme has multi-dimensional traffic feature extraction, multi-granularity carrier feature Features such as early session detection and end-to-end transferable learning.