Journal of Xidian University ›› 2021, Vol. 48 ›› Issue (3): 170-187.doi: 10.19665/j.issn1001-2400.2021.03.022

• Cyberspace Security • Previous Articles     Next Articles

Research on malicious traffic identification technology in encrypted traffic

ZENG Yong1(),WU Zhengyuan1(),DONG Lihua2(),LIU Zhihong1(),MA Jianfeng1(),LI Zan2()   

  1. 1. School of Cyber Engineering,Xidian University,Xi’an 710071,China
    2. State Key Laboratory of Integrated Service Networks,Xidian University,Xi’an 710071,China
  • Received:2020-12-18 Online:2021-06-20 Published:2021-07-05

Abstract:

The encrypted transmission of network traffic is one of the development trends of the Internet.The identification of malicious traffic in encrypted traffic is an important way to maintain the security of cyberspace.One of the prior tasks of identifying malicious traffic is to classify encrypted traffic into the encrypted/unencrypted,different kinds of the application programs and encryption algorithms in order to improve the efficiency of identification.Then they are transformed into the image,matrix,n-gram or other forms which will be sent into the machine learning training model,so as to realize the binary classification and multi classification of benign malicious traffic.However,the machine learning based way relies seriously on the number and quality of samples,and can not effectively deal with the data after traffic shaping or confusion.Fortunately,cryptography based malicious traffic identification can search malicious keywords over encrypted traffic to avoid such problems,which must integrate searchable encryption technology,deep packet inspection and a provable security model to protect both data and rules.Finally,some unsolved problems of malicious traffic identification technology in encrypted traffic are presented.

Key words: encrypted traffic, malicious traffic, machine learning, cryptography

CLC Number: 

  • TP393