加密流量中的恶意流量识别技术

doi:10.19665/j.issn1001-2400.2021.03.022

Abstract

Abstract:

The encrypted transmission of network traffic is one of the development trends of the Internet.The identification of malicious traffic in encrypted traffic is an important way to maintain the security of cyberspace.One of the prior tasks of identifying malicious traffic is to classify encrypted traffic into the encrypted/unencrypted,different kinds of the application programs and encryption algorithms in order to improve the efficiency of identification.Then they are transformed into the image,matrix,n-gram or other forms which will be sent into the machine learning training model,so as to realize the binary classification and multi classification of benign malicious traffic.However,the machine learning based way relies seriously on the number and quality of samples,and can not effectively deal with the data after traffic shaping or confusion.Fortunately,cryptography based malicious traffic identification can search malicious keywords over encrypted traffic to avoid such problems,which must integrate searchable encryption technology,deep packet inspection and a provable security model to protect both data and rules.Finally,some unsolved problems of malicious traffic identification technology in encrypted traffic are presented.

Key words: encrypted traffic, malicious traffic, machine learning, cryptography

CLC Number:

TP393

ZENG Yong,WU Zhengyuan,DONG Lihua,LIU Zhihong,MA Jianfeng,LI Zan. Research on malicious traffic identification technology in encrypted traffic[J].Journal of Xidian University, 2021, 48(3): 170-187.

Figures/Tables 8

文献	识别特征	识别模型	数据集	识别目的	详细描述	评价指标
[12]	头部特征/ 负载特征	CNN/SAE	ISCXVPN/Non-VPN	二分类:vpn/非vpn 六分类:流量类型分类	对包的应用层有效载荷中可用信息的分析	召回率98% 召回率94%
[13]	时序特征	CNN	ISCXVPN/Non-VPN	六分类:流量类型分类	使用CNN对时间相关特征的数据集进行分类	最高准确率94.6%
[14]	头部特征	CNN	ISCXVPN/Non-VPN	二分类:vpn/非vpn 六分类:流量类型分类	流量头部特征可视化为图像	准确率99.9% 准确率94.9%
[15]	头部特征	CAE/ CNN	ISCXVPN/Non-VPN	二分类:vpn/非vpn 六分类:流量类型分类	流量头部特征可视化为图像	准确率98.77% 准确率92.92%
[16]	负载特征	胶囊神经网络	ISCXVPN/Non-VPN	二分类:vpn/非vpn	针对VPN加密报文序列进行高低熵划分	最高准确率99.87%
[17]	负载特征/ 统计特征	人工神经网络	ISCXVPN/Non-VPN	二分类:vpn/非vpn	使用熵估计和人工神经网络相结合	最高准确率92.9%
[18]	负载特征	神经网络	IMG/ COCO^[115]	二分类:加密/压缩流量分类	可以应用于单个数据包,而无需访问整个流	最高准确率94.72%
[19]	头部特征/ 负载特征	深度学习技术	FB/私有数据集	多分类: 加密手机流量分类	基于自动提取的特征建立分类器	优于已有方法
[20]	统计特征	C4.5	私有数据集	多分类: 加密网络流量分类	同时使用统计特征和机器学习的方式	优于单一方法
[21]	统计特征	机器学习	私有数据集	四分类: 应用程序分类	消除了非高斯分布的特征,实现高精度	最高准确率97.4%
[24]	头部特征/ 负载特征	有监督机器学习	私有数据集	五分类: 应用程序分类	离线流量通过指纹识别应用程序	最高准确率99.64%
[26]	统计特征	联合建模	私有数据集	多分类: 应用程序分类	联合建模用户行为模式等特征进行分类	最高准确率97%
[27]	头部特征/ 负载特征	属性图分类	Campus/appScanner^[79]	多分类: 应用程序分类	基于二阶马尔可夫链的属性感知加密流量分类	最高准确率93.49%
[28]	头部特征/ 统计特征	随机森林 RF	私有数据集	识别个人敏感信息	自动从IoT网络流量中推断出个人敏感信息	最高准确率99.8%

文献	识别特征	识别方法	数据集	识别目的	详细描述	准确率
[56]	时空特征	CNN	DARPA1998^[119]/ ISCX2012^[120]	二分类:识别良性/ 恶意流量	利用深层神经网络学习原始流量数据的时空特征	最高99.96%
[59]	头部特征	随机森林	CTU-13^[121] / MCFP	二分类:识别良性/ 恶意流量	只从流量开始的大约8个数据包中提取特征,可以提前检测到恶意应用流量	未提及
[60]	头部特征	聚类	私有数据集和Drebin^[122]	多分类:识别恶意应用流量	利用网络流量信息中多维应用层数据的恶意应用分类和检测	最高90%
[61]	头部特征/ 统计特征	无监督学习算法	CICIDS 2017^[123]	多分类:识别恶意应用流量	用高斯混合模型和排序点识别聚类结构,计算恶意应用之间的距离	平均91.74%
[62]	头部特征/ 负载特征	CNN	USTC-TFC 2016	多分类:识别恶意应用流量	使用原始流量数据转化为图像,利用CNN进行图像分类	平均99.41%
[63]	头部特征/ 负载特征	CNN	CTU-13	二分类:识别良性/ 恶意流量	从连接元数据中提取出上下文特征,使用Perlin噪声将特征编码到图像中	最高97%
[68]	头部特征/ 负载特征	Svm	私有数据集	二分类:识别良性/ 恶意流量	将移动流量视为文档,使用NLP执行恶意应用检测	最高99.15%
[69]	头部特征/ 负载特征	多视图神经网络	私有数据集	二分类:识别良性/ 恶意流量	设计了一种利用应用程序访问的url来识别恶意应用程序的方法。	最高98.75%
[76]	统计特征/ 头部特征	C 4.5	私有数据集	多分类:识别恶意应用流量	网络流量分析与C 4.5相结合识别Android恶意应用	最高99.65%
[77]	统计特征	自组织特征映射	VirusTotal API	多分类:识别恶意应用流量	使用难以混淆的机器数据对恶意应用进行分类	最高89%
[78]	统计特征	模块相似性	私有数据集	二分类:识别良性/ 恶意流量	基于行为的检测体系结构,使用相似性度量来检测入侵	未提及
[79]	统计特征	随机森林	私有数据集	多分类:识别恶意应用流量	在加密的Android应用程序流量中指纹识别和实时识别	最高99%

References 123

[1]	MEEKER, M. Internet Trends (2019)[R/OL]. [2020-12-012020-12-01]. https://www.bondcap.com/report/itr19/.
[2]	CISCO. Encrypted Traffic Analytics(2018)[R/OL]. [2020-12-01]. https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/enterprise-network-security/nb-09-encrytd-traf-anlytcs-wp-cte-en.pdf.
[3]	陈良臣, 高曙, 刘宝旭, 等. 网络加密流量识别研究进展及发展趋势[J]. 信息网络安全, 2019(3):19-25.
	CHEN Liangchen, GAO Shu, LIU Baoxu, et al. Research Status and Development Trends on Network Encrypted Traffic Identification[J]. Netinfo Security, 2019(3):19-25.
[4]	潘吴斌, 程光, 郭晓军, 等. 网络加密流量识别研究综述及展望[J]. 通信学报, 2016,37(9):154-167.
	PAN Wubin, CHENG Guang, GUO Xiaojun, et al. Review and Perspective on Encrypted Traffic Identification Research[J]. Journal on Communications, 2016,37(9):154-167.
[5]	REZAEI S, LIU X. Deep Learning for Encrypted Traffic Classification:An Overview[J]. IEEE Communications Magazine, 2019,57(5):76-81.
[6]	翟明芳, 张兴明, 赵博. 基于深度学习的加密恶意流量检测研究[J]. 网络与信息安全学报, 2020,6(3):66-77.
	ZHAI Mingfang, ZHANG Xingming, ZHAO Bo. Survey of Encrypted Malicious Traffic Detection Based on Deep Learning[J]. Chinese Journal of Network and Information Security, 2020,6(3):66-77.
[7]	ZHAO J, MASOOD R, SENEVIRATNE S, A Review of Computer Vision Methods in Network Security(2020)[J/OL]. [2020-05-07]. https://arxiv.org/abs/2005.03318v1.
[8]	DENG J, DONG W, SOCHER R, et al. ImageNet:A Large-Scale Hierarchical Image Database[C]// Proceedings of the 2009 IEEE Conference on Computer Vision and Pattern Recognition.Piscataway:IEEE, 2009: 248-255.
[9]	BAHRAMALI A, HOUMANSADR A, SOLTANI R, et al. Practical Traffic Analysis Attacks on Secure Messaging Applications[C]// Proceedings of the 2020 Network and Distributed System Security Symposium(NDSS).Piscataway:IEEE, 2020: 508.
[10]	GRUBBS P. Pancake:Frequency Smoothing for Encrypted Data Stores[C]// Proceedings of the 29th USENIX Security Symposium.Piscataway:IEEE, 2020: 2451-2468.
[11]	DRAPER-GIL G, LASHKARI A H, MAMUN M S I, et al. Characterization of Encrypted and VPN Traffic using Time-Related Features[C]// Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP).Piscataway:IEEE, 2016,2:407-414.
[12]	LOTFOLLAHI M, ZADE R S H, SIAVOSHANI M J, et al. Deep Packet:A Novel Approach for Encrypted Traffic Classification Using Deep Learning[J]. Soft Computing, 2017,24(3):1999-2012. doi: 10.1007/s00500-019-04030-2
[13]	BAGUI S, FANG X, KALAIMANNAN E, et al. Comparison of Machine-Learning Algorithms for Classification of VPN Network Traffic Flow Using Time-Related Features[J]. Journal of Cyber Security Technology, 2017,1(2):108-126. doi: 10.1080/23742917.2017.1321891
[14]	Wang W, ZHU M, WANG J L, et al. End-To-End Encrypted Traffic Classification with One-Dimensional Convolution Neural Networks[C]// Proceedings of the 2017 IEEE International Conference on Intelligence and Security Informatics.Piscataway:IEEE, 2017: 43-48.
[15]	GUO L, WU Q, LIU S, et al. Deep Learning-Based Real-Time VPN Encrypted Traffic Identification Methods[J]. Journal of Real-Time Image Processing, 2020,17(1):103-114. doi: 10.1007/s11554-019-00930-6
[16]	唐舒烨, 程光, 蒋泊淼, 等. 基于分段熵分布的VPN加密流量检测与识别方法[J]. 网络空间安全, 2020,11(8):23-27.
	TANG Shuye, CHENG Guang, JIANG Bomiao, et al. Detection and Recognition of VPN Encrypted Traffic Based on Segmented Entropy Distribution[J]. Information Security and Technology, 2020,11(8):23-27.
[17]	ZHOU K, WANG W, WU C, et al. Practical Evaluation of Encrypted Traffic Classification Based on A Combined Method of Entropy Estimation and Neural Networks[J]. ETRI Journal, 2020,42(3):311-323. doi: 10.4218/etrij.2019-0190
[18]	CASINO F, CHOO K K R, PATSAKIS C, HEDGE:Efficient Traffic Classification of Encrypted and Compressed Packets[J]. IEEE Transactions on Information Forensics and Security, 2019,14(1):2916-2926. doi: 10.1109/TIFS.10206
[19]	ACETO G, CIUONZO D, MONTIERI A, et al. Toward Effective Mobile Encrypted Traffic Classification through Deep Learning[J]. Neurocomputing, 2020,409:306-315. doi: 10.1016/j.neucom.2020.05.036
[20]	NIU W, ZHUO Z, ZHANG X, et al. A Heuristic Statistical Testing Based Approach for Encrypted Network Traffic Identification[J]. IEEE Transactions on Vehicular Technology, 2019,68(4):3843-3853. doi: 10.1109/TVT.25
[21]	OKADA Y, ATA S, NAKAMURA N, et al. Application Identification from Encrypted Traffic Based on Characteristic Changes by Encryption[C]// Proceedings of the 2011 IEEE International Workshop Technical Committee on Communications Quality and Reliability(CQR).Piscataway:IEEE, 2011: 1-6.
[22]	HE G, YANG M, LUO J, et al. Inferring Application Type Information from Tor Encrypted Traffic[C]// Proceedings of the Second International Conference on Advanced Cloud & Big Data.Piscataway:IEEE, 2014: 220-227.
[23]	HE G F, YANG M, LUO J Z, et al. A Novel Application Classification Attack Against Tor[J]. Concurrency and Computation Practice and Experience, 2015,27(18):5640-5661. doi: 10.1002/cpe.3593
[24]	ALMUBAYED A, HADI A, ATOUM J. A Model for Detecting Tor Encrypted Traffic using Supervised Machine Learning[J]. International Journal of Computer Network and Information Security, 2015,7(7):10-23.
[25]	CONTI M, MANCINI L V, SPOLAOR R, et al. Analyzing Android Encrypted Network Traffic to Identify User Actions[J]. Information Forensicsand Security IEEE Transactions on, 2016,11(1):114-125.
[26]	FU Y, XIONG H, LU X, et al. Service Usage Classification with Encrypted Internet Traffic in Mobile Messaging Apps[J]. IEEE Transactions on Mobile Computing, 2016,15(11):2851-2864. doi: 10.1109/TMC.2016.2516020
[27]	SHEN M, WEI M, ZHU L, et al. Classification of Encrypted Traffic with Second-Order Markov Chains and Application Attribute Bigrams[J]. IEEE Transactions on Information Forensics and Security, 2017,12(8):1830-1843. doi: 10.1109/TIFS.2017.2692682
[28]	SUBAHI A, THEODORAKOPOULOS G. Detecting IoT User Behavior and Sensitive Information in Encrypted IoT-App Traffic[J]. Sensors, 2019,19(21):4777. doi: 10.3390/s19214777
[29]	KEARANS M J. The Computational Complexity of Machine Learning[M]. Massachusetts: The MIT Press, 1990.
[30]	RIVEST R L. Cryptography and Machine Learning[C]// Proceedings of the International Conference on the Theory and Application of Cryptology.Heidelberg:Springer, 1991: 427-439.
[31]	张经纬, 舒辉, 蒋烈辉, 等. 公钥密码算法识别技术研究[J]. 计算机工程与设计, 2011,32(10):3243-3246.
	ZHANG Jingwei, SHU Hui, JIANG Liehui, et al. Research on Public Key's Cryptography Algorithm Recognition Technology[J]. Computer Engineering and Design, 2011,32(10):3243-3246.
[32]	POORJA M. Classification of Ciphers[D]. Varanasi:Indian Institute of Technology, 2001.
[33]	MISHRA S, BHATTACHARJYA A. Pattern Analysis of Cipher Text:A Combined Approach[C]// Proceedings of the 2013 International Conference on Recent Trends in Information Technology(ICRTIT).Piscataway:IEEE, 2013: 393-398.
[34]	DIMOVSKI A, GLIGOROSKI D. Generating Highly Nonlinear Boolean Functions Using A Genetic Algorithm[C]// Proceedings of the 6th International Conference on Telecommunications in Modern Satellite,Cable and Broadcasting Service.Piscataway:IEEE, 2003: 604-607.
[35]	MILLAN W, CLARK A, DAWSON E. Heuristic Design of Cryptographically Strong Balanced Boolean Functions[C]// Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques.Heidelberg:Springer, 1998: 489-499.
[36]	SEGHIER A, LI J. ParallelSteepest Ascent Hill-Climbing for High Nonlinear Boolean and Vectorial Boolean Functions (S-Boxes)[C]// Proceedings of the International Conference on Information and Communications Security.Heidelberg:Springer, 2019: 413-429.
[37]	ALANI M M. Neuro-Cryptanalysis of DES[C]// Proceedings of the World Congress on Internet Security(WorldCIS-2012).Piscataway:IEEE, 2012: 23-27.
[38]	HETTWER B, GEHRER S, GUNEYSU T. DeepNeural Network Attribution Methods for Leakage Analysis and Symmetric Key Recovery[C]// Proceedings of the International Conference on Selected Areas in Cryptography.Heidelberg:Springer, 2019: 645-666.
[39]	CHERVYAKOV N I. The EC Sequences on Points of an Elliptic Curve Realization Using Neural Networks[J]. Advances in Intelligent Systems and Computing, 2016,427:147-154.
[40]	AGOSTA G, BARENGHI A, PELOSI G. Compiler-Based Techniques to Secure Cryptographic Embedded Software Against Side Channel Attacks[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2020 39(8):1550-1554. doi: 10.1109/TCAD.43
[41]	BATINA L, BHASIN S, JAP D, et al. Poster:Recovering the Input of Neural Networks Via Single Shot Side-Channel Attacks[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security.New York:ACM, 2019: 2657-2659.
[42]	LIU F F, YAROM Y, GE Q, et al. Last-Level Cache Side-Channel Attacks Are Practical[C]// Proceedings of the 2015 IEEE Symposium on Security and Privacy(SP).Piscataway:IEEE, 2015: 605-622.
[43]	DILEEP A D, SEKHAR C C. Identificationof Block Ciphers Using Support Vector Machines[C]// Proceedings of the 2006 IEEE International Joint Conference on Neural Network Proceedings.Piscataway:IEEE, 2006: 2696-2701.
[44]	CHOU J, LIN S, CHENG C M. On the Effectiveness of Using State-Of-The-Art Machine Learning Techniques to Launch Cryptographic Distinguishing Attacks[C]// Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence.Piscataway:IEEE, 2012: 105-109.
[45]	NAGIREDDY S. A pattern recognition approa to block cipher identification[D].Madras:Master of Sciece Dissertation-Indian Institute of Technology, 2008.
[46]	SONI A, KARNICK H, AGARWAL M. Learning encryption algorithms from ciphertext[R].Kanpur:Dept of Computer Science and Engineering, IIT Kanpur, 2009.
[47]	SHARIF S O, MANSOOR S P . Performance Evaluation of Classifiers Used for Identification of Encryption Algorithms[C]// Proceedings of the International Conference on Advances in Information & Communication Technologies.Piscataway:IEEE, 2011: 42-45.
[48]	SUHAILA O S, KUNCHEVA L I, MANSOOR S P. Classifying Encryption Algorithms Using Pattern Recognition Techniques[C]// Proceedings of the 2010 IEEE International Conference on Information Theory and Information Security.Piscataway:IEEE, 2011: 1168-1172.
[49]	SOUZA W A R D, ALLAN T. A Distinguishing Attack with A Neural Network[C]// Proceedings of the 2013 IEEE 13th International Conference on Data Mining Workshops.Piscataway:IEEE, 2013: 154-161.
[50]	BHATEJA A K, DIN M. ANN Based Distinguishing Attack on RC4 Stream Cipher[C]// Proceedings of the 7th International Conference on Bio-Inspired Computing:Theories and Applications (BIC-TA 2012).Piscataway:IEEE, 2013: 101-109.
[51]	WU Y, WANG T, XING M, et al. BlockCiphers Identification Scheme Based on The Distribution Character of Randomness Test Values of Ciphertext[J]. Journal on Communications, 2016,36(4):147.
	WU Y, WANG T, XING M, et al. BlockCiphers Identification Scheme Based on The Distribution Character of Randomness Test Values of Ciphertext[J]. Journal on Communications, 2016,36(4):147.
[52]	黄良韬, 赵志诚, 赵亚群. 基于随机森林的密码体制分层识别方案[J]. 计算机学报, 2018,41(2):382-399.
	黄良韬, 赵志诚, 赵亚群. 基于随机森林的密码体制分层识别方案[J]. 计算机学报, 2018,41(2):382-399.
	HUANG Liangtao, ZHAO Zhicheng, ZHAO Yaqun. A Two-Stage Cryptosystem Recognition Scheme Based on Random Forest[J]. Chinese Journal of Computers, 2018,41(2):382-399.
	HUANG Liangtao, ZHAO Zhicheng, ZHAO Yaqun. A Two-Stage Cryptosystem Recognition Scheme Based on Random Forest[J]. Chinese Journal of Computers, 2018,41(2):382-399.
[53]	赵志诚. 基于机器学习的密码体制识别研究[D]. 郑州:战略支援部队信息工程大学, 2018.
	赵志诚. 基于机器学习的密码体制识别研究[D]. 郑州:战略支援部队信息工程大学, 2018.
[54]	ZHAO Z, ZHAO Y, LIU F. The Research of Cryptosystem Recognition Based on Randomness Test’s Return Value[C]// Proceedings of the International Conference on Cloud Computing and Security.Heidelberg:Springer, 2018: 3-15.
	ZHAO Z, ZHAO Y, LIU F. The Research of Cryptosystem Recognition Based on Randomness Test’s Return Value[C]// Proceedings of the International Conference on Cloud Computing and Security.Heidelberg:Springer, 2018: 3-15.
[55]	ZHAO Z, ZHAO Y, LIU F. Research on Grain-128's Cryptosystem Recognition[C]// Proceedings of the 2018 IEEE 3rd Advanced Information Technology,Electronic and Automation Control Conference(IAEAC).Piscataway:IEEE, 2018: 2013-2017.
	ZHAO Z, ZHAO Y, LIU F. Research on Grain-128's Cryptosystem Recognition[C]// Proceedings of the 2018 IEEE 3rd Advanced Information Technology,Electronic and Automation Control Conference(IAEAC).Piscataway:IEEE, 2018: 2013-2017.
[56]	WANG W, SHENG Y, WANG J, et al. HAST-IDS:Learning Hierarchical Spatial-Temporal Features Using Deep Neural Networks to Improve Intrusion Detection[J]. IEEE Access, 2018,6:1792-1806. doi: 10.1109/ACCESS.2017.2780250
	WANG W, SHENG Y, WANG J, et al. HAST-IDS:Learning Hierarchical Spatial-Temporal Features Using Deep Neural Networks to Improve Intrusion Detection[J]. IEEE Access, 2018,6:1792-1806. doi: 10.1109/ACCESS.2017.2780250
[57]	KIM J, KIM H S. Intrusion Detection Based on Spatiotemporal Characterization of Cyberattacks[J]. Electronics, 2020,9(3):460. doi: 10.3390/electronics9030460
	KIM J, KIM H S. Intrusion Detection Based on Spatiotemporal Characterization of Cyberattacks[J]. Electronics, 2020,9(3):460. doi: 10.3390/electronics9030460
[58]	ANDERSON B, DAVID M G. Identifying Encrypted Malware Traffic with Contextual Flow Data[C]// Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security.NewYork:ACM, 2016: 35-46.
	ANDERSON B, DAVID M G. Identifying Encrypted Malware Traffic with Contextual Flow Data[C]// Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security.NewYork:ACM, 2016: 35-46.
[59]	LIU J, ZENG Y, SHI J, et al. MalDetect:A Structure of Encrypted Malware Traffic Detection[J]. Computers,Materials and Continua, 2019,60(2):721-739. doi: 10.32604/cmc.2019.05610
	LIU J, ZENG Y, SHI J, et al. MalDetect:A Structure of Encrypted Malware Traffic Detection[J]. Computers,Materials and Continua, 2019,60(2):721-739. doi: 10.32604/cmc.2019.05610
[60]	LI Z, SUN L, YAN Q, et al. DroidClassifier:Efficient Adaptive Mining of Application-Layer Header for Classifying Android Malware[C]// Proceedings of the International Conference on Security & Privacy in Communication Systems.Heidelberg:Springer, 2016: 597-616.
	LI Z, SUN L, YAN Q, et al. DroidClassifier:Efficient Adaptive Mining of Application-Layer Header for Classifying Android Malware[C]// Proceedings of the International Conference on Security & Privacy in Communication Systems.Heidelberg:Springer, 2016: 597-616.
[61]	LIU J, TIAN Z, ZHENG R, et al. A Distance-Based Method for Building an Encrypted Malware Traffic Identification Framework[J]. IEEE Access, 2019,7:100014-100028. doi: 10.1109/Access.6287639
	LIU J, TIAN Z, ZHENG R, et al. A Distance-Based Method for Building an Encrypted Malware Traffic Identification Framework[J]. IEEE Access, 2019,7:100014-100028. doi: 10.1109/Access.6287639
[62]	WANG W, ZHU M, ZENG X, et al. Malware Traffic Classification Using Convolutional Neural Network for Representation Learning[C]// Proceedings of the 2017 International Conference on Information Networking(ICOIN).Piscataway:IEEE, 2017: 712-717.
	WANG W, ZHU M, ZENG X, et al. Malware Traffic Classification Using Convolutional Neural Network for Representation Learning[C]// Proceedings of the 2017 International Conference on Information Networking(ICOIN).Piscataway:IEEE, 2017: 712-717.
[63]	BAZUHAIR W, LEE W. Detecting Malign Encrypted Network Traffic Using Perlin Noise and Convolutional Neural Network[C]// Proceedings of the 2020 10th Annual Computing and Communication Workshop and Conference(CCWC).Piscataway:IEEE, 2020: 200-206.
	BAZUHAIR W, LEE W. Detecting Malign Encrypted Network Traffic Using Perlin Noise and Convolutional Neural Network[C]// Proceedings of the 2020 10th Annual Computing and Communication Workshop and Conference(CCWC).Piscataway:IEEE, 2020: 200-206.
[64]	NI S, QIAN Q, ZHANG R. Malware Identification Using Visualization Images and Deep Learning[J]. Computers & Security, 2018,77:871-885. doi: 10.1016/j.cose.2018.04.005
	NI S, QIAN Q, ZHANG R. Malware Identification Using Visualization Images and Deep Learning[J]. Computers & Security, 2018,77:871-885. doi: 10.1016/j.cose.2018.04.005
[65]	SU J, VARGAS D V, PRASAD S, et al. Lightweight Classification of IoT Malware based on Image Recognition[C]// Proceedings of the 2018 IEEE 42nd Annual Computer Software and Applications Conference(COMPSAC).Piscataway:IEEE, 2018: 664-669.
	SU J, VARGAS D V, PRASAD S, et al. Lightweight Classification of IoT Malware based on Image Recognition[C]// Proceedings of the 2018 IEEE 42nd Annual Computer Software and Applications Conference(COMPSAC).Piscataway:IEEE, 2018: 664-669.
[66]	VENKATRAMAN S, ALAZAB M, VINAYAKUMAR R. A Hybrid Deep Learning Image-Based Analysis for Effective Malware Detection[J]. Journal of Information Security and Applications, 2019,47:377-389. doi: 10.1016/j.jisa.2019.06.006
	VENKATRAMAN S, ALAZAB M, VINAYAKUMAR R. A Hybrid Deep Learning Image-Based Analysis for Effective Malware Detection[J]. Journal of Information Security and Applications, 2019,47:377-389. doi: 10.1016/j.jisa.2019.06.006
[67]	DARSHAN S L S, CD J. Windows Malware Detector Using Convolutional Neural Network Based on Visualization Images[J]. IEEE Transactions on Emerging Topics in Computing, 2019,99:1.
	DARSHAN S L S, CD J. Windows Malware Detector Using Convolutional Neural Network Based on Visualization Images[J]. IEEE Transactions on Emerging Topics in Computing, 2019,99:1.
[68]	WANG S, YAN Q, CHEN Z, et al. Detecting Android Malware Leveraging Text Semantics of Network Flows[J]. IEEE Transactions on Information Forensics and Security, 2017,13(5):1096-1109. doi: 10.1109/TIFS.2017.2771228
	WANG S, YAN Q, CHEN Z, et al. Detecting Android Malware Leveraging Text Semantics of Network Flows[J]. IEEE Transactions on Information Forensics and Security, 2017,13(5):1096-1109. doi: 10.1109/TIFS.2017.2771228
[69]	WANG S, CHEN Z, YAN Q, et al. Deep and Broad Learning Based Detection of Android Malware via Network Traffic[C]// Proceedings of the 2018 IEEE/ACM 26th International Symposium on Quality of Service(IWQoS).NewYork:ACM, 2018: 1-6.
	WANG S, CHEN Z, YAN Q, et al. Deep and Broad Learning Based Detection of Android Malware via Network Traffic[C]// Proceedings of the 2018 IEEE/ACM 26th International Symposium on Quality of Service(IWQoS).NewYork:ACM, 2018: 1-6.
[70]	WANG S, CHEN Z, YAN Q, et al. Deep and Broad URL Feature Mining for Android Malware Detection[J]. Information Sciences, 2019,513:600-613. doi: 10.1016/j.ins.2019.11.008
	WANG S, CHEN Z, YAN Q, et al. Deep and Broad URL Feature Mining for Android Malware Detection[J]. Information Sciences, 2019,513:600-613. doi: 10.1016/j.ins.2019.11.008
[71]	WANG W, WEI J, ZHANG S, et al. LSCDroid:Malware Detection Based on Local Sensitive API Invocation Sequences[J]. IEEE Transactions on Reliability, 2019,69:174-187. doi: 10.1109/TR.24
	WANG W, WEI J, ZHANG S, et al. LSCDroid:Malware Detection Based on Local Sensitive API Invocation Sequences[J]. IEEE Transactions on Reliability, 2019,69:174-187. doi: 10.1109/TR.24
[72]	KATO H. Android Malware Detection Scheme Based on Level of SSL Server Certificate[J]. IEICE Transactions on Information and Systems, 2020,103(2):379-389.
	KATO H. Android Malware Detection Scheme Based on Level of SSL Server Certificate[J]. IEICE Transactions on Information and Systems, 2020,103(2):379-389.
[73]	REN B, LIU C, CHENG B, et al. MobiSentry:Towards Easy and Effective Detection of Android Malware on Smartphones[J]. Mobile Information Systems, 2018,2018:1-14.
	REN B, LIU C, CHENG B, et al. MobiSentry:Towards Easy and Effective Detection of Android Malware on Smartphones[J]. Mobile Information Systems, 2018,2018:1-14.
[74]	YOUSEFI-AZAR M, HAMEY L, VARADHARAJAN V, et al. Malytics:A Malware Detection Scheme[J]. IEEE Access, 2018,6:49418-49431. doi: 10.1109/ACCESS.2018.2864871
	YOUSEFI-AZAR M, HAMEY L, VARADHARAJAN V, et al. Malytics:A Malware Detection Scheme[J]. IEEE Access, 2018,6:49418-49431. doi: 10.1109/ACCESS.2018.2864871
[75]	WRIGHT C V, BALLARD L, COULL S E, et al. Spot Me if You Can:Uncovering Spoken Phrases in Encrypted VoIP Conversations[C]// Proceedings of the 2008 IEEE Symposium on Security and Privacy(Sp 2008).Piscataway:IEEE, 2008: 35-49.
	WRIGHT C V, BALLARD L, COULL S E, et al. Spot Me if You Can:Uncovering Spoken Phrases in Encrypted VoIP Conversations[C]// Proceedings of the 2008 IEEE Symposium on Security and Privacy(Sp 2008).Piscataway:IEEE, 2008: 35-49.
[76]	WANG S, CHEN Z, ZHANG L, et al. TrafficAV:An Effective and Explainable Detection of Mobile Malware Behavior Using Network Traffic[C]// Proceedings of the 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS).New York:ACM, 2016: 1-6.
	WANG S, CHEN Z, ZHANG L, et al. TrafficAV:An Effective and Explainable Detection of Mobile Malware Behavior Using Network Traffic[C]// Proceedings of the 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS).New York:ACM, 2016: 1-6.
[77]	BURNAP P, FRENCH R, TURNER F, et al. Malware Classification Using Self Organising Feature Maps and Machine Activity Data[J]. Computers & Security, 2018,73:399-410. doi: 10.1016/j.cose.2017.11.016
	BURNAP P, FRENCH R, TURNER F, et al. Malware Classification Using Self Organising Feature Maps and Machine Activity Data[J]. Computers & Security, 2018,73:399-410. doi: 10.1016/j.cose.2017.11.016
[78]	NEU C V, ZORZO A F, OROZCO A M S, et al. An Approach for Detecting Encrypted Insider Attacks on OpenFlow SDN Networks[C]// Proceedings of the 2016 11th International Conference for Internet Technology and Secured Transactions(ICITST).Piscataway:IEEE, 2016: 210-215.
	NEU C V, ZORZO A F, OROZCO A M S, et al. An Approach for Detecting Encrypted Insider Attacks on OpenFlow SDN Networks[C]// Proceedings of the 2016 11th International Conference for Internet Technology and Secured Transactions(ICITST).Piscataway:IEEE, 2016: 210-215.
[79]	TAYLOR V F, SPOLAOR R, CONTI M, et al. AppScanner:Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic[C]// Proceedings of the 2016 IEEE European Symposium on Security and Privacy(EuroS&P).Piscataway:IEEE, 2016: 439-454.
	TAYLOR V F, SPOLAOR R, CONTI M, et al. AppScanner:Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic[C]// Proceedings of the 2016 IEEE European Symposium on Security and Privacy(EuroS&P).Piscataway:IEEE, 2016: 439-454.
[80]	ZHANG W, MENG Y, LIU Y, et al. HoMonit:Monitoring Smart Home Apps from Encrypted Traffic[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.New York:ACM, 2018: 1074-1088.
	ZHANG W, MENG Y, LIU Y, et al. HoMonit:Monitoring Smart Home Apps from Encrypted Traffic[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.New York:ACM, 2018: 1074-1088.
[81]	MA Z, LIU Y, WANG Z, et al. A Machine Learning-Based Scheme for The Security Analysis of Authentication and Key Agreement Protocols[J]. Neural Computing and Applications, 2018,32(22):16819-16831. doi: 10.1007/s00521-018-3929-8
	MA Z, LIU Y, WANG Z, et al. A Machine Learning-Based Scheme for The Security Analysis of Authentication and Key Agreement Protocols[J]. Neural Computing and Applications, 2018,32(22):16819-16831. doi: 10.1007/s00521-018-3929-8
[82]	SONG D, WAGNER D, PERRIG A. Practical Techniques for Searches on Encrypted Data[C]// Proceeding of the 2000 IEEE Symposium on Security and Privacy.Piscataway:IEEE, 2000: 44-55.
	SONG D, WAGNER D, PERRIG A. Practical Techniques for Searches on Encrypted Data[C]// Proceeding of the 2000 IEEE Symposium on Security and Privacy.Piscataway:IEEE, 2000: 44-55.
[83]	BONEH D. Public Key Encryption with Keyword Search[C]// Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques(EUROCRYPT 2004).Heidelberg:Springer, 2004: 506-522.
	BONEH D. Public Key Encryption with Keyword Search[C]// Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques(EUROCRYPT 2004).Heidelberg:Springer, 2004: 506-522.
[84]	陈晓峰, 王育民. 公钥密码体制研究与进展[J]. 通信学报, 2004(8):109-118.
	陈晓峰, 王育民. 公钥密码体制研究与进展[J]. 通信学报, 2004(8):109-118.
	CHEN Xiaofeng, WANG Yumin. A Survey of Public Key Cryptography[J]. Journal of China Institute of Communications, 2004(8):109-118.
	CHEN Xiaofeng, WANG Yumin. A Survey of Public Key Cryptography[J]. Journal of China Institute of Communications, 2004(8):109-118.
[85]	WANG Y, WANG J, CHEN X. Secure Searchable Encryption:A Survey[J]. Journal of Communications and Information Networks, 2016,1(4):52-65. doi: 10.1007/BF03391580
	WANG Y, WANG J, CHEN X. Secure Searchable Encryption:A Survey[J]. Journal of Communications and Information Networks, 2016,1(4):52-65. doi: 10.1007/BF03391580
[86]	GOH E. Secure Indexes (2003)[J/OL]. [2003-10-07]. https://eprint.iacr.org/2003/216.pdf.
	GOH E. Secure Indexes (2003)[J/OL]. [2003-10-07]. https://eprint.iacr.org/2003/216.pdf.
[87]	CURTMOLA R, GARAY J, KAMARA S, et al. Searchable Symmetric Encryption:Improved Definitions and Efficient Constructions[J]. Journal of Computer Security, 2011,19(5):895-934. doi: 10.3233/JCS-2011-0426
	CURTMOLA R, GARAY J, KAMARA S, et al. Searchable Symmetric Encryption:Improved Definitions and Efficient Constructions[J]. Journal of Computer Security, 2011,19(5):895-934. doi: 10.3233/JCS-2011-0426
[88]	KUROSAWA K, OHTAKI Y. UC-Secure Searchable Symmetric Encryption[C]// Proceedings of the International Conference on Financial Cryptography and Data Security.Heidelberg:Springer, 2012: 285-298.
	KUROSAWA K, OHTAKI Y. UC-Secure Searchable Symmetric Encryption[C]// Proceedings of the International Conference on Financial Cryptography and Data Security.Heidelberg:Springer, 2012: 285-298.
[89]	GOLLE P, STADDON J, WATERS B R. Secure Conjunctive Keyword Search over Encrypted Data[C]// Proceedings of the International Conference on Applied Cryptography and Network Security.Piscataway:IEEE, 2004: 31-45.
	GOLLE P, STADDON J, WATERS B R. Secure Conjunctive Keyword Search over Encrypted Data[C]// Proceedings of the International Conference on Applied Cryptography and Network Security.Piscataway:IEEE, 2004: 31-45.
[90]	CASH D, JARECKI S, JUTLA C, et al. Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries[J]. Advances in Cryptology-CRYPTO 2013, 2013,8042:353-373.
	CASH D, JARECKI S, JUTLA C, et al. Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries[J]. Advances in Cryptology-CRYPTO 2013, 2013,8042:353-373.
[91]	PAPPAS V, KRELL F, Vo B, et al. Blind Seer:A Scalable Private DBMS[C]// Proceedings of the 2014 IEEE Symposium on Security and Privacy.Piscataway:IEEE, 2014: 359-374.
	PAPPAS V, KRELL F, Vo B, et al. Blind Seer:A Scalable Private DBMS[C]// Proceedings of the 2014 IEEE Symposium on Security and Privacy.Piscataway:IEEE, 2014: 359-374.
[92]	LI J, WANG Q, WANG C, et al. Fuzzy Keyword Search over Encrypted Data in Cloud Computing[C]// Proceedings of the 2010 IEEE INFOCOM.Piscataway:IEEE, 2010: 441-445.
	LI J, WANG Q, WANG C, et al. Fuzzy Keyword Search over Encrypted Data in Cloud Computing[C]// Proceedings of the 2010 IEEE INFOCOM.Piscataway:IEEE, 2010: 441-445.
[93]	GIONIS A. Similarity Search in High Dimensions via Hashing[C]// Proceedings of the 25th International Conference on Very Large Data Bases.Edinburgh:Morgan Kaufmann, 1999: 518-529.
	GIONIS A. Similarity Search in High Dimensions via Hashing[C]// Proceedings of the 25th International Conference on Very Large Data Bases.Edinburgh:Morgan Kaufmann, 1999: 518-529.
[94]	SUN W, WANG B, CAO N, et al. Verifiable Privacy-Preserving Multi-Keyword Text Search in the Cloud Supporting Similarity-Based Ranking[J]. IEEE Transactions on Parallel and Distributed Systems, 2014,25(11):3025-3035. doi: 10.1109/TPDS.2013.282
	SUN W, WANG B, CAO N, et al. Verifiable Privacy-Preserving Multi-Keyword Text Search in the Cloud Supporting Similarity-Based Ranking[J]. IEEE Transactions on Parallel and Distributed Systems, 2014,25(11):3025-3035. doi: 10.1109/TPDS.2013.282
[95]	SHI E, BETHENCOURT J, CHAN T, et al. Multi-Dimensional Range Query over Encrypted Data[C]// Proceedings of the 2007 IEEE Symposium on Security and Privacy(SP’07).Piscataway:IEEE, 2007: 350-364.
	SHI E, BETHENCOURT J, CHAN T, et al. Multi-Dimensional Range Query over Encrypted Data[C]// Proceedings of the 2007 IEEE Symposium on Security and Privacy(SP’07).Piscataway:IEEE, 2007: 350-364.
[96]	AGRAWAL R, KIERNAN J, SRIKANT R, et al. Order Preserving Encryption for Numeric Data[C]// Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data.New York:ACM, 2004: 563-574.
	AGRAWAL R, KIERNAN J, SRIKANT R, et al. Order Preserving Encryption for Numeric Data[C]// Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data.New York:ACM, 2004: 563-574.
[97]	CAI K, ZHANG M, FENG D G. Secure Range Query with Single Assertion on Encrypted Data[J]. Chinese Journal of Computers, 2011,34(11):2093-2103. doi: 10.3724/SP.J.1016.2011.02093
	CAI K, ZHANG M, FENG D G. Secure Range Query with Single Assertion on Encrypted Data[J]. Chinese Journal of Computers, 2011,34(11):2093-2103. doi: 10.3724/SP.J.1016.2011.02093
[98]	GENTRY C. Fully Homomorphic Encryption Using Ideal Lattices[C]// Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing.New York:ACM, 2009: 169-178.
	GENTRY C. Fully Homomorphic Encryption Using Ideal Lattices[C]// Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing.New York:ACM, 2009: 169-178.
[99]	RIVEST R, ADLEMAN L, DERTOUZOS M. On Databanks and Privacy Homomorphism[J]. Foundations of Secure Computation, 1978,4(11):169-180.
	RIVEST R, ADLEMAN L, DERTOUZOS M. On Databanks and Privacy Homomorphism[J]. Foundations of Secure Computation, 1978,4(11):169-180.
[100]	SAHAI A, WATERS B. Fuzzy Identity-Based Encryption[C]// Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques.Piscataway:IEEE, 2005: 457-473.
	SAHAI A, WATERS B. Fuzzy Identity-Based Encryption[C]// Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques.Piscataway:IEEE, 2005: 457-473.
[101]	LI J, HUANG X, LI J W, et al. Securely Outsourcing Attribute-Based Encryption with Checkability[J]. IEEE Transactions on Parallel and Distributed Systems, 2014,25(8):2201-2210. doi: 10.1109/TPDS.2013.271
	LI J, HUANG X, LI J W, et al. Securely Outsourcing Attribute-Based Encryption with Checkability[J]. IEEE Transactions on Parallel and Distributed Systems, 2014,25(8):2201-2210. doi: 10.1109/TPDS.2013.271
[102]	SHAMIR A. Identity-Based Cryptosystems and Signature Schemes[C]// Proceedings of the CRYPTO 84 on Advances in Cryptology.Heidelberg:Springer, 1984: 47-53.
	SHAMIR A. Identity-Based Cryptosystems and Signature Schemes[C]// Proceedings of the CRYPTO 84 on Advances in Cryptology.Heidelberg:Springer, 1984: 47-53.
[103]	王贇玲. 云环境下密文数据的连接关键词检索技术研究[D]. 西安:西安电子科技大学, 2019.
	王贇玲. 云环境下密文数据的连接关键词检索技术研究[D]. 西安:西安电子科技大学, 2019.
[104]	GOLTZSCHE D, RUSCH S, NIEKE M, et al. EndBox:Scalable Middlebox Functions Using Client-Side Trusted Execution[C]// Proceedings of the 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.Piscataway:IEEE, 2018: 386-397.
	GOLTZSCHE D, RUSCH S, NIEKE M, et al. EndBox:Scalable Middlebox Functions Using Client-Side Trusted Execution[C]// Proceedings of the 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.Piscataway:IEEE, 2018: 386-397.
[105]	HUNT T, ZHU Z, XU Y, et al. Ryoan:A Distributed Sandbox for Untrusted Computation on Secret Data[J]. ACM Transactions on Computer Systems, 2018,35(4):32.
	HUNT T, ZHU Z, XU Y, et al. Ryoan:A Distributed Sandbox for Untrusted Computation on Secret Data[J]. ACM Transactions on Computer Systems, 2018,35(4):32.
[106]	YUAN X, WANG X, LIN J, et al. Privacy-Preserving Deep Packet Inspection in Outsourced Middleboxes[C]// Proceedings of the IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications.Piscataway:IEEE, 2016: 1-9.
	YUAN X, WANG X, LIN J, et al. Privacy-Preserving Deep Packet Inspection in Outsourced Middleboxes[C]// Proceedings of the IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications.Piscataway:IEEE, 2016: 1-9.
[107]	SHERRY J, LAN C, POPA R A, et al. BlindBox:Deep Packet Inspection over Encrypted Traffic[J]. ACM SIGCOMM Computer Communication Review, 2015,45(5):213-226. doi: 10.1145/2829988.2787502
	SHERRY J, LAN C, POPA R A, et al. BlindBox:Deep Packet Inspection over Encrypted Traffic[J]. ACM SIGCOMM Computer Communication Review, 2015,45(5):213-226. doi: 10.1145/2829988.2787502
[108]	REN H, LI H, LIU D, et al. Toward Efficient and Secure Deep Packet Inspection for Outsourced Middlebox[C]// Proceedings of the ICC 2019-2019 IEEE International Conference on Communications (ICC).Piscataway:IEEE, 2019: 1-6.
	REN H, LI H, LIU D, et al. Toward Efficient and Secure Deep Packet Inspection for Outsourced Middlebox[C]// Proceedings of the ICC 2019-2019 IEEE International Conference on Communications (ICC).Piscataway:IEEE, 2019: 1-6.
[109]	KAMARA S, MOATAZ T. Boolean Searchable Symmetric Encryption with Worst-Case Sub-Linear Complexity[C]// Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques.Heidelberg:Springer, 2017: 94-124.
	KAMARA S, MOATAZ T. Boolean Searchable Symmetric Encryption with Worst-Case Sub-Linear Complexity[C]// Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques.Heidelberg:Springer, 2017: 94-124.
[110]	FAN J, GUAN C, REN K, et al. SPABox:Safeguarding Privacy During Deep Packet Inspection at A MiddleBox[J]. IEEE/ACM Transactions on Networking, 2017,25(6):3753-3766. doi: 10.1109/TNET.2017.2753044
	FAN J, GUAN C, REN K, et al. SPABox:Safeguarding Privacy During Deep Packet Inspection at A MiddleBox[J]. IEEE/ACM Transactions on Networking, 2017,25(6):3753-3766. doi: 10.1109/TNET.2017.2753044
[111]	NING J T, POH G S, CHIA J, et al. PrivDPI:Privacy-Preserving Encrypted Traffic Inspection with Reusable Obfuscated Rules[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security.Piscataway:IEEE, 2019: 1657-1670.
	NING J T, POH G S, CHIA J, et al. PrivDPI:Privacy-Preserving Encrypted Traffic Inspection with Reusable Obfuscated Rules[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security.Piscataway:IEEE, 2019: 1657-1670.
[112]	FAN Z Q, ZENG Y, ZHU X Y, et al. A Group Key Agreement Based Encrypted Traffic Detection Scheme for Internet of Things[C]// Proceedings of the 1st ACM International Workshop on Security and Safety for Intelligent Cyber-Physical Systems.New York:ACM, 2020: 19-26.
	FAN Z Q, ZENG Y, ZHU X Y, et al. A Group Key Agreement Based Encrypted Traffic Detection Scheme for Internet of Things[C]// Proceedings of the 1st ACM International Workshop on Security and Safety for Intelligent Cyber-Physical Systems.New York:ACM, 2020: 19-26.
[113]	NING J T, HUANG X Y, POH G E, et al. Pine:Enabling Privacy-Preserving Deep Packet Inspection on TLS with Rule-Hiding and Fast Connection Establishment[C]// Proceedings of the European Symposium on Research in Computer Security.Heidelberg:Springer, 2020: 3-22.
	NING J T, HUANG X Y, POH G E, et al. Pine:Enabling Privacy-Preserving Deep Packet Inspection on TLS with Rule-Hiding and Fast Connection Establishment[C]// Proceedings of the European Symposium on Research in Computer Security.Heidelberg:Springer, 2020: 3-22.
[114]	DENG J, DONG W, SOCHER R, et al. ImageNet:A Large-Scale Hierarchical Image Database[C]// Proceedings of the 2009 IEEE Conference on Computer Vision and Pattern Recognition.Piscataway:IEEE, 2009: 248-255.
	DENG J, DONG W, SOCHER R, et al. ImageNet:A Large-Scale Hierarchical Image Database[C]// Proceedings of the 2009 IEEE Conference on Computer Vision and Pattern Recognition.Piscataway:IEEE, 2009: 248-255.
[115]	LIN T Y, MAIRE M, BELONGIE S, et al. Microsoft COCO:Common Objects in Context[C]// Proceedings of the European Conference on Computer Vision.Heidelberg:Springer, 2014: 740-755.
	LIN T Y, MAIRE M, BELONGIE S, et al. Microsoft COCO:Common Objects in Context[C]// Proceedings of the European Conference on Computer Vision.Heidelberg:Springer, 2014: 740-755.
[116]	IYENGAR J, THOMSON M. QUIC:A UDP-Based Multiplexed and Secure Transport[S/OL]. [2019-09-21]. https://tools.ietf.org/html/draft-ietf-quic-transport-23.
	IYENGAR J, THOMSON M. QUIC:A UDP-Based Multiplexed and Secure Transport[S/OL]. [2019-09-21]. https://tools.ietf.org/html/draft-ietf-quic-transport-23.
[117]	SINHA G, KANAGARATHINAM M R, JAYASEELAN S R, et al. CQUIC:Cross-Layer QUIC for Next Generation Mobile Networks[C]// Proceedings of the 2020 IEEE Wireless Communications and Networking Conference(WCNC).Piscataway:IEEE, 2020: 1-8.
	SINHA G, KANAGARATHINAM M R, JAYASEELAN S R, et al. CQUIC:Cross-Layer QUIC for Next Generation Mobile Networks[C]// Proceedings of the 2020 IEEE Wireless Communications and Networking Conference(WCNC).Piscataway:IEEE, 2020: 1-8.
[118]	PENDLEBURY F, PIERAZZI F, JORDANEY R, et al. TESSERACT:Eliminating Experimental Bias in Malware Classification across Space and Time[C]// Proceedings of the 28th USENIX Security Symposium.Piscataway:IEEE, 2019: 729-746.
	PENDLEBURY F, PIERAZZI F, JORDANEY R, et al. TESSERACT:Eliminating Experimental Bias in Malware Classification across Space and Time[C]// Proceedings of the 28th USENIX Security Symposium.Piscataway:IEEE, 2019: 729-746.
[119]	LIPPMAN R, CUNNINGHAM R, FRIED D, et al. Results of the DARPA 1998 Offline Intrusion Detection Evaluation(1998)[R/OL]. [1998-02-01]. https://www.//.mit.edu/r-d/datasets/1998-darpa-intrusion-detection-evaluation-dataset.
	LIPPMAN R, CUNNINGHAM R, FRIED D, et al. Results of the DARPA 1998 Offline Intrusion Detection Evaluation(1998)[R/OL]. [1998-02-01]. https://www.//.mit.edu/r-d/datasets/1998-darpa-intrusion-detection-evaluation-dataset.
[120]	SHIRAVI A, SHIRAVI H, TAVALLAEE M, et al. Toward Developing A Systematic Approach to Generate Benchmark Datasets for Intrusion Detection[J]. Computers and Security, 2012,31(3):357-374. doi: 10.1016/j.cose.2011.12.012
	SHIRAVI A, SHIRAVI H, TAVALLAEE M, et al. Toward Developing A Systematic Approach to Generate Benchmark Datasets for Intrusion Detection[J]. Computers and Security, 2012,31(3):357-374. doi: 10.1016/j.cose.2011.12.012
[121]	Stratosphere Research Laboratory. Index of/public Datasets/CTU-Malware-Capture-Botnet-42 (2020)[DS/OL]. [2020-01-05]. https://mcfp.felk.cvut.cz/public Datasets/CTU-Malware-Capture-Botnet-42.
	Stratosphere Research Laboratory. Index of/public Datasets/CTU-Malware-Capture-Botnet-42 (2020)[DS/OL]. [2020-01-05]. https://mcfp.felk.cvut.cz/public Datasets/CTU-Malware-Capture-Botnet-42.
[122]	ARP D, SPREITZENBARTH M, HUBNER M, et al. DREBIN:Effective and Explainable Detection of Android Malware in Your Pocket[C]// Proceedings of the Network and Distributed System Security Symposium.Piscataway:IEEE, 2014, 23-26.
	ARP D, SPREITZENBARTH M, HUBNER M, et al. DREBIN:Effective and Explainable Detection of Android Malware in Your Pocket[C]// Proceedings of the Network and Distributed System Security Symposium.Piscataway:IEEE, 2014, 23-26.
[123]	CANADIAN INSTITUTE FOR CYBERSECURITY. Intrusion Detection Evaluation Dataset(CIC-IDS 2017)(2017)[R/OL]. [2017-12-31]. http://www.unb.ca/cic/datasets/ids-2017.html.
	CANADIAN INSTITUTE FOR CYBERSECURITY. Intrusion Detection Evaluation Dataset(CIC-IDS 2017)(2017)[R/OL]. [2017-12-31]. http://www.unb.ca/cic/datasets/ids-2017.html.

文献	识别算法	识别目的	详细描述	识别结果
[43]	SVM	5种密码体制	在ECB、CBC模式下,使用SVM识别相同密钥和不同密钥加密生成的密文	ECB模式优于CBC模式
[45]	SVM	5种密码体制	DES、AES、TDES、RC5、Blowfish,共五种密码算法加密后的密文的直方图信息	平均识别准确率约25%
[46]	Adaboost	5类分组密码	对生成的密文进行学习,将识别错误的样本数据再次训练	平均识别准确率约55%
[47-48]	8种不同分类器	分组密码	使用8种不同分类器模型对分组密码进行识别	RF效果的识别最佳
[49]	神经网络	AES5种候选算法	使用神经网络进行密码体制识别	神经网络配置得当时,可以正确分类
[50]	MLP	RC4密钥流和随机密钥流	利用多层感知器学习特征并区分RC4密钥流和随机密钥流	平均识别准确率约69%
[51]	K-means	5种分组密码	分析5种分组密码构成的密码体制,使用K-Means算法识别加密后的密文	若参数合理,密文的识别率约90%
[52-54]	RF	密码体制分层识别	提出密码体制分层识别方案,选择机器学习的RF算法进行识别	多分类任务下准确率约60%~70%
[55]	RF	二分类任务识别	涉及的序列密码算法包括Grain-128、RC4、Salsa	两两识别的平均识别准确率约64%

Research on malicious traffic identification technology in encrypted traffic

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 123

Related Articles 15

Metrics

Comments

Recommended 10

[1]	ZHANG Shudong,GAO Haichang,CAO Xiwen,KANG Shuai. Adaptive fast and targeted adversarial attack for speech recognition [J]. Journal of Xidian University, 2021, 48(1): 168-175.
[2]	DONG Xinfeng,ZHANG Wenzheng,XU Chunxiang. 8 bits lightweight S-box with the Feistel structure [J]. Journal of Xidian University, 2021, 48(1): 69-75.
[3]	WANG Junxiang,HUANG Lin,ZHANG Ying,NI Jiangqun,LIN Lang. Algorithm for the detection of a low complexity contrast enhanced image source [J]. Journal of Xidian University, 2021, 48(1): 96-106.
[4]	YAN Lin,LIU Kai,DUAN Meiyu. Lightweight deep neural network for point cloud classification [J]. Journal of Xidian University, 2020, 47(2): 46-53.
[5]	GUO Songge;LV Donghui;REN Yanli. Improved (k, n) tagged visual cryptography scheme [J]. Journal of Xidian University, 2018, 45(5): 170-176+183.
[6]	SHEN Dongsu;MA Wenping;YIN Xunru;WANG Lili. Improvement of a two-party quantum key agreement protocol [J]. J4, 2015, 42(1): 86-90+186.
[7]	LI Juan;WANG Yuping. New nearest neighbor affinity similarity function based on separation and compactness between samples [J]. J4, 2014, 41(3): 123-130.
[8]	JIANG Mingming;HU Yupu;WANG Baocang;LIU Zhenhua;LAI Qiqi. Proxy re-signature scheme over the lattice [J]. J4, 2014, 41(2): 20-24.
[9]	ZHAO Yongbin;HU Yupu;JIA Yanyan. New design of LFSR based stream ciphers to resist power attack [J]. J4, 2013, 40(3): 172-179+200.
[10]	LIU Dongsu;MIAO Meixia;MA Hua;LIN Ruibin;TIAN Haibo. Digital anti-counterfeiting scheme based on key-exposure free chameleon signature [J]. J4, 2012, 39(5): 24-29.
[11]	SUN Jin;HU Yupu. Fully secure attribute-based broadcast encryption [J]. J4, 2012, 39(4): 23-28+154.
[12]	LI Xuelian;GAO Juntao;HU Yupu;ZHANG Fengrong. Distinguishing attacks on generalized self-shrinking generators [J]. J4, 2012, 39(4): 114-119.
[13]	XIAO Hong;WANG Hong;MA Runnian;CUI Jie. Provably secure threshold FFS signature scheme in the random oracle model [J]. J4, 2011, 38(6): 130-133+151.
[14]	ZHANG Yinghui；LI Hui；MA Hua. Free protocol for the subliminal channels in the Schnorr-type ordinal multi-signature schemes [J]. J4, 2011, 38(3): 140-144.
[15]	HE Ye-feng;MA Wen-ping. One class of highly nonlinear cryptographic functions [J]. J4, 2010, 37(6): 1107-1110.