摘要
为实现恶意软件加密C& C通信流量的准确识别,分析正常网页浏览访问和C& C通信的https通信过程,发现恶意软件C& C通信的服务器独立性特征,提出https通信序列建模方法。针对加密通信的行为特点,利用密文十六进制字符的向量表示方法完成加密流量的向量化表达,并采用多窗口卷积神经网络提取加密C& C通信模式的特征,实现加密C& C通信数据流的识别与分类。实验结果表明,该方法识别恶意软件加密C& C流量的准确率高达91.07 %。
In order to achieve accurate identification of malware encrypted C& C communication traffic,this paper analyzes the https communication process of normal Webpage browsing access and C& C communication,discovers the server independence feature of malware C& C communication and proposes a sequence modeling method of https communication.Based on the behaviour characteristics of encrypted communication,a vector representation method for hexadecimal characters of ciphertext is used to implement a vectorized expression of encrypted traffic.Multi-window Convolutional Neural Network(CNN) is used to extract the pattern characteristics of encrypted C& C communication and realize the identification and classification of encrypted C& C communication data traffic.Experimental results show that the accuracy of identifying the encrypted C& C communication traffic of malware is 91.07 %.
作者
程华
谢金鑫
陈立皇
CHENG Hua;XIE Jinxin;CHEN Lihuang(School of Information Science and Engineering,East China University of Science and Technology,Shanghai 200237,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2019年第8期31-34,41,共5页
Computer Engineering
基金
赛尔网络下一代互联网技术创新项目(NGII20160606)
关键词
加密流量
C&C通信
https通信
卷积神经网络
密文字符表达
encrypted traffic
C& C communication
https communication
Convolutional Neural Network(CNN)
ciphertext character expression
