摘要
网络流量检测是实现网络整体安全态势感知的主要手段,通过采集网络流量、脆弱性、安全事件和威胁情报等数据,利用大数据和机器学习技术,分析网络行为及用户行为等因素构成的整个网络当前状态和变化趋势,并预测网络安全状态发展趋势。随着密码技术的广泛应用,网络中存在着越来越多的加密流量,如HTTPS、VPN流量;由于加密技术的使用,破坏了明文数据的统计特点、数据格式等,用通用的流量检测方法很难有效检测加密流量,基于加密技术的随机性、网络上下文等,结合人工智能技术和机器学习方法,研究和设计了网络加密流量检测体系框架、方法和关键技术,对加密流量的检测具有较强的指导意义。
Monitoring and analysis of the Networks traffic is the main method to realize the security situation.through collecting the network traffic,vulnerability,security events and threat intelligence.People use big data and machine learning techniques to analyze the network behavior and user behavior,then to know the whole network current and trend status.With the widespread application of cryptography,there are more and more encrypted traffic in the network,such as HTTPS and VPN traffic.Due to using of encryption technology,the statistical characteristics and data format of plaintext data are destroyed.It is difficult to effectively detect encrypted traffic with the general traffic method.The randomness and network context of encrypted traffic,Based on Artificial Intelligence and Machine learning,analyze the framework,methods and key technology of encrypted traffic detection.It is significance to the encrypted traffic detection.
作者
王瑛
张文科
罗影
秦体红
孙付
WANG Ying;ZHANG Wen-ke;LUO Ying;QIN Ti-hong;SUN Fu(The 30th Research Institute of CETC,Chengdu Sichuan 610041,China;Westone Information Industry,Ltd.,Chengdu Sichuan 610041,China;Chengdu Branch of Xinsheng Intelligent Technology Co.,Ltd,Chengdu Sichuan 610041,China;Beijing Century Xin'an Technology Co.,Ltd,Beijing 100039,China;Chengdu Branch of Beijing Huayuan blockchain Technology Co.,Ltd,Chengdu Sichuan 610041,China)
出处
《信息安全与通信保密》
2020年第2期98-105,共8页
Information Security and Communications Privacy
关键词
加密流量检测
态势感知
人工智能
机器学习
内容识别
encrypted traffic detection
situational awareness
artificial intelligence
machine learning
content recognition