面向6G流量监控:基于图神经网络的加密恶意流量检测方法

Towards traffic supervision in 6G:a graph neural network-based encrypted malicious traffic detection method

6G作为下一代移动通信技术演进的重要方向,将全面推动经济社会数字化浪潮.6G网络承载的众多业务将依赖于实体间共享和协同处理海量的数据,数据安全显得尤为重要.当前多数网络应用都会使用SSL/TLS加密协议来保障网络通信的机密性与安全性.然而,加密机制在保障数据安全的同时也给网络安全监管带来了巨大的挑战.尽管针对传统网络的加密恶意流量检测已成为研究热点,但现有技术无法直接应用于6G网络.在海量异构终端即时、无限制通信的6G网络中,网络通信行为模式更加多样化,这使得正常流量与恶意流量的边界相较于传统网络更加模糊,深入分析并利用网络服务相关性与通信行为相关性对加密恶意流量检测有着重要的价值.然而,现有研究不管是对加密流量进行孤立分析还是聚合分析,都忽略了加密流量间丰富的相关关系.为此,我们面向未来6G网络的网络安全问题提出了基于图神经网络的加密恶意流量检测方法ET-RSGAT.首先,针对6G网络超高速率、超大连接的特点,我们设计了便捷的加密流量特征提取方法:为单条加密会话提取其TLS握手原始字节、TLS记录长度序列等特征表示;其次,考虑到6G网络中海量异构终端互联、多源异质数据共存,我们从网络服务相关性和通信行为相关性这两个方面分析加密会话之间的相关关系,并构建加密流量图ETG.在ETG的基础上,我们引入图注意力网络,充分利用相关关系来丰富节点的特征表示.在更加丰富的节点特征表示的基础上,我们基于多层感知器构建检测模型来识别威胁.考虑到当前6G网络的仿真环境不成熟,我们针对6G网络海量异构终端互联的特点,部署多种异构终端节点并运行各类网络服务来模拟6G通信场景并设计了相关实验对本方法进行了评价.实验结果表明,本方法能够同时在传统网络与模拟环境数据集中取得令人满意的检测结果.

As an important direction for the evolution of next-generation wireless communication technology,6G will comprehensively promote the wave of economic and social digitization.Services carried by 6G network will rely heavily on the sharing and processing of massive amounts of data between entities,data security is therefore of great importance.Currently,most network applications utilize SSL/TLS protocols to ensure the confidentiality and security of network communications,while encryption mechanism also brings huge challenges to network security supervision.Though encrypted malicious traffic detection in traditional networks has become a research hotspot,existing technologies cannot be directly applied in 6G networks.In a 6G network with massive,instant and unlimited communications between heterogeneous terminals,network communication behavior patterns are much more diversified,which makes the boundary between normal traffic and malicious traffic more blurred in 6G networks than in traditional networks.Existing studies either analyze encrypted traffic in isolation or aggregation,while they all ignore the rich correlations among encrypted traffic.To this end,we propose an encrypted malicious traffic detection framework based on the graph neural network towards the network security problem of future 6G networks,ET-RSGAT.First,considering the characteristics of super high speed and super large connection of 6G network,we design a simple feature extraction method of encrypted traffic:extracting the TLS handshake raw bytes and TLS record length sequence for one single encrypted session.Second,in view of the correlations of large numbers of heterogeneous terminals and the coexistence of multi-source heterogeneous data communication in 6G networks,we analyze the correlations between encrypted sessions from 2 aspects,which are service correlations and communication behavior correlations.Then we construct an encrypted traffic graph,named ETG.On the basis of ETG,we introduce a graph attention network to utilize the correlations between encrypted sessions to enrich the feature representation of nodes.With rich representation,we build the detection model based on a multi-layer perceptron to identify threats.Considering that the simulation environment of 6G networks is immature,we deploy a variety of heterogeneous terminal nodes and run various network services to simulate the 6G communication scenario,and design related experiments for the interconnection of many heterogeneous terminals in 6G networks.The evaluation and experimental results show that our method can obtain satisfactory detection results in both traditional network and simulated environment datasets.