While encryption technology safeguards the security of network communications,malicious traffic also uses encryption protocols to obscure its malicious behavior.To address the issues of traditional machine learning me...While encryption technology safeguards the security of network communications,malicious traffic also uses encryption protocols to obscure its malicious behavior.To address the issues of traditional machine learning methods relying on expert experience and the insufficient representation capabilities of existing deep learning methods for encrypted malicious traffic,we propose an encrypted malicious traffic classification method that integrates global semantic features with local spatiotemporal features,called BERT-based Spatio-Temporal Features Network(BSTFNet).At the packet-level granularity,the model captures the global semantic features of packets through the attention mechanism of the Bidirectional Encoder Representations from Transformers(BERT)model.At the byte-level granularity,we initially employ the Bidirectional Gated Recurrent Unit(BiGRU)model to extract temporal features from bytes,followed by the utilization of the Text Convolutional Neural Network(TextCNN)model with multi-sized convolution kernels to extract local multi-receptive field spatial features.The fusion of features from both granularities serves as the ultimate multidimensional representation of malicious traffic.Our approach achieves accuracy and F1-score of 99.39%and 99.40%,respectively,on the publicly available USTC-TFC2016 dataset,and effectively reduces sample confusion within the Neris and Virut categories.The experimental results demonstrate that our method has outstanding representation and classification capabilities for encrypted malicious traffic.展开更多
软件定义网络(Software Defined Network,SDN)是一种新的计算机网络架构,能够适应网络规模不断增长的趋势,已得到广泛部署。但SDN独特的架构引入了新的攻击面,攻击者可以针对不同的脆弱点进行攻击。基于网络监控的思想,提出一种SDN网络...软件定义网络(Software Defined Network,SDN)是一种新的计算机网络架构,能够适应网络规模不断增长的趋势,已得到广泛部署。但SDN独特的架构引入了新的攻击面,攻击者可以针对不同的脆弱点进行攻击。基于网络监控的思想,提出一种SDN网络恶意流量检测和防御方法,通过监控链路流量并使用改进的卷积神经网络模型进行恶意流量识别,提高了恶意流量检测准确性和效率,可以检测网络中的恶意流量并进行防御。实验测试结果表明,文章的方法对恶意流量的检测准确率达到95%以上,并能进行有效防御,可以有效提升SDN安全性。展开更多
基金This research was funded by National Natural Science Foundation of China under Grant No.61806171Sichuan University of Science&Engineering Talent Project under Grant No.2021RC15+2 种基金Open Fund Project of Key Laboratory for Non-Destructive Testing and Engineering Computer of Sichuan Province Universities on Bridge Inspection and Engineering under Grant No.2022QYJ06Sichuan University of Science&Engineering Graduate Student Innovation Fund under Grant No.Y2023115The Scientific Research and Innovation Team Program of Sichuan University of Science and Technology under Grant No.SUSE652A006.
文摘While encryption technology safeguards the security of network communications,malicious traffic also uses encryption protocols to obscure its malicious behavior.To address the issues of traditional machine learning methods relying on expert experience and the insufficient representation capabilities of existing deep learning methods for encrypted malicious traffic,we propose an encrypted malicious traffic classification method that integrates global semantic features with local spatiotemporal features,called BERT-based Spatio-Temporal Features Network(BSTFNet).At the packet-level granularity,the model captures the global semantic features of packets through the attention mechanism of the Bidirectional Encoder Representations from Transformers(BERT)model.At the byte-level granularity,we initially employ the Bidirectional Gated Recurrent Unit(BiGRU)model to extract temporal features from bytes,followed by the utilization of the Text Convolutional Neural Network(TextCNN)model with multi-sized convolution kernels to extract local multi-receptive field spatial features.The fusion of features from both granularities serves as the ultimate multidimensional representation of malicious traffic.Our approach achieves accuracy and F1-score of 99.39%and 99.40%,respectively,on the publicly available USTC-TFC2016 dataset,and effectively reduces sample confusion within the Neris and Virut categories.The experimental results demonstrate that our method has outstanding representation and classification capabilities for encrypted malicious traffic.
文摘软件定义网络(Software Defined Network,SDN)是一种新的计算机网络架构,能够适应网络规模不断增长的趋势,已得到广泛部署。但SDN独特的架构引入了新的攻击面,攻击者可以针对不同的脆弱点进行攻击。基于网络监控的思想,提出一种SDN网络恶意流量检测和防御方法,通过监控链路流量并使用改进的卷积神经网络模型进行恶意流量识别,提高了恶意流量检测准确性和效率,可以检测网络中的恶意流量并进行防御。实验测试结果表明,文章的方法对恶意流量的检测准确率达到95%以上,并能进行有效防御,可以有效提升SDN安全性。