Encrypted Malicious Traffic Detection Based on Hidden Markov Model

被引:0
作者
Zou F.-T. [1 ]
Yu T.-D. [1 ]
Xu W.-L. [1 ]
机构
[1] School of Cyber Science and Engineering, Shanghai Jiao Tong University, Shanghai
来源
Ruan Jian Xue Bao/Journal of Software | 2022年 / 33卷 / 07期
关键词
encrypted malicious traffic detection; gene sequence; hidden Markov model; malware;
D O I
10.13328/j.cnki.jos.006282
中图分类号
学科分类号
摘要
In recent years, with the popularization of network encryption technology, malicious attacks using network encryption technology have increased year by year. Traditional detection methods that rely on the content of data packets are now unable to effectively deal with malware attacks hidden in encrypted traffic. In order to deal with the detection of encrypted malicious traffic under different protocols, this study proposes an encrypted malicious traffic detection algorithm based on profile HMM. This method uses the genetic sequence comparison analysis in bioinformatics to realize the identification of encrypted attack traffic by matching key gene sub-sequences. Open source datasets are used to conduct experiments under different conditions, the results demonstrate the effectiveness of the algorithm. In addition, two methods of evasion detection are designed, and experiments have also verified that the algorithm has a better performance to resist evasion detection. Compared with the existing research, the work of this study has a wide range of application scenarios and higher detection accuracy. It provides a more effective solution to the research field of malware detection based on encrypted traffic. © 2022 Chinese Academy of Sciences. All rights reserved.
引用
收藏
页码:2683 / 2698
页数:15
相关论文
共 32 条
[1]  
Barmpatsalou K, Cruz T, Monteiro E, Simoes P., Current and future trends in mobile device forensics: A survey, ACM Computing Surveys (CSUR), 51, 3, (2018)
[2]  
Yaacoubi O., The rise of encrypted malware, Network Security, 2019, 5, (2019)
[3]  
Anderson B, Paul S, Mcgrew D., Deciphering Malware’s use of TLS (without decryption), Journal of Computer Virology and Hacking Techniques, 14, 3, (2018)
[4]  
Rossow C, Dietrich CJ., ProVeX: Detecting botnets with encrypted command and control channels, Proc. of the 10th Int’l Conf. on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 21-40, (2013)
[5]  
Antonakakis M, April T, Bailey M, Et al., Understanding the Mirai botnet, Proc. of the 26th USENIX Security Symp. (USENIX Security 2017), (2017)
[6]  
Gu G, Perdisci R, Zhang J, Et al., BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection, Proc. of the Conf. on Security Symp. USENIX Association, pp. 139-154, (2008)
[7]  
Zhang XB, Lam SS, Lee DY, Et al., Protocol design for scalable and reliable group rekeying, IEEE/ACM Trans. on Networking, 11, 6, (2003)
[8]  
Nguyen TTT, Armitage G., A survey of techniques for Internet traffic classification using machine learning, Communications Surveys & Tutorials, 10, 4, (2008)
[9]  
Dainotti A, Pescape A, Claffy KC., Issues and future directions in traffic classification, Network IEEE, 26, 1, (2012)
[10]  
Namdev N, Agrawal S, Silkari S., Recent advancement in machine learning based Internet traffic classification, Procedia Computer Ence, 60, pp. 784-791, (2015)
1234