基于CNN的加密C&C通信流量识别方法
CNN-based Encrypted C&C Communication Traffic Identification Method
查看参考文献17篇
文摘
|
为实现恶意软件加密C&C通信流量的准确识别,分析正常网页浏览访问和C&C通信的https通信过程,发现恶意软件C&C通信的服务器独立性特征,提出https通信序列建模方法。针对加密通信的行为特点,利用密文十六进制字符的向量表示方法完成加密流量的向量化表达,并采用多窗口卷积神经网络提取加密C&C通信模式的特征,实现加密C&C通信数据流的识别与分类。实验结果表明,该方法识别恶意软件加密C&C流量的准确率高达91.07%。 |
其他语种文摘
|
In order to achieve accurate identification of malware encrypted C&C communication traffic,this paper analyzes the https communication process of normal Webpage browsing access and C&C communication,discovers the server independence feature of malware C&C communication and proposes a sequence modeling method of https communication. Based on the behaviour characteristics of encrypted communication,a vector representation method for hexadecimal characters of ciphertext is used to implement a vectorized expression of encrypted traffic. Multi-window Convolutional Neural Network(CNN) is used to extract the pattern characteristics of encrypted C&C communication and realize the identification and classification of encrypted C&C communication data traffic. Experimental results show that the accuracy of identifying the encrypted C&C communication traffic of malware is 91.07%. |
来源
|
计算机工程
,2019,45(8):31-34,41 【扩展库】
|
DOI
|
10.19678/j.issn.1000-3428.0051218
|
关键词
|
加密流量
;
C&C通信
;
https通信
;
卷积神经网络
;
密文字符表达
|
地址
|
华东理工大学信息科学与工程学院, 上海, 200237
|
语种
|
中文 |
文献类型
|
研究性论文 |
ISSN
|
1000-3428 |
学科
|
自动化技术、计算机技术 |
基金
|
赛尔网络下一代互联网技术创新项目
|
文献收藏号
|
CSCD:6548829
|
参考文献 共
17
共1页
|
1.
Lu Chen.
Network traffic analysis using stochastic grammars,2018
|
CSCD被引
1
次
|
|
|
|
2.
Modi C. A survey of intrusion detection techniques in cloud.
Journal of Network and Computer Applications,2013,36(1):42-57
|
CSCD被引
19
次
|
|
|
|
3.
Schiavoni S. Phoenix: DGA-based botnet tracking and intelligence.
Proceedings of International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment,2014:192-211
|
CSCD被引
1
次
|
|
|
|
4.
Taylor V F. Robust smartphone App identification via encrypted network traffic analysis.
IEEE Transactions on Information Forensics and Security,2017,PP(99):1-10
|
CSCD被引
1
次
|
|
|
|
5.
Muehlstein J.
Analyzing https encrypted traffic to identify user operating system,2018
|
CSCD被引
1
次
|
|
|
|
6.
陈瑞东. 基于模糊聚类的僵尸网络识别技术.
计算机工程,2018,44(10):46-50
|
CSCD被引
2
次
|
|
|
|
7.
Lamprakis P. Unsupervised detection of APT C& C channels using Web request graphs.
Proceedings of International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment,2017:366-387
|
CSCD被引
1
次
|
|
|
|
8.
Cabaj K.
Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics,2018
|
CSCD被引
1
次
|
|
|
|
9.
安全客.
恶意勒索软件teslacrypt分析,2018
|
CSCD被引
1
次
|
|
|
|
10.
Mikolov T.
Efficient estimation of word representations in vector space,2018
|
CSCD被引
30
次
|
|
|
|
11.
Le H T.
Do convolutional networks need to be deep for text classification?,2018
|
CSCD被引
1
次
|
|
|
|
12.
Er M J. Attention pooling-based convolutional neural network for sentence modelling.
Information Sciences,2016,373:388-403
|
CSCD被引
6
次
|
|
|
|
13.
.
Contagiodump blog,2018
|
CSCD被引
1
次
|
|
|
|
14.
.
Malware capture facility project,2018
|
CSCD被引
1
次
|
|
|
|
15.
.
Pcapanalysis,2018
|
CSCD被引
1
次
|
|
|
|
16.
Zhang H. BotTalker: generating encrypted,customizable C&C traces.
Proceedings of IEEE International Symposium on Technologies for Homeland Security,2015:1-6
|
CSCD被引
1
次
|
|
|
|
17.
FireEye.
magniber ransomware wants to infect only the right people,2018
|
CSCD被引
1
次
|
|
|
|
|