帮助 关于我们

返回检索结果

基于CNN的加密C&C通信流量识别方法
CNN-based Encrypted C&C Communication Traffic Identification Method

查看参考文献17篇

文摘 为实现恶意软件加密C&C通信流量的准确识别,分析正常网页浏览访问和C&C通信的https通信过程,发现恶意软件C&C通信的服务器独立性特征,提出https通信序列建模方法。针对加密通信的行为特点,利用密文十六进制字符的向量表示方法完成加密流量的向量化表达,并采用多窗口卷积神经网络提取加密C&C通信模式的特征,实现加密C&C通信数据流的识别与分类。实验结果表明,该方法识别恶意软件加密C&C流量的准确率高达91.07%。
其他语种文摘 In order to achieve accurate identification of malware encrypted C&C communication traffic,this paper analyzes the https communication process of normal Webpage browsing access and C&C communication,discovers the server independence feature of malware C&C communication and proposes a sequence modeling method of https communication. Based on the behaviour characteristics of encrypted communication,a vector representation method for hexadecimal characters of ciphertext is used to implement a vectorized expression of encrypted traffic. Multi-window Convolutional Neural Network(CNN) is used to extract the pattern characteristics of encrypted C&C communication and realize the identification and classification of encrypted C&C communication data traffic. Experimental results show that the accuracy of identifying the encrypted C&C communication traffic of malware is 91.07%.
来源 计算机工程 ,2019,45(8):31-34,41 【扩展库】
DOI 10.19678/j.issn.1000-3428.0051218
关键词 加密流量 ; C&C通信 ; https通信 ; 卷积神经网络 ; 密文字符表达
地址

华东理工大学信息科学与工程学院, 上海, 200237

语种 中文
文献类型 研究性论文
ISSN 1000-3428
学科 自动化技术、计算机技术
基金 赛尔网络下一代互联网技术创新项目
文献收藏号 CSCD:6548829

参考文献 共 17 共1页

1.  Lu Chen. Network traffic analysis using stochastic grammars,2018 CSCD被引 1    
2.  Modi C. A survey of intrusion detection techniques in cloud. Journal of Network and Computer Applications,2013,36(1):42-57 CSCD被引 19    
3.  Schiavoni S. Phoenix: DGA-based botnet tracking and intelligence. Proceedings of International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment,2014:192-211 CSCD被引 1    
4.  Taylor V F. Robust smartphone App identification via encrypted network traffic analysis. IEEE Transactions on Information Forensics and Security,2017,PP(99):1-10 CSCD被引 1    
5.  Muehlstein J. Analyzing https encrypted traffic to identify user operating system,2018 CSCD被引 1    
6.  陈瑞东. 基于模糊聚类的僵尸网络识别技术. 计算机工程,2018,44(10):46-50 CSCD被引 2    
7.  Lamprakis P. Unsupervised detection of APT C& C channels using Web request graphs. Proceedings of International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment,2017:366-387 CSCD被引 1    
8.  Cabaj K. Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics,2018 CSCD被引 1    
9.  安全客. 恶意勒索软件teslacrypt分析,2018 CSCD被引 1    
10.  Mikolov T. Efficient estimation of word representations in vector space,2018 CSCD被引 30    
11.  Le H T. Do convolutional networks need to be deep for text classification?,2018 CSCD被引 1    
12.  Er M J. Attention pooling-based convolutional neural network for sentence modelling. Information Sciences,2016,373:388-403 CSCD被引 6    
13.  . Contagiodump blog,2018 CSCD被引 1    
14.  . Malware capture facility project,2018 CSCD被引 1    
15.  . Pcapanalysis,2018 CSCD被引 1    
16.  Zhang H. BotTalker: generating encrypted,customizable C&C traces. Proceedings of IEEE International Symposium on Technologies for Homeland Security,2015:1-6 CSCD被引 1    
17.  FireEye. magniber ransomware wants to infect only the right people,2018 CSCD被引 1    
引证文献 7

1 连晓伟 基于载荷特征与统计特征的Shodan流量识别 计算机工程,2021,47(1):117-122
CSCD被引 1

2 蒋彤彤 基于层次时空特征与多头注意力的恶意加密流量识别 计算机工程,2021,47(7):101-108
CSCD被引 8

显示所有7篇文献

论文科学数据集
PlumX Metrics
相关文献

 作者相关
 关键词相关
 参考文献相关

版权所有 ©2008 中国科学院文献情报中心 制作维护:中国科学院文献情报中心
地址:北京中关村北四环西路33号 邮政编码:100190 联系电话:(010)82627496 E-mail:cscd@mail.las.ac.cn 京ICP备05002861号-4 | 京公网安备11010802043238号