Abstract: At present, the proportion of encrypted traffic in government and enterprise networks has exceeded 60%, and the trend of threat encryption is becoming more and more obvious. It is difficult for the existing traffic security detection scheme to detect the threat under encrypted traffic, thus, encryption threat detection has become a major problem in the security protection of government and enterprise networks. This paper will explain the current situation, classification of encrypted traffic threats and the research of SSL encryption threat detection technology routes. It presents single model experiment, the multimodel comparison and practical application case description, and proposes a synthesis decision detection technology scheme based on machine learning multimodel , which can realize the detection and identification of SSL encryption threats.Key words machine learning; multimodel; SSL encrypted traffic; encryption threat; synthesis decision-making

Key words: machine learning, multi-model, SSL encrypted traffic, encryption threat, synthesis decision-making

摘要： 当前，政企网络中加密流量占比已超过60%，且威胁加密化的趋势越来越明显，现有的流量安全检测方案很难实现对加密流量下的威胁检测，加密威胁检测也成为目前政企网络安全防护的一大难题.将从加密流量威胁现状、分类以及SSL加密威胁检测技术路线的研究进行阐述，并呈现了单模型实验、多模型对比以及实际应用案例说明，提出了基于机器学习多模型为主的综合决策检测技术方案，可实现对SSL加密威胁的检测和识别.关键词机器学习；多模型；SSL加密流量；加密威胁；综合决策

关键词: 机器学习, 多模型, SSL加密流量, 加密威胁, 综合决策