Research on Network Malicious Traffic Detection Technology Based on  Ensemble Learning Strategy

Abstract

Abstract: Network traffic is the main carrier of network attacks, and the identification and analysis of malicious traffic is an important means to ensure network security. Machine learning method has been widely used in malicious traffic identification, which can achieve high precision identification. In the existing methods, the fusion model is more accurate than the single statistical model, but the depth of network behavior mining is insufficient. This paper proposes a stacking model that identifies multilevel network features and is MultiStacking for malicious traffic. It employs the network behavior patterns of network traffic in different session granularity and combines the robust fitting capability of the stacking model for multidimensional data to deeply heap malicious network behaviors. By verifying the detection capabilities of multiple fusion models on the CICIDS2017 and CICIDS2018 datasets, various detection methods are comprehensively quantified and compared, and the performance of MultiStacking detection methods in MultiStacking scenarios is deeply analyzed. The experimental results show that the malicious traffic detection method based on multilevel stacking can further improve the detection accuracy.

Key words: malicious detection, traffic analysis, ensemble methods, stacking model, multilevel features

摘要： 网络流量是网络攻击的主要载体，对恶意流量识别与分析是保障网络安全的重要手段.机器学习方法已广泛应用于恶意流量识别，能实现较高精度的识别.在现有的方法中，融合模型较单一统计模型更准确，但对网络行为的挖掘深度不足.提出一种面向恶意流量识别的多层次网络特征的堆叠模型MultiStacking，利用网络流量在不同会话粒度的网络行为模式，结合堆叠模型对于多维数据的鲁棒拟合能力，深度挖掘恶意网络行为.通过在CICIDS2017和CICIDS2018数据集上验证多种融合模型的检测能力，综合量化比较各种检测方法，深入分析了MultiStacking检测方法在多类型攻击流量识别场景中的表现.实验结果表明，基于多层次堆叠的恶意流量检测方法可以进一步提升检测精度.

关键词: 恶意识别, 流量分析, 集成方法, 堆叠模型, 多层次特征

高源辰, 徐国胜. 基于集成学习策略的网络恶意流量检测技术研究[J]. 信息安全研究, 2023, 9(8): 730-.

References

［1］Papadogiannaki E, Tsirantonakis G, Ioannidis S. Network intrusion detection in encrypted traffic［C］ Proc of 2022 IEEE Conf on Dependable and Secure Computing (DSC). Piscataway, NJ: IEEE, 2022: 18［2］Wala F B, Cotton C. Unconstrained endpoint security system: UEPTSS［J］. International Journal of Network Security & Its Applications, 2018, 10(2): 112［3］曾勇, 吴正远, 董丽华, 等. 加密流量中的恶意流量识别技术［J］. 西安电子科技大学学报, 2021, 48(3): 170187［4］韩宇, 方滨兴, 崔翔, 等. StealthyFlow: 一种对抗条件下恶意代码动态流量伪装框架［J］. 计算机学报, 2021, 44(5): 948962［5］冀甜甜, 方滨兴, 崔翔, 等. 深度学习赋能的恶意代码攻防研究进展［J］. 计算机学报, 2021, 44(4): 669695［6］王淞, 彭煜玮, 兰海, 等. 数据集成方法发展与展望［J］. 软件学报, 2020, 31(3): 893908［7］Pan Tong, Chen Wei,Long Qian. Network anomaly detection based on ensemble learning［COL］ Proc of the 3rd Int Conf on Computer Science and Communication Technology(ICCSCT). 2022 ［20230712］. https:www.spiedigitallibrary.orgconferenceproceedingsofspie12506125060XNetworkanomalydetectionbasedonensemblelearning10.111712.2662499.full?SSO=1［8］Deepa V, Sudar K M, Deepalakshmi P. Design of ensemble learning methods for DDoS detection in SDN environment［C］ Proc of 2019 Int Conf on Vision Towards Emerging Trends in Communication and Networking (ViTECoN). Piscataway, NJ: IEEE, 2019: 16［9］Neha G,Vinita J,Punam B. CSEIDS: Using cotsensitive deep learning and ensemble algorithms to handle class imbalance in networkbased intrusion detection systems［JOL］. Computers & Security, 2022 ［20230712］. https:www.sciencedirect.comsciencearticleabspiiS0167404821 003230#previewsectioncitedby［10］Zhou Yuyang,Cheng Guang,Jiang Shanqing. Building an efficient intrusion detection system based on feature selection and ensemble classifier［JOL］. Computer Networks, 2020 ［20230712］. https:www.sciencedirect.comsciencearticleabspiiS1389128619314203［11］Mhawi D N, Aldallal A, Hassan S. Advanced feature selection based hybrid ensemble learning algorithms for network intrusion detection systems［J］. Symmetry, 2022, 14(7): 1461［12］Li Jia, Yun Xiaochun,Tian Mao, et al. A method of HTTP malicious traffic detection on mobile networks［C］ Proc of 2019 IEEE Wireless Communications and Networking Conf (WCNC). Piscataway, NJ: IEEE, 2019: 18［13］Torroledo I,Camacho D L,Bahnsen C A. Hunting malicious TLS certificates with deep neural networks［C］ Proc of the 11th ACM Workshop on Artificial Intelligence and Security. New York: ACM, 2018: 6473［14］Suh K,Figueiredo D R, Kurose J, et al. Characterizing and detecting relayed traffic: A casestudy using skype［C］ Proc of INFOCOM’06. Piscataway, NJ: IEEE, 2006［15］Sharafaldin I, Lashkari H A, Ghorbani A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization［COL］ Proc of the 4th Int Conf on Information Systems Security and Privacy. 2018: 108116 ［20230718］. https:www.semanticscholar.orgpaperTowardGeneratingaNewIntrusionDetectionDatasetShara faldinLashkaria27089efabc5f4abd5ddf2be2a409bff41f31199

[1]	. Automatic Analysis and Reproduction Technology of Remote Code Execution Vulnerability Based on Grid System [J]. Journal of Information Security Reserach, 2022, 8(9): 939-.
[2]	. NetSensor Network Traffic Analysis Solution [J]. Journal of Information Security Reserach, 2021, 7(E1): 126-.
[3]	. Network Security of LargeTraffic Retrospective Analysis System for Serving Critical Informational Infrastructures #br# [J]. Journal of Information Security Reserach, 2021, 7(E1): 174-.
[4]	. A Method of User Behavior Analysis Based on Network Flow and Log in Private Network [J]. Journal of Information Security Research, 2020, 6(9): 0-0.
[5]	. Research on Web Traffic Baseline Analysis of Government Website [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[6]	. Detection of Network Storage Covert Channel over ICMP Protocol Based on SVM [J]. Journal of Information Security Research, 2020, 6(2): 122-130.
[7]	. Application Analysis of Big Data in Information Security [J]. Journal of Information Security Research, 2019, 5(7): 599-607.

Research on Network Malicious Traffic Detection Technology Based on Ensemble Learning Strategy

基于集成学习策略的网络恶意流量检测技术研究

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 7

Recommended Articles

Metrics