Encrypted Traffic Detection Technology for Multisession Coordinated #br#
Attack Based on Deep Learning#br#

Journal of Information Security Reserach ›› 2025, Vol. 11 ›› Issue (1): 66-.

Previous Articles Next Articles

Encrypted Traffic Detection Technology for Multisession Coordinated #br# Attack Based on Deep Learning#br#

Zhou Chengsheng1, Meng Nan1, Zhao Xun1, and Qiu Qingfang2

1(Institute of Security, China Academy of Information and Communications Technology, Beijing 100191)
2(China General Certification Center, Beijing 100010)

Online:2025-01-24 Published:2025-02-20

基于深度学习的多会话协同攻击加密流量检测技术研究

周成胜1孟楠1赵勋1邱情芳2

1(中国信息通信研究院安全研究所北京100191)
2(北京鉴衡认证中心有限公司北京100010)

通讯作者: 赵勋硕士，工程师.主要研究方向为网络安全、密码技术、人工智能、大数据. zhaoxun@caict.ac.cn
作者简介:周成胜硕士，高级工程师.主要研究方向为网络安全、大数据、人工智能. zhouchengsheng@caict.ac.cn 孟楠博士，高级工程师.主要研究方向为网络和数据安全、ICT新技术安全领域科研和技术创新、政策和标准制定. mengnan@caict.ac.cn 赵勋硕士，工程师.主要研究方向为网络安全、密码技术、人工智能、大数据. zhaoxun@caict.ac.cn 邱情芳硕士，高级工程师.主要研究方向为新能源信息化、风电场控制系统、物联网安全. qiuqf@cgc.org.cn

Abstract

Abstract: Malicious encrypted traffic detection is currently an important research topic in the field of network security. Attacker used multisession encrypted traffic to achieve multistage coordinated attacks, which is becoming a trend. This paper analyzes the existing problems of current mainstream malicious encrypted traffic detection methods, and proposes an malicious encrypted traffic detection method for multisession coordinated attack scenarios. Based on the advantages of deep learning methods in the field of image recognition, this method extracts multisession features and converts them into images, converting encrypted traffic identification problems into image recognition problems, thereby indirectly realizes malicious encrypted traffic detection. The preliminary test results on the experimental data have verified the effectiveness of the method.

Key words: deep learning, encrypted traffic, multisession, coordinated attack, network security

摘要： 恶意加密攻击流量检测是当前网络安全领域的一项重要研究课题.攻击者利用多会话的加密流量实现多阶段协同攻击正在成为一种发展趋势.分析了目前主流恶意加密流量检测方法存在的问题，提出一种面向多会话协同攻击场景的恶意加密流量检测方法.该方法通过提取多会话特征数据并转换为图像，利用深度学习方法在图像识别领域的优势，将加密流量识别问题转换为图像识别问题，从而间接实现了恶意加密流量检测.基于实验数据的初步测试结果验证了该方法的有效性.

关键词: 深度学习, 加密流量, 多会话, 协同攻击, 网络安全

CLC Number:

TP309

周成胜, 孟楠, 赵勋, 邱情芳, . 基于深度学习的多会话协同攻击加密流量检测技术研究[J]. 信息安全研究, 2025, 11(1): 66-.

References

［1］Dharmapurikar S, Krishnamurthy P, Sproull T, et al. Deep packet inspection using parallel bloom filters［C］ Proc of the 11th Symp on High Performance Interconnects. Piscataway, NJ: IEEE, 2003: 4451［2］Sherry J, Lan C, Popa R A, et al. Blindbox: Deep packet inspection over encrypted traffic［C］ Proc of the 2015 ACM Conf on Special Interest Group on Data Communication. New York: ACM, 2015: 213226［3］Roesch M. Snort: Lightweight intrusion detection for networks［C］ Proc of the 13th USENIX Conf on System Administration. Berkeley, CA: USENIX Association, 1999: 229238［4］Day D, Burns B. A performance analysis of snort and suricata network intrusion detection and prevention engines［C］ Proc of the 5th Int Conf on Digital Society, Gosier, Guadeloupe. 2011: 187192［5］谢峥, 路广平, 付安民. 一种可扩展的实时多步攻击场景重构方法［J］. 信息安全研究, 2023, 9(12): 11731179［6］Anderson B, Mcgrew D. Identifying encrypted malware traffic with contextual flow data［C］ Proc of the 2016 ACM Workshop on Artificial Intelligence and Security (AISec’16). New York: ACM, 2016: 3546［7］Anderson B, Mcgrew D. Machine learning for encrypted malware traffic classification: Accounting for noisy labels and nonstationarity［C］ Proc of the 23rd ACM SIGKDD Int Conf on Knowledge Discovery and Data Mining. New York: ACM, 2017: 17231732［8］Wang W, Zhu M, Zeng X, et al. Malware traffic classification using convolutional neural network for representation learning［C］ Proc of the 2017 Int Conf on Information Networking ICOIN. Piscataway, NJ: IEEE, 2017: 712717［9］Shiravi A, Shiravi H, Tavallaee M, et al. Toward developing a systematic approach to generate benchmark datasets for intrusion detection［J］. Computers & Security, 2012, 31(3): 357374［10］Dainotti A, Pescape A, Claffy K C. Issues and future directions in traffic classification［J］. IEEE Network, 2012, 26(1): 3540［11］Shorten C, Khoshgoftaar T M. A survey on image data augmentation for deep learning［J］. Journal of Big Data, 2019, 6(1): 148［12］Lecun Y, Jackel L D, Bottou L, et al. Learning algorithms for classification: A comparison on handwritten digit recognition［J］. Neural Networks: The Statistical Mechanics Perspective, 1995, 261: 276276［13］Wang Z, Li M, Ou H, et al. A fewshot malicious encrypted traffic detection approach based on modelagnostic metalearning［JOL］. Security and Communication Networks, 2023 ［20241012］. https:doi.org10.115520233629831［14］Github. Suricata git repository maintained by the OISF［EBOL］. ［20241012］. https:github.comOISFsuricata.2021［15］Aceto G, Ciuonzo D, Montieri A, et al. Mobile encrypted traffic classification using deep learning: Experimental evaluation, lessons learned, and challenges［J］. IEEE Trans on Network and Service Management, 2019, 16(2): 445458［16］Aceto G, Ciuonzo D, Montieri A, et al. Toward effective mobile encrypted traffic classification through deep learning［J］. Neurocomputing, 2020, 409: 306315

[1]	. Research on Deep Learningbased Spatiotemporal Feature Fusion Network Intrusion Detection Model [J]. Journal of Information Security Reserach, 2025, 11(2): 122-.
[2]	. A Malicious TLS Traffic Detection Method with Multimodal Features [J]. Journal of Information Security Reserach, 2025, 11(2): 130-.
[3]	. [J]. Journal of Information Security Reserach, 2025, 11(2): 173-.
[4]	. Research of Invisible Backdoor Attack Based on Interpretability [J]. Journal of Information Security Reserach, 2025, 11(1): 21-.
[5]	. Container Anomaly Detection Based on Attention Mechanism and Multiscale Convolutional Neural Network [J]. Journal of Information Security Reserach, 2025, 11(1): 35-.
[6]	. Network Traffic Measurement Based on Multilayer Sketch in SDN [J]. Journal of Information Security Reserach, 2024, 10(9): 840-.
[7]	. Image Processing Model Watermarking Method Based on #br# Attention Mechanism and Passport Layer Embedding#br# [J]. Journal of Information Security Reserach, 2024, 10(9): 849-.
[8]	. Research on Risk Analysis of Opensource Software Supply Chain Security [J]. Journal of Information Security Reserach, 2024, 10(9): 862-.
[9]	. A Review of GPU Acceleration Technology for Deep Learning in Plaintext and Private Computing Environments [J]. Journal of Information Security Reserach, 2024, 10(7): 586-.
[10]	. Model of Intrusion Detection Based on Federated Learning and Convolutional Neural Network [J]. Journal of Information Security Reserach, 2024, 10(7): 642-.
[11]	. Research Advance and Challenges of Fuzzing Techniques [J]. Journal of Information Security Reserach, 2024, 10(7): 668-.
[12]	. Intelligent Fuzzy Testing Method Based on Sequence Generative Adversarial Networks [J]. Journal of Information Security Reserach, 2024, 10(6): 490-.
[13]	. Design of Vulnerability Tracking and Disposal Platform Based on Fine Management of Massive Assets [J]. Journal of Information Security Reserach, 2024, 10(6): 568-.
[14]	. An Automatic Vulnerability Classification Framework Based on BiGRU TextCNN [J]. Journal of Information Security Reserach, 2024, 10(5): 446-.
[15]	. Adversarial Attack Algorithm Based on Multimodel Scheduling Optimization#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(5): 403-.

Encrypted Traffic Detection Technology for Multisession Coordinated #br# Attack Based on Deep Learning#br#

基于深度学习的多会话协同攻击加密流量检测技术研究

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics