Hybrid Neural Network Encrypted Malicious Traffic Detection  in the Industrial Internet with Domain Adaptation

Journal of Information Security Reserach ›› 2025, Vol. 11 ›› Issue (5): 457-.

Previous Articles Next Articles

Hybrid Neural Network Encrypted Malicious Traffic Detection in the Industrial Internet with Domain Adaptation

Zhang Haohe, Han Gang, Yang Tiantian, and Huang Rui

(School of Cyberspace Security, Xi’an University of Posts and Telecommunications, Xi’an 710121)
(State Key Laboratory of Integrated Services Networks (Xidian University), Xi’an 710126)

Online:2025-06-03 Published:2025-06-03

工业互联网中融入域适应的混合神经网络加密恶意流量检测

张浩和韩刚杨甜甜黄睿

(西安邮电大学网络空间安全学院西安710121)
(空天地一体化综合业务网全国重点实验室(西安电子科技大学)西安710126)

通讯作者: 张浩和硕士研究生.主要研究方向为加密恶意流量检测. 18165116501@163.com
作者简介:张浩和硕士研究生.主要研究方向为加密恶意流量检测. 18165116501@163.com 韩刚博士，副教授.主要研究方向为区块链技术、数据安全共享、访问控制. hangang668866@163.com 杨甜甜硕士研究生.主要研究方向为可搜索代理重加密、隐私保护. ttyang6120@163.com 黄睿硕士研究生.主要研究方向为区块链隐私保护. hrui6189@gmail.com

Abstract

Abstract: With the rapid development of information technology in the field of industrial control, the industrial Internet has become a major target for cyberattacks, making malicious traffic detection increasingly important. However, the widespread use of encryption allows attackers to easily hide malicious communication content, rendering traditional contentbased detection methods ineffective. This paper proposes an encrypted malicious traffic detection scheme based on a hybrid neural network and domain adaptation. The scheme integrates ResNet, ResNext, DenseNet, and similarity detection algorithms to construct a hybrid neural network. On this basis, a domain adaptation module is added to reduce data bias. By preprocessing streams from a public industrial Internet dataset, deep features are extracted from encrypted traffic without decryption. The hybrid neural network outputs higherdimensional feature vectors that leverage the strengths of each model. A domain classifier within the domain adaptation module enhances the model’s stability and generalization across different network environments and time periods, enabling accurate classification of malicious traffic. Experimental results show that the proposed scheme improves accuracy and efficiency in detecting encrypted malicious traffic.

Key words: industrial Internet, hybrid neural network, encrypted malicious traffic, similarity detection, domain adaptation

摘要： 随着信息化技术在工控领域的快速发展，工业互联网逐渐成为网络攻击的重要目标，恶意流量检测显得尤为重要.然而，加密技术的普及使得攻击者可以轻松隐藏恶意通信内容，传统基于内容分析的流量检测方法已难以有效应对.提出一种基于混合神经网络和域适应的加密恶意流量检测方案，融合ResNet网络、ResNext网络、DenseNet网络和相似度检测算法构建混合神经网络.在此基础上，加入域适应模块减少数据的偏差.通过对工业互联网公共数据集进行流预处理，在勿需解密流量的情况下从加密流量中提取深层次特征，使用混合神经网络输出一组充分利用各模型特长的更高维特征向量，随后采用域适应模块中的域分类器提升模型在不同的网络环境和时间段的稳定性和泛化能力.实验结果表明，提出的方案在加密恶意流量检测任务上表现出较好的性能和效率，提高了加密恶意流量检测的准确性.

关键词: 工业互联网, 混合神经网络, 加密恶意流量, 相似度检测, 域适应

CLC Number:

TP393.0

张浩和, 韩刚, 杨甜甜, 黄睿, . 工业互联网中融入域适应的混合神经网络加密恶意流量检测[J]. 信息安全研究, 2025, 11(5): 457-.

References

［1］Nuaimi M, Fourati L C, Hamed B B. Intelligent approaches toward intrusion detection systems for Industrial Internet of things: A systematic comprehensive review［J］. Journal of Network and Computer Applications, 2023, 215: 103637［2］Zheng Wenbo, Gou Chao, Yan Lan. et al. Learning to classify: A flowbased relation network for encrypted traffic classification［C］ Proc of the Web Conference 2020. New York: ACM, 2020: 1322［3］Sen S, Spatscheck O, Wang D. Accurate, scalable innetwork identification of P2P traffic using application signatures［C］ Proc of the 13th Int Companion Conf on World Wide Web. New York: ACM, 2004: 512521［4］De Lucia M J, Cotton C. Detection of encrypted malicious network traffic using machine learning［C］ Proc of 2019 IEEE Military Communications Conference (MILCOM 2019). Piscataway, NJ: IEEE, 2019: 16［5］Banadaki Y M, Robert S. Detecting malicious dns over https traffic in domain name system using machine learning classifiers［J］. Journal of Computer Sciences and Applications, 2020, 8(2): 4655［6］Diwan T D, Choubey S, Hota H S. et al. Feature entropy estimation (FEE) for malicious IoT traffic and detection using machine learning［J］. Mobile Information Systems, 2021, 2021(1): 113［7］童家铖, 陈伟, 倪嘉翼, 等. 面向加密恶意流量的噪声标签检测方法［J］. 信息安全研究, 2023, 9(10): 10231027［8］高源辰, 徐国胜. 基于集成学习策略的网络恶意流量检测技术研究［J］. 信息安全研究, 2023, 9(8): 730738［9］Xia Peipei, Zhang Li, Li Fanzhang. Learning similarity with cosine similarity ensemble［J］. Information Sciences, 2015, 307: 3952［10］李道全, 鲁晓夫, 杨乾乾. 基于孪生神经网络的恶意流量检测方法［J］. 计算机工程与应用, 2022, 58(14): 8995［11］Rong Candong, Gou Gaopeng, Cui Mingxin. et al. Malfinder: An ensemble learningbased framework for malicious traffic detection［C］ Proc of 2020 IEEE Symp on Computers and Communications (ISCC). Piscataway, NJ: IEEE, 2020: 77［12］Bazuhair W, Lee W. Detecting malign encrypted network traffic using perlin noise and convolutional neural network［C］ Proc of the 10th Annual Computing and Communication Workshop and Conference (CCWC). Piscataway, NJ: IEEE, 2020: 02000206［13］Gao Minghui, Ma Li, Liu Heng. et al. Malicious network traffic detection based on deep neural networks and association analysis［J］. Sensors, 2020, 20(5): 1452［14］Alalwany E, Mahgoub I. Classification of normal and malicious traffic based on an ensemble of machine learning for a vehicle CANnetwork［J］. Sensors, 2022, 22(23): 9195

[1]	. Industrial Internet Data Sharing Scheme with Attributebased #br# Proxy Reencryption in Cloudchain Collaboration#br# [J]. Journal of Information Security Reserach, 2025, 11(5): 427-.
[2]	. Research on Industrial Internet Commercial Cryptography Application System#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(6): 519-.
[3]	. Research on Traceability Techniques of Anomalous Behavior Correlation Analysis Attacks for Industrial Internet Devices#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(6): 532-.
[4]	. Zerotrust Dynamic Authentication to Resist APT Identity Compromise [J]. Journal of Information Security Reserach, 2024, 10(10): 928-.
[5]	. Research on Commercial Cryptography Application to Industrial Internet [J]. Journal of Information Security Reserach, 2023, 9(9): 851-.
[6]	. [J]. Journal of Information Security Reserach, 2022, 8(6): 554-.
[7]	. [J]. Journal of Information Security Reserach, 2022, 8(6): 595-.
[8]	. Exploration on the Construction of Data Security System of Industrial Internet Platform in Energy Industry [J]. Journal of Information Security Reserach, 2022, 8(4): 386-.
[9]	. Topsec Industrial Intrusion Detection and Audit System [J]. Journal of Information Security Reserach, 2021, 7(E1): 67-.
[10]	. Research on the Application of Beidou Space-time Information in the Field of Industrial Internet Security [J]. Journal of Information Security Reserach, 2021, 7(10): 989-.
[11]	. Research on Industrial Internet Security Monitoring Audit and Trend Awareness Technology [J]. Journal of Information Security Research, 2020, 6(11): 0-0.
[12]	. Research and Analysis on Security Operation and Maintenance of Industrial Internet [J]. Journal of Information Security Research, 2019, 5(8): 663-667.
[13]	. Security Situation and Threats Analysis of Industrial Internet in China and Abroad [J]. Journal of Information Security Research, 2019, 5(8): 728-733.
[14]	. Beijing Gas Group Industrial Internet Security Operation Platform Construction and Practice [J]. Journal of Information Security Research, 2019, 5(8): 734-739.

Hybrid Neural Network Encrypted Malicious Traffic Detection in the Industrial Internet with Domain Adaptation

工业互联网中融入域适应的混合神经网络加密恶意流量检测

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 14

Recommended Articles

Metrics