[1] DAI R,GAO C,LANG B,et al.SSL malicious traffic detection based on multi-view features[C]//Proceedings of the 9th International Conference on Communication and Network Security.New York,USA:ACM Press,2019:40-46. [2] GALLAGHER S.Nearly half of malware now use TLS to conceal communications[EB/OL].(2021-04-21)[2022-04-20].https://news.sophos.com/en-us/2021/04/21/nearly-half-of-malware-now-use-tls-to-conceal-communications/. [3] 潘吴斌,程光,郭晓军,等.网络加密流量识别研究综述及展望[J].通信学报,2016,37(9):154-167. PAN W B,CHENG G,GUO X J,et al.Review and perspective on encrypted traffic identification research[J].Journal on Communications,2016,37(9):154-167.(in Chinese) [4] 骆子铭,许书彬,刘晓东.基于机器学习的TLS恶意加密流量检测方案[J].网络与信息安全学报,2020,6(1):77-83. LUO Z M,XU S B,LIU X D.Scheme for identifying malware traffic with TLS data based on machine learning[J].Chinese Journal of Network and Information Security,2020,6(1):77-83.(in Chinese) [5] FERRAG M A,MAGLARAS L,MOSCHOYIANNIS S,et al.Deep learning for cyber security intrusion detection:approaches,datasets,and comparative study[J].Journal of Information Security and Applications,2020,50:102419. [6] REZAEI S,LIU X.Deep learning for encrypted traffic classification:an overview[J].IEEE Communications Magazine,2019,57(5):76-81. [7] SHEN M,WEI M W,ZHU L H,et al.Classification of encrypted traffic with second-order Markov chains and application attribute bigrams[J].IEEE Transactions on Information Forensics and Security,2017,12(8):1830-1843. [8] DE LUCIA M J,COTTON C.Detection of encrypted malicious network traffic using machine learning[C]//Proceedings of IEEE Military Communications Conference.Washington D.C.,USA:IEEE Press,2019:1-6. [9] YU K F,HARANG R E.Machine learning in malware traffic classifications[C]//Proceedings of IEEE Military Communications Conference.Washington D.C.,USA:IEEE Press,2017:6-10. [10] 蒋彤彤,尹魏昕,蔡冰,等.基于层次时空特征与多头注意力的恶意加密流量识别[J].计算机工程,2021,47(7):101-108. JIANG T T,YIN W X,CAI B,et al.Encrypted malicious traffic identification based on hierarchical spatiotemporal feature and multi-head attention[J].Computer Engineering,2021,47(7):101-108.(in Chinese) [11] LIU C,HE L,XIONG G,et al.FS-net:a flow sequence network for encrypted traffic classification[C]//Proceedings of IEEE Conference on Computer Communications.Washington D.C.,USA:IEEE Press,2019:1171-1179. [12] YANG H,HE Q,LIU Z,et al.Malicious encryption traffic detection based on NLP[J].Security and Communication Networks,2021,2021:13-22. [13] ANDERSON B,PAUL S,MCGREW D.Deciphering malware's use of TLS(without decryption)[J].Journal of Computer Virology and Hacking Techniques,2018,14(3):195-211. [14] CHEN Y C,LI Y J,TSENG A,et al.Deep learning for malicious flow detection[C]//Proceedings of the 28th Annual International Symposium on Personal,Indoor,and Mobile Radio Communications.Washington D.C.,USA:IEEE Press,2017:1-7. [15] BARUT O,ZHU R,LUO Y,et al.TLS encrypted application classification using machine learning with flow feature engineering[C]//Proceedings of the 10th International Conference on Communication and Network Security.New York,USA:ACM Press,2020:32-41. [16] 胡斌,周志洪,姚立红,等.结合报文负载与流指纹特征的恶意流量检测[J].计算机工程,2020,46(11):157-163. HU B,ZHOU Z H,YAO L H,et al.Malicious traffic detection combining features of packet payload and stream fingerprint[J].Computer Engineering,2020,46(11):157-163.(in Chinese) [17] GARCIA S,GRILL M,STIBOREK J,et al.An empirical comparison of botnet detection methods[J].Computers & Security,2014,45:100-123. [18] TORROLEDO I,CAMACHO L D,BAHNSEN A C.Hunting malicious TLS certificates with deep neural networks[C]//Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security.New York,USA:ACM Press,2018:64-73. [19] PAI K C,MITRA S,CHARI S M.Novel TLS signature extraction for malware detection[C]//Proceedings of IEEE International Conference on Electronics,Computing and Communication Technologies.Washington D.C.,USA:IEEE Press,2020:1-3. [20] PAPADOGIANNAKI E,IOANNIDIS S.A survey on encrypted network traffic analysis applications,techniques,and countermeasures[J].ACM Computing Surveys,2022,54(6):123. [21] ANDERSON B,MCGREW D.Machine learning for encrypted malware traffic classification:accounting for noisy labels and non-stationarity[C]//Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.New York,USA:ACM Press,2017:1723-1732. [22] GUO J,SANG Y,CHANG P,et al.MGEL:a robust malware encrypted traffic detection method based on ensemble learning with multi-grained features[C]//Proceeding of the 21st International Conference on Computational Science.Berlin,Germany:Springer,2021:195-208. [23] 李小剑,谢晓尧,徐洋,等.基于CNN-SIndRNN的恶意TLS流量快速识别方法[J].计算机工程,2022,48(4):148-157,164. LI X J,XIE X Y,XU Y,et al.Fast identification method of malicious TLS traffic based on CNN-SIndRNN[J].Computer Engineering,2022,48(4):148-157,164.(in Chinese) [24] YU B,FANG Y,YANG Q,et al.A survey of malware behavior description and analysis[J].Frontiers of Information Technology & Electronic Engineering,2018,19(5):583-603. [25] 李慧慧,张士庚,宋虹,等.结合多特征识别的恶意加密流量检测方法[J].信息安全学报,2021,6(2):129-142. LI H H,ZHANG S G,SONG H,et al.Robust malicious encrypted traffic detection based with multiple features[J].Journal of Cyber Security,2021,6(2):129-142.(in Chinese) [26] ANDERSON B,MCGREW D.Identifying encrypted malware traffic with contextual flow data[C]//Proceedings of ACM Workshop on Artificial Intelligence and Security.New York,USA:ACM Press,2016:35-46. [27] 霍跃华,赵法起,李晓宇,等.一种加密恶意流量检测方法:CN 202210124869.1[P].2022-04-15. HUO Y H,ZHAO F Q,LI X Y,et al.An encrypted malicious traffic detection method:CN 202210124869.1[P].2022-04-15.(in Chinese) [28] PEDREGOSA F,VAROQUAUX G,GRAMFORT A,et al.Scikit-learn:machine learning in python[J].The Journal of Machine Learning Research,2011,12:2825-2830. |