{"title":"基于指纹增强和二阶马尔可夫链的恶意加密流量识别方案","authors":"Daichong Chao","doi":"10.1145/3404555.3404590","DOIUrl":null,"url":null,"abstract":"Malicious encrypted traffic poses great threat to cyber security owing to encryption and the ability to bypass traditional traffic detection schemes. Malicious encrypted traffic identification is a challenging task and has attracted researchers' attention nowadays. Existing research way mainly extracts various statistical features of data-flow, which relies artificial experience heavily. To round the above problem. a fingerprint enhancement and second-order Markov chain based scheme is proposed in this paper, obtaining features more easily. Fingerprint enhancement is done to replace SSL fingerprint by refining data-flow's behavior. Then enhanced fingerprint is fed to second-order Markov chain to obtain dominating feature for identification model. To our best knowledge, this paper is the first one focusing on using fingerprint and second order Markov chain to simplify feature extraction. Finally, the proposed scheme is verified based on public dataset Stratosphere IPS.","PeriodicalId":220526,"journal":{"name":"Proceedings of the 2020 6th International Conference on Computing and Artificial Intelligence","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"A Fingerprint Enhancement and Second-Order Markov Chain Based Malicious Encrypted Traffic Identification Scheme\",\"authors\":\"Daichong Chao\",\"doi\":\"10.1145/3404555.3404590\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malicious encrypted traffic poses great threat to cyber security owing to encryption and the ability to bypass traditional traffic detection schemes. Malicious encrypted traffic identification is a challenging task and has attracted researchers' attention nowadays. Existing research way mainly extracts various statistical features of data-flow, which relies artificial experience heavily. To round the above problem. a fingerprint enhancement and second-order Markov chain based scheme is proposed in this paper, obtaining features more easily. Fingerprint enhancement is done to replace SSL fingerprint by refining data-flow's behavior. Then enhanced fingerprint is fed to second-order Markov chain to obtain dominating feature for identification model. To our best knowledge, this paper is the first one focusing on using fingerprint and second order Markov chain to simplify feature extraction. Finally, the proposed scheme is verified based on public dataset Stratosphere IPS.\",\"PeriodicalId\":220526,\"journal\":{\"name\":\"Proceedings of the 2020 6th International Conference on Computing and Artificial Intelligence\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-04-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2020 6th International Conference on Computing and Artificial Intelligence\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3404555.3404590\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 6th International Conference on Computing and Artificial Intelligence","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3404555.3404590","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Fingerprint Enhancement and Second-Order Markov Chain Based Malicious Encrypted Traffic Identification Scheme
Malicious encrypted traffic poses great threat to cyber security owing to encryption and the ability to bypass traditional traffic detection schemes. Malicious encrypted traffic identification is a challenging task and has attracted researchers' attention nowadays. Existing research way mainly extracts various statistical features of data-flow, which relies artificial experience heavily. To round the above problem. a fingerprint enhancement and second-order Markov chain based scheme is proposed in this paper, obtaining features more easily. Fingerprint enhancement is done to replace SSL fingerprint by refining data-flow's behavior. Then enhanced fingerprint is fed to second-order Markov chain to obtain dominating feature for identification model. To our best knowledge, this paper is the first one focusing on using fingerprint and second order Markov chain to simplify feature extraction. Finally, the proposed scheme is verified based on public dataset Stratosphere IPS.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
