TY - GEN
T1 - SSL malicious traffic detection based on multi-view features
AU - Dai, Rui
AU - Gao, Chuan
AU - Lang, Bo
AU - Yang, Lixia
AU - Liu, Hongyu
AU - Chen, Shaojie
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/11/15
Y1 - 2019/11/15
N2 - In recent years, as more and more softwares use SSL encryption protocol to improve the security and integrity of communications, the encrypted traffic is growing, which brings new challenges to cyber attack detection. Since most of the SSL traffic is unreadable ciphertext, traditional pattern recognition and deep packet inspection are not applicable. In addition, the current machine learning methods are not fully applicable to encrypted traffic detection. The detection of encrypted malicious traffic is still an open problem. In this paper, we propose an SSL malicious traffic detection method based on multi-view features. Our method comprehensively extracts features from multiple views, including flow statistics, SSL handshake field, and certificate to retain key original information. We test four machine learning models, i.e., SVM, Decision Tree, Random Forest, and XGBoost on the CTU Malware dataset. The results show that XGBoost performs best reaching an accuracy of 97.71%, which is better than other studies on the CTU dataset.
AB - In recent years, as more and more softwares use SSL encryption protocol to improve the security and integrity of communications, the encrypted traffic is growing, which brings new challenges to cyber attack detection. Since most of the SSL traffic is unreadable ciphertext, traditional pattern recognition and deep packet inspection are not applicable. In addition, the current machine learning methods are not fully applicable to encrypted traffic detection. The detection of encrypted malicious traffic is still an open problem. In this paper, we propose an SSL malicious traffic detection method based on multi-view features. Our method comprehensively extracts features from multiple views, including flow statistics, SSL handshake field, and certificate to retain key original information. We test four machine learning models, i.e., SVM, Decision Tree, Random Forest, and XGBoost on the CTU Malware dataset. The results show that XGBoost performs best reaching an accuracy of 97.71%, which is better than other studies on the CTU dataset.
KW - Feature selection
KW - Machine learning
KW - Multi-view features
KW - SSL malicious traffic detection
UR - https://www.scopus.com/pages/publications/85078322540
U2 - 10.1145/3371676.3371697
DO - 10.1145/3371676.3371697
M3 - 会议稿件
AN - SCOPUS:85078322540
T3 - ACM International Conference Proceeding Series
SP - 40
EP - 46
BT - ICCNS 2019 - 2019 9th International Conference on Communication and Network Security
PB - Association for Computing Machinery
T2 - 9th International Conference on Communication and Network Security, ICCNS 2019
Y2 - 15 November 2019 through 17 November 2019
ER -