HTTP malicious traffic detection method based on hybrid structure deep neural network

Jia LI; Xiaochun YUN; Shuhao LI; Yongzheng ZHANG; Jiang XIE; Fang FANG

doi:10.11959/j.issn.1000-436x.2019019

您当前的位置：

首页 >

文章列表页 >

HTTP malicious traffic detection method based on hybrid structure deep neural network

Papers | 更新时间：2024-06-05

- HTTP malicious traffic detection method based on hybrid structure deep neural network
- Journal on Communications Vol. 40, Issue 1, Pages: 24-33(2019)
- 作者机构：
  
  1. 中国科学院信息工程研究所，北京 100093
  2. 中国科学院大学网络空间安全学院，北京100049
  3. 中国科学院网络测评技术重点实验室，北京100195
  4. 长安通信科技有限责任公司，北京 102209
- 作者简介：
- 基金信息：
  
  The National Basic Research Program of China (973 Program)(2016YFB0801502);The National Natural Science Foundation of China(U1736218)
- DOI：10.11959/j.issn.1000-436x.2019019
  CLC： TP393
- Online First：2019-01，
  
  Published：25 January 2019
- 稿件说明：
移动端阅览
Jia LI, Xiaochun YUN, Shuhao LI, et al. HTTP malicious traffic detection method based on hybrid structure deep neural network[J]. Journal on Communications, 2019, 40(1): 24-33.
DOI：

Jia LI, Xiaochun YUN, Shuhao LI, et al. HTTP malicious traffic detection method based on hybrid structure deep neural network[J]. Journal on Communications, 2019, 40(1): 24-33. DOI： 10.11959/j.issn.1000-436x.2019019.

摘要

针对HTTP恶意流量检测问题，提出了一种基于裁剪机制和统计关联的预处理方法，进行流量的统计信息关联及归一化处理。基于原始数据与经验特征工程相结合的思想提出了一种混合结构深度神经网络，结合了卷积神经网络与多层感知机，分别处理文本与统计信息。与传统机器学习算法(如SVM)相比，所提方法效果提升明显，F

值可达99.38%，且具有更低的时间代价。标注了一套由45万余条恶意流量和2000万余条非恶意流量组成的数据集，并依据模型设计了一套原型系统，精确率达到了98.1%~99.99%，召回率达到了97.2%~99.5%，应用在真实网络环境中效果优异。

Abstract

In response to the HTTP malicious traffic detection problem

a preprocessing method based on cutting mechanism and statistical association was proposed to perform statistical information correlation as well as normalization processing of traffic.Then

a hybrid neural network was proposed based on the combination of raw data and empirical feature engineering.It combined convolutional neural network (CNN) and multilayer perceptron (MLP) to process text and statistical information.The effect of the model was significantly improved compared with traditional machine learning algorithms (e.g.

SVM).The F

value reached 99.38% and had a lower time complexity.At the same time

a data set consisting of more than 450 000 malicious traffic and more than 20 million non-malicious traffic was created.In addition

prototype system based on model was designed with detection precision of 98.1%~99.99% and recall rate of 97.2%~99.5%.The application is excellent in real network environment.

关键词

Keywords

references

中国互联网络信息中心 . 中国互联网络发展状况统计报告 [R ] . 中国互联网络信息中心 . 2018 .

INIC . The statistical report on internet development in China [R ] . China Internet Network Information Center . 2018 .

国家互联网应急中心 . 2016 年中国互联网网络安全报告 [R ] . 国家互联网应急中心 . 2017 .

NIEC . A survey of china's internet security situation [R ] . China Internet Network Information Center . National Internet Emergency Center . 2017

LI Z , ZHANG K , XIE Y , et al . Knowing your enemy:understanding and detecting malicious web advertising [C ] // The 2012 ACM Conference on Computer and Communications Security . 2012 : 674 - 686 .

GU G , ZHANG J , LEE W . BotSniffer:detecting botnet command and control channels in network traffic [C ] // The Network and Distributed System Security Symposium . 2008 .

GU G , PERDISCI R , ZHANG J , et al . BotMiner:clustering analysis of network traffic for protocol-and structure-independent botnet detection [C ] // The 17th USENIX Security Symposium . 2018 : 139 - 154 .

CAO J , LI Q , Y JI , et al . Detection of forwarding-based malicious URLs in online social networks [J ] . International Journal of Parallel Programming , 2016 , 44 ( 1 ): 163 - 180 .

ADEWOLE K S , ANUAR N B , et al . Malicious accounts:dark of the social networks [J ] . Journal of Network and Computer Applications , 2017 , 79 : 41 - 67 .

SHIN E C R , SONG D , MOAZZEZI R . Recognizing functions in binaries with neural networks [C ] // USENIX Security Symposium . 2015 : 611 - 626 .

YUAN Z , LU Y , WANG Z , et al . Droid-sec:deep learning in android malware detection [C ] // ACM SIGCOMM Computer Communication Review . 2014 , 44 ( 4 ): 371 - 372 .

YUAN Z , LU Y , XUE Y . Droiddetector:android malware characterization and detection using deep learning [J ] . Tsinghua Science and Technology , 2016 , 21 ( 1 ): 114 - 123 .

KIM J , KIM J , THU H L T , et al . Long short term memory recurrent neural network classifier for intrusion detection [C ] // Platform Technology and Service (PlatCon),2016 International Conference on . IEEE , 2016 : 1 - 5 .

SALAMA M A , EID H F , RAMADAN R A , et al . Hybrid intelligent intrusion detection scheme [M ] . Soft Berlin Computing in Industrial Applications . 2011 : 293 - 303 .

NASRABADI N M . Pattern recognition and machine learning [J ] . Journal of Electronic Imaging , 2007 , 16 ( 4 ):049901

ROSENBLATT F . The perceptron:a probabilistic model for information storage and organization in the brain [J ] . Psychological Review , 1958 , 65 ( 6 ): 386 .

RUMELHART D E , HINTON G E , WILLIAMS R J . Learning representations by back-propagating errors [J ] . Nature , 1986 , 323 ( 6088 ): 533 .

WATSON M R , MARNERIDES A K , MAUTHE A , et al . Malware detection in cloud computing infrastructures [J ] . IEEE Transactions on Dependable and Secure Computing , 2016 , 13 ( 2 ): 192 - 205 .

MO Y , XING L , ZHONG F , et al . Reliability evaluation of network systems with dependent propagated failures using decision diagrams [J ] . IEEE Transactions on Dependable and Secure Computing , 2016 , 13 ( 6 ): 672 - 683 .

Views

2643

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Trajectory reconstruction attacks on differential privacy based on a CNN-BiLSTM-Attention hybrid model

Modulation recognition method based on multiscale convolutional fusion coding networks

Malicious DNS traffic detection based neural networks

Privacy-preserving convolutional neural network inference scheme based on homomorphic ciphertext transformation

Fusion reconstruction mechanism and contrast learning method for WSN abnormal node detection

Related Author

XIE Lixia

ZHAO Erkang

YANG Hongyu

LIU Zheli

ZHAO Yongxin

LI Guojun

ZHU Siyuan

ZHENG Jianzhong

Related Institution

School of Computer Science and Technology, Civil Aviation University of China

School of Computer Science and Engineering, Tianjin University of Technology

College of Cyber Science, Nankai University

School of Safety Science and Engineering, Civil Aviation University of China

School of Optoelectronic Engineering, Chongqing University of Posts and Telecommunications

AI问答

⁰