| 摘要: |
| 随着人们网络安全意识的不断提高和加密技术的广泛应用,网络中的加密流量呈现爆炸式增长。在加密技术保护用户数据安全和隐私的同时,攻击者也可滥用加密技术隐藏恶意、非法、窃密行为,给网络安全防护及监管带来新的挑战。一方面,在不解密条件下对恶意加密流量进行检测已成为网络安全领域的难题。随着恶意加密流量的不断增多,传统的深度包检测技术已不再适用。另一方面,攻击者利用流量混淆等攻击技术将恶意流量隐藏于正常流量之中,或者利用对抗机器学习生成对抗样本以干扰检测模型,误导检测系统做出错误决策。目前,将深度学习方法应用于恶意加密流量检测以及对抗方面的研究不断发展,尚未有文献对最新成果及趋势进行回顾。本文从任务场景、数据预处理、特征提取、模型和评估指标等多方面,全面整理并分析了恶意加密流量检测及对抗技术的最新研究成果。首先,提出了一个通用的恶意加密流量检测框架,并结合框架对目标任务场景进行分类总结。其次,介绍了应用于恶意加密流量检测的数据收集与预处理技术、特征提取与选择技术和相关的评估指标体系,讨论了数据不平衡问题的解决方法。此外,对比分析了不同检测模型的适用性和优缺点,并讨论了对抗攻击和应对措施。最后,探讨了恶意加密流量检测领域中开放问题和挑战,并对未来的研究方向进行了展望。 |
| 关键词: 加密流量 恶意检测 对抗攻击 深度学习 |
| DOI: |
| 投稿时间:2023-02-25修订日期:2023-05-30 |
| 基金项目:国家重点研发计划项目 |
|
| Survey on Deep Learning Based Malicious Encrypted Traffic Detection and Adversarial Techniques |
|
Fan Zuwei, Zhang Shunliang, Zhao Hongce
|
| (Institute of Information Engineering,Chinese Academy of Sciences) |
| Abstract: |
| With the continuous improvement of people's awareness of network security and the wide application of encryption technology, the encrypted traffic in the network is emerging explosive growth. While encryption technology protects safety of user data and privacy, attackers can misuse encryption technology to hide malicious and illegal behaviors, which brings new challenges to network security protection and supervision. On the one hand, detecting malicious encrypted traffic without decryption has become a difficult issue in the field of network security. With the increasing amount of malicious encrypted traffic, traditional deep packet inspection techniques are no longer applicable. On the other hand, attackers use traffic obfuscation and other adversarial techniques to hide malicious traffic in normal traffic, or generate adversarial samples to interfere with the detection model, which misleads the detection system into making wrong decisions. At present, the research on applying deep learning methods to malicious encrypted traffic detection and confrontation is developing continuously, and there is no literature review on the latest achievements and trends. In this paper, the latest work of malicious encryption traffic detection and adversarial techniques are comprehensively investigated from the aspects of task scenarios, data preprocessing, features extraction, models and evaluation indicators. Firstly, a general framework for malicious encryption traffic detection is proposed, and the target task scenarios are classified according to the framework. Secondly, the system applied to malicious encryption traffic detection are presented from the perspectives of data collection and preprocessing techniques, feature extraction and selection techniques, and evaluation index, and the solutions to data imbalance problem are discussed. Moreover, the applicability, advantages and disadvantages of different detection models are compared and analyzed, and the techniques of adversarial attack and corresponding countermeasures are discussed. Finally, the open issues and challenges in the field of malicious encryption traffic detection are discussed, and the future research direction is prospected. |
| Key words: encrypted traffic malicious detection adversarial attack deep learning |
