TY - GEN
T1 - MF-Net
T2 - 5th International Conference on Blockchain and Trustworthy Systems, BlockSys 2023
AU - Yue, Guangchun
AU - Zhai, Yanlong
AU - Shen, Meng
AU - Jia, Jizhe
AU - Zhu, Liehuang
N1 - Publisher Copyright:
© 2024, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
PY - 2024
Y1 - 2024
N2 - Malicious attacks on the network continue to increase, seriously undermining cyberspace security. As the cost of Transport Layer Security(TLS) deployment decreases, attackers generally use encrypted traffic for camouflage to avoid network intrusion detection. Existing malicious traffic detection methods mainly focus on extracting traffic features at the single-flow level, but they have lost their effectiveness due to frequent malware updates and traffic obfuscation. In this paper, we propose MF-Net, an encrypted malicious traffic detection method based on multi-flow temporal features. We present a traffic representation named Multi-Flow Bytes Picture (MFBytesPic), which leverages the temporal features among multiple flows. Using MFBytesPic, we design a powerful Siamese Neural Network based classifier to effectively identify malicious traffic. In order to prove the effectiveness of MF-Net, we use a public dataset provided by Qi An Xin for experimental evaluation. Experimental results show that MF-Net outperforms Graph Neural Network based multi-flow method. MF-Net can achieve 98.13% accuracy and 98.10% F1 score using 5 flows, which enables effective encrypted malicious traffic detection.
AB - Malicious attacks on the network continue to increase, seriously undermining cyberspace security. As the cost of Transport Layer Security(TLS) deployment decreases, attackers generally use encrypted traffic for camouflage to avoid network intrusion detection. Existing malicious traffic detection methods mainly focus on extracting traffic features at the single-flow level, but they have lost their effectiveness due to frequent malware updates and traffic obfuscation. In this paper, we propose MF-Net, an encrypted malicious traffic detection method based on multi-flow temporal features. We present a traffic representation named Multi-Flow Bytes Picture (MFBytesPic), which leverages the temporal features among multiple flows. Using MFBytesPic, we design a powerful Siamese Neural Network based classifier to effectively identify malicious traffic. In order to prove the effectiveness of MF-Net, we use a public dataset provided by Qi An Xin for experimental evaluation. Experimental results show that MF-Net outperforms Graph Neural Network based multi-flow method. MF-Net can achieve 98.13% accuracy and 98.10% F1 score using 5 flows, which enables effective encrypted malicious traffic detection.
KW - Encrypted Malicious Traffic Detection
KW - Multi-Flow
KW - Siamese Neural Network
KW - Temporal Features
KW - Traffic Analysis
UR - http://www.scopus.com/inward/record.url?scp=85178582096&partnerID=8YFLogxK
U2 - 10.1007/978-981-99-8104-5_5
DO - 10.1007/978-981-99-8104-5_5
M3 - Conference contribution
AN - SCOPUS:85178582096
SN - 9789819981038
T3 - Communications in Computer and Information Science
SP - 58
EP - 71
BT - Blockchain and Trustworthy Systems - 5th International Conference, BlockSys 2023, Proceedings
A2 - Chen, Jiachi
A2 - Wen, Bin
A2 - Chen, Ting
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 8 August 2023 through 10 August 2023
ER -