机器学习在恶意加密流量检测中的应用及研究
电子技术应用
田睿1,2,张雅勤1,2,董伟1,2,李致成1,2,冯志1,2
1.中国电子信息产业集团有限公司第六研究所;2.华北计算机系统工程研究所
摘要: 随着加密通信的普及,恶意攻击者利用加密流量隐藏活动,传统基于签名和规则的检测方法面临挑战。机器学习为恶意加密流量检测提供了新解决方案。综述了监督学习、非监督学习、深度学习和集成学习在该领域的应用。监督学习通过标记数据识别已知攻击,非监督学习在未标记数据中发现新型攻击模式,深度学习提升了在大数据环境中的特征提取能力,而集成学习则通过模型融合增强系统鲁棒性。研究表明,机器学习显著提高了恶意行为识别的准确性,特别是在复杂数据特征提取和新攻击模式发现方面。
中图分类号:TP181/TP393.0 文献标志码:A DOI: 10.16157/j.issn.0258-7998.245979
中文引用格式: 田睿,张雅勤,董伟,等. 机器学习在恶意加密流量检测中的应用及研究[J]. 电子技术应用,2025,51(4):1-11.
英文引用格式: Tian Rui,Zhang Yaqin,Dong Wei,et al. The application and research of machine learning in malicious encrypted traffic detection[J]. Application of Electronic Technique,2025,51(4):1-11.
中文引用格式: 田睿,张雅勤,董伟,等. 机器学习在恶意加密流量检测中的应用及研究[J]. 电子技术应用,2025,51(4):1-11.
英文引用格式: Tian Rui,Zhang Yaqin,Dong Wei,et al. The application and research of machine learning in malicious encrypted traffic detection[J]. Application of Electronic Technique,2025,51(4):1-11.
The application and research of machine learning in malicious encrypted traffic detection
Tian Rui1,2,Zhang Yaqin1,2,Dong Wei1,2,Li Zhicheng1,2,Feng Zhi1,2
1.The Sixth Research Institute of China Electronics Information Industry Group Corporation Limited; 2.North China Research Institute of Computer System Engineering
Abstract: With the widespread use of encrypted communication, malicious attackers increasingly exploit encrypted traffic to conceal their activities, posing challenges to traditional signature-based and rule-based detection methods. Machine learning provides a novel solution for detecting malicious encrypted traffic. This paper reviews the applications of supervised learning, unsupervised learning, deep learning, and ensemble learning in this domain. Supervised learning identifies known attacks using labeled data, while unsupervised learning uncovers new attack patterns in unlabeled data. Deep learning enhances feature extraction capabilities in large-scale data environments, and ensemble learning strengthens system robustness through model fusion. The findings indicate that machine learning significantly improves the accuracy of malicious behavior detection, particularly in complex feature extraction and the identification of new attack patterns.
Key words : encrypted traffic recognition;machine learning;encrypted traffic;malicious behavior detection;ensemble learning
引言
随着数字化发展,网络安全成为全球重要挑战,尤其是加密流量中的恶意行为识别。机器学习在加密流量检测中展现出重要应用。本文综述了监督学习、非监督学习、深度学习和集成学习在恶意加密流量分析中的应用,探讨其对网络安全的影响。首先,分析监督学习(如决策树、SVM、随机森林)在标注数据集上的模式识别能力及其优劣;接着讨论非监督学习(如K均值、层次聚类)在无标签环境中的异常检测;然后研究深度学习(如CNN、RNN)在时间序列分析中的优势,通过自动提取特征提升检测性能;最后评估集成学习(如随机森林、AdaBoost)结合多模型提升检测精度和鲁棒性。
本文详细内容请下载:
https://www.chinaaet.com/resource/share/2000006386
作者信息:
田睿1,2,张雅勤1,2,董伟1,2,李致成1,2,冯志1,2
(1.中国电子信息产业集团有限公司第六研究所,北京 100083;
2.华北计算机系统工程研究所,北京 100083)
此内容为AET网站原创,未经授权禁止转载。