Remote Access Trojan Traffic Detection Based on Fusion Sequences
In response to the issues of weak generalization ability,limited representation capability,and delayed warning in exis-ting remote access Trojan(RAT)traffic detection methods,a RAT traffic detection model based on a fusion sequence is pro-posed.By deeply analyzing the differences between normal network traffic and RAT traffic in packet length sequence,packet pay-load length sequence,and packet time interval sequence,traffic is represented as a fusion sequence.The fusion sequences are input into a Transformer model that utilizes multi-head attention mechanisms and residual connections to mine the intrinsic relation-ships within the fusion sequences and learn the patterns of RAT communication behavior,effectively enhancing the detection ca-pability and generalization ability of the model for RAT traffic.The model only needs to extract the first 20 data packets of a net-work session for detection and can issue timely warnings in the early stages of Trojan intrusion.Comparative experimental results show that the model not only achieves excellent results in known data but also performs well in unknown traffic test sets.Com-pared with existing deep learning models,it presents superior performance indicators and has practical application value in the field of RAT traffic detection.
NETL
NSTL
万方数据
