Study on SSL/TLS Encrypted Malicious Traffic Detection Algorithm Based on Graph Neural Networks
In order to achieve precise detection of SSL/TLS encrypted malicious traffic,a graph neural network-based model for malicious encrypted traffic detection is proposed,to address the issue of excessive reliance on expert experience in traditional ma-chine learning methods.Through the analysis of SSL/TLS encrypted sessions,the interactive information within traffic sessions is characterized using a graph structure,transforming the problem of detecting malicious encrypted traffic into a graph classification task.The proposed model is based on a hierarchical graph pooling architecture,which aggregates through multiple layers of con-volutional pooling,incorporating attention mechanisms to fully exploit node features and graph structure information,resulting in an end-to-end approach for malicious encrypted traffic detection.The proposed model is evaluated on public CICAndMal2017 dataset.Experimental results demonstrate tha it achieves an accuracy of 97.1%in binary classification of encrypted malicious traffic detection,outperforming other models with an accuracy improvement of 2.1%,recall improvement of 3.2%,precision im-provement of 1.6%,F1 score improvement of 2.1%.These results indicate that the proposed method exhibits superior represen-tational and detection capabilities for malicious encrypted traffic in comparison to other methods.
万方数据
维普
