Volume 48 Issue 7
Aug.  2022
Turn off MathJax
Article Contents
Abstract
References
Related Articles
HUO Yuehua, ZHAO Faqi, WU Wenhao. Multi-feature fusion based encrypted malicious traffic detection method for coal mine network[J]. Journal of Mine Automation,2022,48(7):142-148. DOI: 10.13272/j.issn.1671-251x.17944
Citation: HUO Yuehua, ZHAO Faqi, WU Wenhao. Multi-feature fusion based encrypted malicious traffic detection method for coal mine network[J]. Journal of Mine Automation,2022,48(7):142-148. DOI: 10.13272/j.issn.1671-251x.17944
shu

Multi-feature fusion based encrypted malicious traffic detection method for coal mine network

  • 1.

    School of Mechanical Electronic and Information Engineering, China University of Mining and Technology-Beijing, Beijing 100083, China

  • 2.

    Network and Information Center, China University of mining and Technology-Beijing, Beijing 100083, China

More Information
  • Received Date: May 07, 2022
  • Revised Date: July 11, 2022
  • Available Online: July 11, 2022
    Graphical Abstract
    • Abstract
  • The coal mine network is faced with the threat of malicious traffic encrypted by the transport layer security protocol (TLS) generated by malicious software and the high false alarm rate of encrypted traffic during detection. In order to solve the above problems, a multi-feature fusion malicious traffic detection method for coal mine network TLS encryption is proposed. The characteristics of multiple and heterogeneous malicious traffic features of TLS encryption are analyzed. The connection features, metadata and TLS encrypted protocol handshake features of coal mine network TLS encrypted malicious traffic in the transmission process are extracted. A coal mine network TLS encrypted traffic characteristic set is constructed by using a flow fingerprint method. The features in the feature set are standardized, one-hot encoded and normalized, so as to obtain an efficient sample set. Five sub-models of decision tree (DT), K-nearest neighbor (KNN), Gaussian Naive Bayes (GNB), L2 logistic regression (LR) and stochastic gradient descent (SGD) classifiers were used to test the above feature sets. In order to improve the robustness of the detection model, combined with the principle of the voting method, five classifier sub-models are combined to construct a muti-model voting classifier (MVC) detection model. Five classifier sub-models are used as voters. Each classifier sub-model trains the sample set separately, and votes according to the principle of minority obeying majority to get the final prediction value of each sample. The experimental results show that the proposed feature set reduces the dimension of the sample set and improves the detection efficiency of TLS encrypted traffic. DT classifier and KNN classifier perform best on the data set, reaching more than 99% accuracy. But they have the risk of overfitting. Although the LR classifier and SGD classifier sub-models have also achieved recognition accuracy of more than 90%, the false positive rate of these two sub-models is too high. The GNB classifier sub-model performs the worst, with an accuracy of 82%. But it has the advantage of low false-positive rate. The accuracy and recall rate of that MVC detection model on a data set is more than 99%, the false alarm rate is 0.13%. The detection rate of encrypted malicious traffic is improved, and the false alarm rate of encrypted traffic detection is 0. And the comprehensive performance of the MVC detection model is better than that of other classifier sub-models.
    • FullText(HTML)
    • References (20)
  • [1]
    刘雨燕,宋燕. 新一代信息技术助力智慧矿山建设[J]. 煤炭技术,2021,40(2):184-186.

    LIU Yuyan,SONG Yan. New-generation information technology helps construction of smart mines[J]. Coal Technology,2021,40(2):184-186.
    [2]
    陈燕. 煤矿网络安全风险与防范标准研究[J]. 中国石油和化工标准与质量,2019,39(18):5-6. DOI: 10.3969/j.issn.1673-4076.2019.18.002

    CHEN Yan. Study on safety risk and prevention standard of coal mine network[J]. China Petroleum and Chemical Standard and Quality,2019,39(18):5-6. DOI: 10.3969/j.issn.1673-4076.2019.18.002
    [3]
    谭靓洁,李永飞,吴琼. 基于区块链的煤矿安监云数据安全访问模型研究[J]. 工矿自动化,2022,48(5):93-99. DOI: 10.13272/j.issn.1671-251x.2022030023

    TAN Liangjie,LI Yongfei,WU Qiong. Research on security access model of coal mine safety supervision cloud data based on blockchain[J]. Journal of Mine Automation,2022,48(5):93-99. DOI: 10.13272/j.issn.1671-251x.2022030023
    [4]
    SEAN G. Nearly half of malware now use TLS to conceal communications[EB/OL]. [2022-03-21]. https://news.sophos.com/en-us/2021/04/21/nearly-half-of-malware-now-use-tls-to-conceal-communications/.
    [5]
    袁钦献. 加密网络流量分析关键技术研究与开发[D]. 西安: 西安电子科技大学, 2019.

    YUAN Qinxian. Research and development of key technology for encrypted network traffic analysis[D]. Xi'an: Xidian University, 2019.
    [6]
    ANDERSON B, MCGREW D. Identifying encrypted malware traffic with contextual flow data[C]//Proceedings of the 2016 ACM workshop on artificial intelligence and security, Vienna, 2016: 35-46.
    [7]
    翟明芳,张兴明,赵博. 基于深度学习的加密恶意流量检测研究[J]. 网络与信息安全学报,2020,6(3):66-77.

    ZHAI Mingfang,ZHANG Xingming,ZHAO Bo. Survey of encrypted malicious traffic detection based on deep learning[J]. Chinese Journal of Network and Information Security,2020,6(3):66-77.
    [8]
    TORROLEDO I, CAMACHO L D, BAHNSEN A C. Hunting malicious TLS certificates with deep neural networks[C]//Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security, Toronto, 2018: 64-73.
    [9]
    YU Tangda, ZOU Futai, LI Linsen, et al. An encrypted malicious traffic detection system based on neural network[C]//2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery(CyberC), Guilin, 2019: 62-70.
    [10]
    REZAEI S,LIU X. Deep learning for encrypted traffic classification:an overview[J]. IEEE Communications Magazine,2019,57(5):76-81. DOI: 10.1109/MCOM.2019.1800819
    [11]
    ANDERSON B,PAUL S,MCGREW D. Deciphering malware's use of TLS (without decryption)[J]. Journal of Computer Virology and Hacking Techniques,2016,14(1):1-17.
    [12]
    ANDERSON B, MCGREW D. Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-ntationarity[C]//Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, New York, 2017: 1723-1732.
    [13]
    骆子铭,许书彬,刘晓东. 基于机器学习的TLS恶意加密流量检测方案[J]. 网络与信息安全学报,2020,6(1):77-83.

    LUO Ziming,XU Shubin,LIU Xiaodong. Scheme for identifying malware traffic with TLS data based on machine learning[J]. Chinese Journal of Network and Information,2020,6(1):77-83.
    [14]
    BARUT O, ZHU R, LUO Y, et al. TLS encrypted application classification using machine learning with flow feature engineering[C]//The 10th International Conference on Communication and Network Security, Tokyo, 2020: 32-41.
    [15]
    鲁刚,郭荣华,周颖,等. 恶意流量特征提取综述[J]. 信息网络安全,2018(9):1-7.

    LU Gang,GUO Ronghua,ZHOU Ying,et al. Review of malicious traffic feature extraction[J]. Netinfo Security,2018(9):1-7.
    [16]
    康鹏, 杨文忠, 马红桥. TLS协议恶意加密流量识别研究综述[J/OL]. 计算机工程与应用: 1-21[2022-03-21]. http://kns.cnki.net/kcms/detail/11.2127.TP.20220308.0853.002.html.

    KANG Peng, YANG Wenzhong, MA Hongqiao. TLS malicious encrypted traffic identification research [J/OL]. Computer Engineering and Applications: 1-21[2022-03-21]. http://kns.cnki.net/kcms/detail/11.2127.TP.20220308.0853.002.html.
    [17]
    王洋,陈紫儿,柳瑞春,等. 基于决策树算法的网络加密流量识别方法[J]. 长江信息通信,2021,34(11):15-17. DOI: 10.3969/j.issn.1673-1131.2021.11.005

    WANG Yang,CHEN Zi'er,LIU Ruichun,et al. Network encryption traffic identification method based on decision tree algorithm[J]. Changjiang Information & Communications,2021,34(11):15-17. DOI: 10.3969/j.issn.1673-1131.2021.11.005
    [18]
    张心语,张秉晟,孟泉润,等. 隐私保护的加密流量检测研究[J]. 网络与信息安全学报,2021,7(4):101-113.

    ZHANG Xinyu,ZHANG Bingsheng,MENG Quanrun,et al. Study on privacy preserving encrypted traffic detection[J]. Chinese Journal of Network and Information,2021,7(4):101-113.
    [19]
    PEDREGOSA F,VAROQUAUX G,GRAMFORT A,et al. Scikit-learn:machine learning in Python[J]. Machine Learning,2011,12:2825-2830.
    [20]
    GARCIA S,GRILL M,STIBOREK J,et al. An empirical comparison of botnet detection methods[J]. Computers & Security,2014,45:100-123.
    • Related Articles

  • Related Articles

    [1]AN Longhui, WANG Manli, ZHANG Changsen. Fault detection algorithm for underground conveyor belt deviation based on improved RT-DETR[J]. Journal of Mine Automation, 2025, 51(3): 54-62. DOI: 10.13272/j.issn.1671-251x.2024080089
    [2]SHAO Tiantian, LI Tao. Design of a mine portable card reader with low-power consumption based on UWB and RT-Thread[J]. Journal of Mine Automation, 2024, 50(S1): 43-47,52.
    [3]LIU Xiangtong, LI Man, SHEN Siyi, CAO Xiangang, LIU Junqi. Measurement system for key attitude parameters of hydraulic support[J]. Journal of Mine Automation, 2024, 50(4): 41-49. DOI: 10.13272/j.issn.1671-251x.2023120006
    [4]CAI Zhihua, ZHOU Dongxu, ZHAO Minghui. Design of coal mine inspection robot control system[J]. Journal of Mine Automation, 2022, 48(5): 112-117. DOI: 10.13272/j.issn.1671-251x.2021120034
    [5]PAN Xiaobo. Design of low-power distributed gas concentration monitoring system based on LoRa[J]. Journal of Mine Automation, 2021, 47(6): 103-108. DOI: 10.13272/j.issn.1671-251x.2021030052
    [6]LI Qiwei. Design of wireless pressure sensor of hydraulic support based on LoRa technology[J]. Journal of Mine Automation, 2020, 46(12): 111-115. DOI: 10.13272/j.issn.1671-251x.2020040021
    [7]CHEN Xiaojing. Research on application of LoRa networking technology in belt conveyor transportation monitoring system[J]. Journal of Mine Automation, 2020, 46(4): 91-97. DOI: 10.13272/j.issn.1671-251x.2019090038
    [8]ZHANG Xi. Design of remote monitoring terminal in coal mine underground[J]. Journal of Mine Automation, 2018, 44(12): 97-101. DOI: 10.13272/j.issn.1671-251x.2018060044
    [9]HUO Zhenlong. Application analysis of LoRa technology in mine wireless communicatio[J]. Journal of Mine Automation, 2017, 43(10): 34-37. DOI: 10.13272/j.issn.1671-251x.2017.10.006
    [10]XU Guang-yuan, XU Guang-wei, ZHAO Xi-yu. The Application of Multi-thread Technique in the Analysis of Coal Quality[J]. Journal of Mine Automation, 2001, 27(3): 22-24.

Catalog

    Get Citation
    PDF
    XML

    Article Metrics

    Article views (285) PDF downloads (21) Cited by()
    Related

    苏ICP备 05016349号-2

    Supported by: Beijing Renhe Information Technology Co., Ltd.Visits:1255240    Baidu Analytics

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return