Abstract
It has become a significant research direction to resist cyberattacks through traffic identification technology. Traditional traffic identification technology is often based on network port or feature matching, which has become inefficient in the increasingly complex network environment. Nowadays, the malicious cyberattacks usually encrypt their traffic to escape the traditional traffic identification, and the most common encryption method is the SSL/TLS encryption. In response to this phenomenon, this paper proposes an encrypted malicious traffic identification method based on the random forest, which uses features based on packet information, time, TCP Flags field, and application layer payload information. We designed the technology and application framework to ensure the success of the experiment and collected a large amount of SSL/TLS encrypted traffic as datasets. Benefit from model optimization by parameter adjusting, the experimental results showed that final model had highly accurate and predictive ability.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Moore, A.W., Papagiannaki, K.: Toward the accurate identification of network application. In: Proceedings of Passive and Active Networks Measurement Workshop, pp. 41–54 (2005)
Ding, L., Yu, F., Peng, S., et al.: A classification algorithm for network traffic based on improved support vector machine. J. Comput. 8(4), 1090–1096 (2013)
Kalaiselvi, T., Shanmugaraja, P.: Hybrid algorithm for the traffic flows. J. Comput. 8(4), 340–343 (2016)
Wei, L., Marco, C., Moore, et al.: Efficient application identification and the temporal and spatial stability of classification schema. Comput. Netw. 53(6), 790–809 (2009)
Arthur, C., Judith, K., Djamel, S., et al.: Better network traffic identification through the independent combination of techniques. J. Netw. Comput. Appl. 33(4), 433–446 (2010)
Alberto, D., Antonio, P., Kimberly, C.C.: Issues and future directions in traffic classification. IEEE Netw. 26(1), 35–40 (2012)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Hjelmvik, E., John, W.: Statistical protocol identification with SPID: preliminary results. In: Swedish National Computer Networking Workshop (2009)
Jnguyen, T.T., Grenville, A.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. Tutor. 10(4), 56–76 (2008)
Cybercrime tactics and techniques Q1 2017. https://www.malwarebytes.com/pdf/labs/ybercrime-Tactics-and-Techniques-Q1-2017.pdf
Three-Quarters of Organizations Experienced Phishing Attacks in 2017, Report Uncovers. https://www.tripwire.com/state-of-security/security-data-protection/three-quarters-organizations-experienced-phishing-attacks-2017-report-uncovers/
Banking trojans, not ransomware, are the biggest threat to the enterprise now. https://www.techrepublic.com/article/banking-trojans-not-ransomware-are-the-biggest-threat-to-the-enterprise-now/
Top 10 Banking Trojans for 2017: What you need to know. https://blog.barkly.com/top-banking-trojans-2017
Spamhaus Botnet Threat Report 2017. https://www.spamhaus.org/news/article/772/
2017 State of Malware Report. https://www.malwarebytes.com/pdf/white-papers/stateofmalware.pdf
Malware-Traffic-Analysis.net. http://www.malware-traffic-analysis.net/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Fang, Y., Xu, Y., Huang, C., Liu, L., Zhang, L. (2020). Against Malicious SSL/TLS Encryption: Identify Malicious Traffic Based on Random Forest. In: Yang, XS., Sherratt, S., Dey, N., Joshi, A. (eds) Fourth International Congress on Information and Communication Technology. Advances in Intelligent Systems and Computing, vol 1027. Springer, Singapore. https://doi.org/10.1007/978-981-32-9343-4_10
Download citation
DOI: https://doi.org/10.1007/978-981-32-9343-4_10
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-32-9342-7
Online ISBN: 978-981-32-9343-4
eBook Packages: EngineeringEngineering (R0)