A Method for TLS Malicious Traffic Identification Based on Machine Learning
With more and more malicious traffic using TLS protocol encryption, efficient identification of TLS malicious traffic has become an increasingly important task in network security management in order to ensure communication security and privacy. Most of the traditional traffic identification methods on TLS malicious encryption only adopt the common characteristics of ordinary traffic, which results in the increase of coupling among features and then the low identification accuracy. In addition, most of the previous work related to malicious traffic identification extracted features directly from the data flow without recording the extraction process, making it difficult for subsequent traceability. Therefore, this paper implements an efficient feature extraction method with structural correlation for TLS malicious encrypted traffic. The traffic feature extraction process is logged in modules, and the index is used to establish relevant information links, so as to analyse the context and facilitate subsequent feature analysis and problem traceability. Finally, Random Forest is used to realize efficient TLS malicious traffic identification with an accuracy of up to 99.38%.