Find in Library

Based on analyzing the characteristics of transport layer security (TLS) protocol, a distributed automation malicious traffic detecting system based on machine learning was designed. The characteristics of encrypted malware traffic from TLS data, observable metadata and contextual flow data was extracted. Support vector machine, random forest and extreme gradient boosting were used to compare the performance of the mainstream malicious encryption traffic identification which realized the efficient detection of malicious encryption traffic, and verified the validity of the detection system of malicious encryption traffic.