基于可变长序列的恶意加密流量检测方法

本文引入组合恶意加密流量数据集，结合随机森林对各个特征的重要性进行对比，构建可变长二维特征序列，提出一种针对可变长序列的恶意加密流量检测方法。该方法采用BiGRU-CNN深度学习模型，通过引入Masking层，有效解决变长序列问题，能够同时提取流量数据中时间和空间的多重特征，最终实现对恶意加密流量的二分类检测。实验结果表明，该方法与基于CNN、LSTM等单一模型相比在精确率、召回率和F1值均有所提升，准确率达到94.61%，且在非训练集实验中能达到94.93%的平均识别准确率，具有较好的应用价值。

A malicious encrypted traffic detection method based on variable-length sequence

This paper introduces a combined malicious encrypted traffic dataset, constructs a variable-length two-dimensional feature sequence with comparing the importance of each feature with random forests, and proposes a malicious encrypted traffic detection method for variable-length sequence. This method adopts the BiGRU-CNN deep learning model and introduces the Masking layer to effectively solve the problem of variable-length sequence. It can simultaneously extract multiple temporal and spatial features in traffic data, fulfilling binary detection of malicious encrypted traffic at last. The experimental results show that compared with single models etc such as CNN and LSTM, the method improves the precision rate, recall rate and F1 value, and the accuracy rate reaches 94.61%, and it can achieve an average recognition accuracy of 94.93% in non-training dataset experiments. This method has good application value.