近年來用戶對於隱私及安全性日漸重視,因此,各種網路服務及應用程式會透過加密技術來保護使用者在網路中訊息溝通或資料傳輸的內容,進而提升用戶的隱私。而隨著加密技術的發展,也隨之帶動HTTPS的快速成長,使其成為最廣泛應用的網路通訊協定,並且在網路傳輸中對訊息加密也逐漸成為一項主流。然而,攻擊者對於網路攻擊的手法不斷推陳出新,雖然透過加密技術可以保護用戶的安全隱私,防止資料洩漏或遭受其他攻擊的機會,但也提供攻擊者隱藏惡意程式在加密資料中卻不被發現的機會。此外傳統深度封包檢測(Deep Packet Inspection, DPI)的偵測機制也會因為封包加密而受到很大的限制,因此如何在加密的情況下進行惡意流量的偵測是一個重要的關鍵。 本論文為了解決加密流量的惡意攻擊的問題,提出了結合深度學習與機器學習的CNN-XGB惡意流量分類模型,該模型中使用卷積神經網路(Convolutional Neural Network, CNN)與XGBoost(eXtreme Gradient Boosting)技術,可以有效的分類公開資料集與自行錄製的加密資料集中的8種攻擊類型,並且達到99.27%的準確率。並且將該模型應用於入侵檢測系統(Intrusion Detection System)中,即時地進行網路流量檢測,其所提出的IDS對於異常攻擊流量的偵測時間可以在1.075秒內完成。因此本論文提出之基於機器學習之惡意加密流量偵測機制可以即時地偵測惡意加密流量。 ;In recent years, people are care more about data privacy and data security. A lot of services and applications are using encrypted mechanism to protect the communication and data context of Internet users and improve the user privacy. The development of the encrypted technique also led the rapid growth of HTTPS, making it become the most widely used encryption protocol in the Internet. Also, using encrypted communication when transmitting has become a standard. However, cybercriminals are constantly creating new attacks to fit new trends. Although the encrypted technique can protect the security and privacy to prevent the data breach or other attacks, it also gives the chance to attackers for hiding some malware inside the encrypted data without being detected. In addition, the traditional DPI (Deep Packet Inspection) mechanism is be limited to the encrypted packet. To classify the malicious and encrypted traffic, this paper proposed a CNN-XGB model which combine Convolutional Neural Network (CNN) and eXtreme Gradient Boosting (XGBoost) techniques. This model can reach the 99.27% accuracy of 8 types of attacks on the self-captured traffic and the public dataset. After applying the model to the Intrusion Detection System (IDS), the average detection time of attacks can finish in 1.075 second. With the efficient malicious traffic classification model and IDS, we can keep the security and privacy of user and do not affect the Quality of Service (QoS) in network.
