DLC-TSM：一种用于加密恶意流量分类的高维特征图方法

打开文本图片集

关键词：加密恶意流量分类；深度学习；马尔可夫链；马尔可夫转移概率矩阵；流量处理；特征过滤中图分类号：TP393.0 文献标志码：A 文章编号：1001-3695（2025）10-032-3144-08doi：10.19734/j. issn. 1001-3695.2024.12.0535

DLC-TSM ： multi-dimensional feature image approach for crypto-malicious traffic classification

Guo Yijie¹，Luo Qinl†，Wu Peng² （1.SchoolofmpuerSee&SoftreEgneg，SouhtetroleUniesityhgduh；loff &Engineering，Sichuan TourismUniversity，Chengdu 61O5Oo，China）

Abstract：Toaddressthe limitationsofexisting encryptedmalicious traffcclasificationmethods，suchasrestrictedfeature representationapabilityhighiseensitivity，andinsuficientmodelgeneralization，thistudyproposedanecrytedalicious trafficclasificationmethodbasedondeeplearningusing three-dimensionalsecond-orderMarkovmatrix images（DLCTSM）.Byintegratingthefeature transformationofthree-dimensionalsecond-orderMarkovprobabilitymatrices withdeeplearning，itconvertedteoriginaletworktraffcintedgreen-blueRGBfeatureimages.Itapledaninnovativetresholdfltering algorithmtoenhance featurerepresentation，andemployed dep learning neural network to extract dep image featuresforprecisetraficlassificatio.Experimentalresultsdemonstratethefectivenessoftheproposedmthodacrossfourencrytedmalicious traffic datasets in three diferent scenarios，achieving peak accuracies of 99. 33% ，99. 07% ， 97.98% ，and 98. 17% ，respectively.DLC-TMeffectivelyaddresesthetradeoffbetween encrytedtrafficfeature extractionandclasificationaccuracy， and its image-based representation strategy offers anovel technical approach for traffc analysis research.

Key words：crypto malicioustrafic clasification；deep learning；Markovchain；Markov transfer probabilitymatrix；traffic processing；feature filtering

0 引言

加密恶意流量是指使用加密技术处理的恶意数据流，通过加密协议确保恶意数据流在传输过程中保持隐蔽。（剩余18278字）