Hangjiang Guo*, Jinghan Zhang
Beijing University of Posts and Telecommunications, Beijing 100876, China.
*Corresponding author: Hangjiang Guo
Abstract
This article proposes an innovative malicious traffic detection method for TLS/SSL encryption based on a dual-layer attention mechanism with graph alignment. The method effectively captures both the graph structure and node features of network traffic using structural and feature attention layers. It introduces a session-based traffic graph construction approach and a malicious traffic allocation algorithm to handle complex encrypted traffic patterns. The dual-layer attention mechanism is optimized through a graph alignment process using the Gromov-Wasserstein distance and Sinkhorn algorithm, with local structure preservation constraints. A multi-objective loss function, including graph alignment loss and classification loss, is designed to enhance model training. Experimental results on the ISCX VPN-nonVPN 2016 dataset demonstrate superior performance compared to traditional machine learning and deep learning methods, achieving 98.3% accuracy, 98.5% precision, and 98.1% recall. This approach not only improves the detection capability of encrypted malicious traffic but also provides new insights for addressing increasingly complex network security challenges in encrypted environments.
References
[1] Li Y, Ge H. Three dimensional object detection using multimodal data fusion with dual attention mechanism. J Wuhan Univ (Eng Ed). 2024;57(08):1169-1175.
[2] Xie Y, Wang G, Shi N, et al. MSCNN BiLSTM rolling bearing fault diagnosis method integrating attention mechanism. Bearing. 2024;8:86-94.
[3] Wu H, Qian Y, Leng H. Multimodal relation extraction based on bidirectional attention mechanism. Comput Eng. 2024;50(04): 160-167.
[4] Wang W, Chen J, Yang L, et al. Network side alarm sorting method based on multivariate data fusion. J Softw. 2024;35(08):3610-3625.
[5] Shen X, Liu S. Intrusion Detection Method Based on Graph Edge Feature Attention. Comput Eng. 2024 Sep 23;1-11.
[6] Lu R, Wang N, Zhang Y, Lin Y, Wu W, Shi Z. Extraction of Agricultural Fields via DASFNet with Dual Attention Mechanism and Multi-scale Feature Fusion in South Xinjiang, China. Remote Sensing. 2022;14(9):2253.
[7] Hussain F, Abbas SG, Shah GA, Pires IM, Fayyaz UU, Shahzad F, Garcia NM, Zdravevski E. A Framework for Malicious Traffic Detection in IoT Healthcare Environment. Sensors. 2021;21(9):3025.
[8] Xin, L, Ziang, L, Yingli, Z, Wenqiang, Z, Dong, L, Qingguo, Z. TCN enhanced novel malicious traffic detection for IoT devices. Connection Science. 2022;34(1);1322-1341.
How to cite this paper
Application of Graph Alignment Double Layer Attention Mechanism in Detecting Malicious Traffic in TLS/SSL Encryption
How to cite this paper: Hangjiang Guo, Jinghan Zhang. (2025) Application of Graph Alignment Double Layer Attention Mechanism in Detecting Malicious Traffic in TLS/SSL Encryption. Advances in Computer and Communication, 6(1), 14-19.
DOI: http://dx.doi.org/10.26855/acc.2025.01.003