APT traffic detection is an important task in network security domain, which is of great significance in the field of enterprise security. Most APT traffic uses encrypted communication protocol as data transmission medium, which greatly increases the difficulty of detection. This paper analyzes the existing problems of current APT encrypted traffic detection methods based on machine learning, and proposes an APT encrypted traffic detection method based on two parties and multi-session. This method only needs to extract a small amount of features, such as session sequence, session time interval, upstream and downstream data size, and convert them into images. Then convolutional neural network method can be used to realize image recognition. Thus, network traffic identification can be realized too. In the preliminary test of five experiments, this method achieves good experimental results, which verifies the effectiveness of the method.

翻译：APT流量检测是网络安全领域的重要任务，在企业安全领域具有重大意义。大多数APT流量采用加密通信协议作为数据传输媒介，这大大增加了检测难度。本文分析了当前基于机器学习的APT加密流量检测方法存在的问题，提出了一种基于双端多会话的APT加密流量检测方法。该方法只需提取少量特征，如会话序列、会话时间间隔、上下游数据量，并将其转换为图像，进而利用卷积神经网络方法实现图像识别，从而也可实现网络流量识别。在五项实验的初步测试中，该方法取得了良好的实验结果，验证了其有效性。