基于卷积神经网络的加密流量分类方法

doi:10.11959/j.issn.2096-109x.2022077

Abstract

Abstract:

Aiming at the problems of low accuracy, weak generality, and easy privacy violation of traditional encrypted network traffic classification methods, an encrypted traffic classification method based on convolutional neural network was proposed, which avoided relying on original traffic data and prevented overfitting of specific byte structure of the application.According to the data packet size and arrival time information of network traffic, a method to convert the original traffic into a two-dimensional picture was designed.Each cell in the histogram represented the number of packets with corresponding size that arrive at the corresponding time interval, avoiding reliance on packet payloads and privacy violations.The LeNet-5 convolutional neural network model was optimized to improve the classification accuracy.The inception module was embedded for multi-dimensional feature extraction and feature fusion.And the 1*1 convolution was used to control the feature dimension of the output.Besides, the average pooling layer and the convolutional layer were used to replace the fully connected layer to increase the calculation speed and avoid overfitting.The sliding window method was used in the object detection task, and each network unidirectional flow was divided into equal-sized blocks, ensuring that the blocks in the training set and the blocks in the test set in a single session do not overlap and expanding the dataset samples.The classification experiment results on the ISCX dataset show that for the application traffic classification task, the average accuracy rate reaches more than 95%.The comparative experimental results show that the traditional classification method has a significant decrease in accuracy or even fails when the types of training set and test set are different.However, the accuracy rate of the proposed method still reaches 89.2%, which proves that the method is universally suitable for encrypted traffic and non-encrypted traffic.All experiments are based on imbalanced datasets, and the experimental results may be further improved if balanced processing is performed.

Key words: encrypted traffic, convolution neural network, deep learning, feature fusion, model optimization

CLC Number:

TP393

Rongna XIE, Zhuhong MA, Zongyu LI, Ye TIAN. Encrypted traffic classification method based on convolutional neural network[J]. Chinese Journal of Network and Information Security, 2022, 8(6): 84-91.

Figures/Tables 8

References 17

[1]	李艳霞, 柴毅, 胡友强 ,等. 不平衡数据分类方法综述[J]. 控制与决策, 2019,34(4): 673-688.
	LI Y X , CAI Y , HU Y Q ,et al. A summary of the classification methods of unbalanced data[J]. Control and decision-making, 2019,34(4): 673-688.
[2]	王攀, 陈雪娇 . 基于堆栈式自动编码器的加密流量识别方法[J]. 计算机工程, 2018,44(11): 140-147.
	WANG P , CHEN X J . Encrypted traffic identification method based on stack automatic encoder[J]. Computer Engineering, 2018,44(11): 140-147.
[3]	FINSTERBUSCH M , RICHTER C , ROCHA E ,et al. A survey of payload-based traffic classification approaches[J]. IEEE Communications Surveys ＆ Tutorials, 2014,16(2): 1135-1156.
[4]	DAINOTTI A , PESCAPE A , CLAFFY K C . Issues and future directions in traffic classification[J]. Network IEEE, 2012,26(1): 35-40.
[5]	骆子铭, 许书彬, 刘晓东 . 基于机器学习的TLS恶意加密流量检测方案[J]. 网络与信息安全学报, 2020,6(1): 77-83.
	LUO Z M , XU S B , LIU X D . TLS malicious encryption traffic detection scheme based on machinelearning[J]. Journal of Network and Information Security, 2020,6(1): 77-83.
[6]	REZAEI S , LIU X . Deep learning for encrypted traffic classification:an overview[J]. IEEE Communications Magazine, 2019,57(5): 76-81.
[7]	WEI W , MING Z , WANG J ,et al. End-to-end encrypted traffic classification with one-dimensional convolution neural networks[C]// 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). 2017: 43-48.
[8]	XIAO X , XIAO W , LI R ,et al. EBSNN:extended byte segment neural network for network traffic classification[J]. IEEE Transactions on Dependable and Secure Computing, 2021,10(1).
[9]	朱文斌, 马秀丽 . 多种构图方式下的加密流量分类[J]. 电子测量技术, 2021,44(12): 87-92.
	ZHU W B , MA X l . Classification of encrypted traffic under multiple composition methods[J]. Electronic Measurement Technology, 2021,44(12): 87-92.
[10]	REZAEI S , LIU X . How to achieve high classification accuracy with just a few labels:a semi-supervised approach using sampled packets[J]. arXiv preprint arXiv:1812.09761, 2018.
[11]	LOTFOLLAHI M , JAFARI SIAVOSHANI M , SHIRALI HOSSEIN ZADE R ,et al. Deep packet:a novel approach for encrypted traffic classification using deep learning[J]. Soft Computing, 2020,24(3): 1999-2012.
[12]	CHEN Z , HE K , LI J ,et al. Seq2img:a sequence-to-image based approach towards ip traffic classification using convolutional neural networks[C]// 2017 IEEE International Conference on Big Data. 2017: 1271-1276.
[13]	ERTAM F , AVCI E . A new approach for internet traffic classification:GA-WK-ELM[J]. Measurement, 2017,95: 135-142.
[14]	LOPEZ-MARTIN M , CARRO B , SANCHEZ-ESGUEVILLAS A , ,et al. Network traffic classifier with convolutional and recurrent neural networks for internet of things[J]. IEEE Access, 2017,(99): 1-1.
[15]	WANG W , ZHU M , ZENG X ,et al. Malware traffic classification using convolutional neural network for representation learning[C]// 2017 International conference on information networking (ICOIN). 2017: 712-717.
[16]	DRAPER-GIL G , LASHKARI A H , MAMUN M S I ,et al. Characterization of encrypted and VPN traffic using time-related[C]// Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP). 2016: 407-414.
[17]	SZEGEDY C , TOSHEV A , ERHAN D . Deep neural networks for object detection[J]. Advances in Neural Information Processing Systems, 2013:26.

Metrics

Recommended 0

No Suggested Reading articles found!

服务类别	样本数量	服务类别	样本数量
File	2 192	VPN_File	2 093
Browsing	6 182	VPN_Browsing	4 895
Voip	6 317	VPN_Voip	5 876
Streaming	1 593	VPN_Steaming	612
Chat	1 241	VPN_Chat	964

类别	添加Inception模块CNN准确率	普通CNN准确率
File	93.4%	91.6%
Browsing	95.2%	93.7%
VoIP	99.8%	98.2%
Streaming	99.6%	95.4%
Chat	97.2%	92.4%

类别		准确率
类别		非VPN	VPN
File	NonVPN	98.5	93.2
	VPN	91.1	99.4
Browsing	NonVPN	97.8	97.3
	VPN	89.9	98.4
VoIP	NonVPN	99.4	99.6
	VPN	96.1	98.7
Streaming	NonVPN	99.1	98.6
	VPN	91.3	99.3
Chat	NonVPN	96.2	79.4
	VPN	81.7	99.2

模型类别	训练集与测试集类型相同时是否可以识别流量	训练集与测试集类型不同时是否可以识别流量	训练集与测试集类型相同时的识别准确率	训练集与测试集类型不同时的识别准确率
本文模型	是	是	97.6%	89.2%
端到端分类模型	是	否	96.8%	53.1%
基于多种构图的分类模型	是	否	95.4%	55.8%

Encrypted traffic classification method based on convolutional neural network

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 17

Related Articles 15

Metrics

Recommended 0

[1]	Xiaomeng LI, Daidou GUO, Xunfang ZHUO, Heng YAO, Chuan QIN. Carrier-independent screen-shooting resistant watermarking based on information overlay superimposition [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 135-149.
[2]	Guozhen SHI, Kunyang LI, Yao LIU, Yongjian YANG. Encrypted traffic identification method based on deep residual capsule network with attention mechanism [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 32-41.
[3]	Dengyong ZHANG, Huang WEN, Feng LI, Peng CAO, Lingyun XIANG, Gaobo YANG, Xiangling DING. Image inpainting forensics method based on dual branch network [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 110-122.
[4]	Jiaying LIN, Wenbo ZHOU, Weiming ZHANG, Nenghai YU. Lip forgery detection via spatial-frequency domain combination [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 146-155.
[5]	Jinyin CHEN, Changan WU, Haibin ZHENG. Novel defense based on softmax activation transformation [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 48-63.
[6]	Baolin QIU, Ping YI. Adversarial examples defense method based on multi-dimensional feature maps knowledge distillation [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 88-99.
[7]	Lijuan LI, Man LI, Hongjun BI, Huachun ZHOU. Multi-type low-rate DDoS attack detection method based on hybrid deep learning [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 73-85.
[8]	Zhongyuan QIN, Zhaoxiang HE, Tao LI, Liquan CHEN. Adversarial example defense algorithm for MNIST based on image reconstruction [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 86-94.
[9]	Yuan LI, Yunpeng WANG, Tao LI, Baoqiang MA. Webshell malicious traffic detection method based on multi-feature fusion [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 143-154.
[10]	Tong QIAO, Hongwei YAO, Binmin PAN, Ming XU, Yanli CHEN. Research progress of digital image forensic techniques based on deep learning [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 13-28.
[11]	Deqing ZOU, Xiang LI, Minhuan HUANG, Xiang SONG, Hao LI, Weiming LI. Intelligent vulnerability detection system based on graph structured source code slice [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 113-122.
[12]	Zhenglong WANG, Baowen ZHANG. Survey of generative adversarial network [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 68-85.
[13]	Xinyu ZHANG, Bingsheng ZHANG, Quanrun MENG, Kui REN. Study on privacy preserving encrypted traffic detection [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 101-113.
[14]	Ding LI, Yuefei ZHU, Bin LU, Wei LIN. Survey of side channel attack on encrypted network traffic [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 114-130.
[15]	Binglong LI, Jinlong TONG, Yu ZHANG, Yifeng SUN, Qingxian WANG, Chaowen CHANG. Auto forensic detecting algorithms of malicious code fragment based on TensorFlow [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 154-163.