网络与信息安全学报 ›› 2021, Vol. 7 ›› Issue (4): 101-113.doi: 10.11959/j.issn.2096-109x.2021057
张心语, 张秉晟, 孟泉润, 任奎
修回日期:
2020-09-22
出版日期:
2021-08-15
发布日期:
2021-08-01
作者简介:
张心语(1997− ),女,浙江诸暨人,浙江大学博士生,主要研究方向为人工智能安全、数据安全基金资助:
Xinyu ZHANG, Bingsheng ZHANG, Quanrun MENG, Kui REN
Revised:
2020-09-22
Online:
2021-08-15
Published:
2021-08-01
Supported by:
摘要:
现有的加密流量检测技术缺少对数据和模型的隐私性保护,不仅违反了隐私保护法律法规,而且会导致严重的敏感信息泄露。主要研究了基于梯度提升决策树(GBDT)算法的加密流量检测模型,结合差分隐私技术,设计并实现了一个隐私保护的加密流量检测系统。在CICIDS2017数据集下检测了DDoS攻击和端口扫描的恶意流量,并对系统性能进行测试。实验结果表明,当隐私预算ε取值为1时,两个数据集下流量识别准确率分别为91.7%和92.4%,并且模型的训练效率、预测效率较高,训练时间为5.16 s和5.59 s,仅是GBDT算法的2~3倍,预测时间与GBDT算法的预测时间相近,达到了系统安全性和可用性的平衡。
中图分类号:
张心语, 张秉晟, 孟泉润, 任奎. 隐私保护的加密流量检测研究[J]. 网络与信息安全学报, 2021, 7(4): 101-113.
Xinyu ZHANG, Bingsheng ZHANG, Quanrun MENG, Kui REN. Study on privacy preserving encrypted traffic detection[J]. Chinese Journal of Network and Information Security, 2021, 7(4): 101-113.
[1] | MC-GREW D , ANDERSON B . Enhanced telemetry for encrypted threat analytics[C]// 2016 IEEE 24th International Conference on Network Protocols (ICNP). 2016: 1-6. |
[2] | VOIGT P , VON DEM BUSSCHE A . Practical implementation of the requirements under the GDPR[M]// The EU General Data Protection Regulation (GDPR). Cham: Springer International Publishing, 2017: 245-249. |
[3] | BUKATY P . The CCPA[M]// The California Consumer Privacy Act (CCPA). IT Governance Publishing, 2019: 123-169. |
[4] | 王春晖 . 《网络安全法》六大法律制度解析[J]. 南京邮电大学学报:自然科学版, 2017,37(1): 1-13. |
WANG C H . Analysis of the six legal systems of Network Security Law[J]. Journal of Nanjing University of Posts and Telecommuni-cations:Natural Science Edition, 2017,37(1): 1-13. | |
[5] | 洪延青, 葛鑫 . 国家标准《信息安全技术个人信息安全规范》修订解读[J]. 保密科学技术, 2019(6): 6. |
HONG Y Q , GE X . Information Security Technology Personal In-formation Security Specification revision interpretation[J]. Security Science and Technology, 2019(6): 6. | |
[6] | 诸葛建伟, 韩心慧, 周勇林 ,等. 僵尸网络研究[J]. 软件学报, 2008,19(3): 702-715. |
ZHUGE J W , HAN X H , ZHOU Y L ,et al. Research and develop-ment of Botnets[J]. Journal of Software, 2008,19(3): 702-715. | |
[7] | CAO Z , XIONG G , ZHAO Y ,et al. A survey on encrypted trafficclassification[M]// Applications and Techniques in Information Security. Springer Berlin Heidelberg, 2014: 73-81. |
[8] | KLEINBAUM D G , DIETZ K , GAIL M ,et al. Logistic regression[M]. Springer, 2002. |
[9] | HO T K , . Random decision forests[C]// Proceedings of 3rd International Conference on Document Analysis and Recognition:Volume 1. 1995: 278-282. |
[10] | FANG Y , QIU Y , LIU L ,et al. Detecting webshell based on random forest with fasttext[C]// Proceedings of the 2018International Conference on Computing and Artificial Intelligence. 2018: 52-56. |
[11] | SI S , ZHANG H , KEERTHI S S ,et al. Gradient boosted decision trees for high dimensional sparse output[C]// Proceedings of the 34th International Conference on Machine Learning-Volume 70 (ICML’17). 2017: 3182-3190. |
[12] | 翟征德, 宗兆伟 . 针对DNS服务器的抗DDoS安全网关系统:中国,CN101572701B[P]. 2013-11-20. |
ZHAI Z D , ZONG Z W . Anti-DDoS security gateway system for DNS server[P]. 2013-11-20. | |
[13] | SHOKRI R , STRONATI M , SONG C ,et al. Membership inference attacks against machine learning models[C]// 2017 IEEE Symposium on Security and Privacy (SP). 2017: 3-18. |
[14] | SWEENEY L . K-anonymity:a model for protecting privacy[J]. International Journal of Uncertainty,Fuzziness and Knowledge-Based Systems, 2002,10(5): 557-570. |
[15] | MACHANAVAJJHALA A , KIFER D , GEHRKE J ,et al. l-diversity:privacy beyond k-anonymity[J]. ACM Transactions on Knowledge Discovery from Data (TKDD), 2007,1(1): 3. |
[16] | DWORK C , . Differential privacy:a survey of results[C]// International Conference on Theory and Applications of Models of Computation. 2008: 1-19. |
[17] | FRANK M , MIRONOV I . Differentially private recommender systems:building privacy into the net[C]// ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2009: 627-636. |
[18] | LI Q , WU Z , WEN Z ,et al. Privacy-preserving gradient boosting decision trees[C]// Proceedings of the AAAI Conference on Artificial Intelligence. 2020: 784-791. |
[19] | KE G L , MENG Q , FINLEY T ,et al. LightGBM:a highly efficient gradient boosting decision tree[C]// Advances in Neural Information Processing Systems 30 (NIPS 2017). 2017: 3149-3157. |
[20] | SHARAFALDIN I , LASHKARI A H , GHORBANI A A . Toward Generating a new intrusion detection dataset and intrusion traffic characterization[C]// 4th International Conference on Information Systems Security and Privacy (ICISSP). 2018. |
[21] | LIU Z , WU Z , LI T ,et al. GMM and CNN hybrid method for short utterance speaker recognition[J]. IEEE Transactions on Industrial Informatics, 2018,14(7): 3244-3252. |
[22] | KRIZHEVSKY A , SUTSKEVER I , HINTON G E . Imagenet classification with deep convolutional neural networks[J]. Advances in Communications of the ACM, 2012: 1097-1105. |
[23] | MEIDAN Y , BOHADANA M , SHABTAI A ,et al. ProfilIoT:a machine learning approach for IoT device identification based on network traffic analysis[C]// Proceedings of the Symposium on Applied Computing. 2017: 506-509. |
[24] | CHEN T , ZHONG S . Privacy-preserving backpropagation neural network learning[J]. IEEE Transactions on Neural Networks, 2009,20(10): 1554-1564. |
[25] | ERKIN Z , VEUGEN T ,, TOFT T , LAGENDIJK R L . Generating private recommendations efficiently using homomorphic encryption and data packing[J]. IEEE Trans Inf Forensics Security, 2012,7(3): 1053-1066. |
[26] | BOST R , POPA R ,, TU S , GOLDWASSER S . Machine learning classification over encrypted data[C]// NDSS. 2015:4325. |
[27] | GILAD-BACHRACH R , DOWLIN N , LAINE K ,et al. Cryptonets:applying neural networks to encrypted data with high throughput and accuracy[C]// International Conference on Machine Learning. 2016: 201-210. |
[28] | HESAMIFARD E , TAKABI H , GHASEMI M . CryptoDL:deep neural networks over encrypted data[J]. ArXiv preprint ArXiv:1711.05189, 2017. |
[29] | MOHASSEL P , ZHANG Y . SecureML:a system for scalable privacy-preserving machine learning[C]// 2017 IEEE Symposium on Security and Privacy (SP). 2017: 19-38. |
[30] | KONE?NY I , MCMAHAN H B , YU F X ,et al. Federated learning:Strategies for improving communication efficiency[J]. arXiv preprint arXiv:1610.05492, 2016. |
[31] | MOHASSEL P , RINDAL P . ABY3:a mixed protocol framework for machine learning[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018: 35-52. |
[32] | PATRA A , SURESH A . BLAZE:Blazing Fast Privacy-Preserving Machine Learning[J]. arXiv preprint arXiv:2005.09042, 2020. |
[33] | DWORK C , TALWAR K , THAKURTA A ,et al. Analyze gauss:optimal bounds for privacy-preserving principal component analysis[C]// Proceedings of the Forty-sixth Annual ACM Symposium on Theory of Computing. 2014: 11-20. |
[34] | HEIKKIL? M , LAGERSPETZ E , KASKI S ,et al. Differentially private Bayesian learning on distributed data[C]// Advances in Neural Information Processing Systems. 2017: 3226-3235. |
[35] | HARDT M , PRICE E . The noisy power method:a meta algorithm with applications[C]// Advances in Neural Information Processing Systems. 2014: 2861-2869. |
[36] | ABADI M , CHU A , GOODFELLOW I ,et al. Deep learning with differential privacy[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016: 308-318. |
[37] | CHAUDHURI K , MONTELEONI C . Privacy-preserving logistic regression[C]// Advances in Neural Information Processing Systems. 2009: 289-296. |
[38] | CHAUDHURI K , SAR WATE D A , SINHA K . A near-optimal algorithm for differentially-private principal components[J]. Journal of Machine Learning Research, 2013,14(1): 2905-2943. |
[39] | CHAUDHURI K , MONTELEONI C , SARWATE A D . Differentially private empirical risk minimization[J]. Journal of Machine Learning Research, 2011,12: 1069-1109. |
[40] | ZHANG J , ZHANG Z , XIAO X ,et al. Functional mechanism:regression analysis under differential privacy[J]. arXiv preprint arXiv:1208.0219, 2012. |
[1] | 陈赛特, 李卫海, 姚远志, 俞能海. 轻量级K匿名增量近邻查询位置隐私保护算法[J]. 网络与信息安全学报, 2023, 9(3): 60-72. |
[2] | 余锋, 林庆新, 林晖, 汪晓丁. 基于生成对抗网络的隐私增强联邦学习方案[J]. 网络与信息安全学报, 2023, 9(3): 113-122. |
[3] | 肖敏, 毛发英, 黄永洪, 曹云飞. 基于属性签名的车载网匿名信任管理方案[J]. 网络与信息安全学报, 2023, 9(2): 33-45. |
[4] | 许建龙, 林健, 黎宇森, 熊智. 分布式用户隐私保护可调节的云服务个性化QoS预测模型[J]. 网络与信息安全学报, 2023, 9(2): 70-80. |
[5] | 孙哲, 宁洪, 殷丽华, 方滨兴. 基于教学实训靶场的“数据隐私保护”课程建设初探[J]. 网络与信息安全学报, 2023, 9(1): 178-188. |
[6] | 白雪, 秦宝东, 郭瑞, 郑东. 基于SM2的两方协作盲签名协议[J]. 网络与信息安全学报, 2022, 8(6): 39-51. |
[7] | 肖敏, 姚涛, 刘媛妮, 黄永洪. 具有隐私保护的动态高效车载云管理方案[J]. 网络与信息安全学报, 2022, 8(6): 70-83. |
[8] | 卢晨昕, 陈兵, 丁宁, 陈立全, 吴戈. 具有紧凑标签的基于身份匿名云审计方案[J]. 网络与信息安全学报, 2022, 8(6): 156-168. |
[9] | 明盛智, 朱建明, 隋智源, 张娴. 信息增值机制下在线医疗隐私保护策略[J]. 网络与信息安全学报, 2022, 8(6): 169-177. |
[10] | 应作斌, 方一晨, 张怡文. 动态聚合权重的隐私保护联邦学习框架[J]. 网络与信息安全学报, 2022, 8(5): 56-65. |
[11] | 张娴, 朱建明, 隋智源, 明盛智. 数字货币交易匿名性与监管的博弈分析[J]. 网络与信息安全学报, 2022, 8(5): 150-157. |
[12] | 刘峰, 杨杰, 齐佳音. 区块链密码学隐私保护技术综述[J]. 网络与信息安全学报, 2022, 8(4): 29-44. |
[13] | 金琳, 田有亮. 基于区块链的多权限属性隐藏电子病历共享方案[J]. 网络与信息安全学报, 2022, 8(4): 66-76. |
[14] | 张伟成, 卫红权, 刘树新, 普黎明. 5G移动边缘计算场景下的快速切换认证方案[J]. 网络与信息安全学报, 2022, 8(3): 154-168. |
[15] | 陈前昕, 毕仁万, 林劼, 金彪, 熊金波. 支持多数不规则用户的隐私保护联邦学习框架[J]. 网络与信息安全学报, 2022, 8(1): 139-150. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|