基于机器学习和深度学习的网络流量分类研究

doi:10.11959/j.issn.1000-0801.2021052

电信科学 ›› 2021, Vol. 37 ›› Issue (3): 105-113.doi: 10.11959/j.issn.1000-0801.2021052

基于机器学习和深度学习的网络流量分类研究

顾玥¹, 李丹¹^,², 高凯辉²

¹ 清华大学，北京 100084
² 清华大学深圳国际研究生院，广东深圳 518055

修回日期:2021-03-01 出版日期:2021-03-20 发布日期:2021-03-01
作者简介:顾玥（1997- ），女，清华大学博士生，主要研究方向为智能网络。
李丹（1981- ），男，清华大学计算机系教授、博士生导师，主要研究方向为数据中心网络、网络智能和可信任互联网。
高凯辉（1996- ），男，清华大学深圳国际研究生院博士生，主要研究方向为性能可预测的数据中心网络和网络智能。
基金资助:
国家重点研发计划项目(2018YFB1800500);广东省重点领域研发计划项目(2018B010113001);国家自然科学基金项目(61772305);国家自然科学基金项目(61672499)

Research on network traffic classification based on machine learning and deep learning

Yue GU¹, Dan LI¹^,², Kaihui GAO²

¹ Tsinghua University, Beijing 100084, China
² Tsinghua Shenzhen International Graduate School, Shenzhen 518055, China

Revised:2021-03-01 Online:2021-03-20 Published:2021-03-01
Supported by:
The National Key Research and Development Program of China(2018YFB1800500);Guangdong Provincial Key Research and Development Program(2018B010113001);The National Natural Science Foundation of China(61772305);The National Natural Science Foundation of China(61672499)

摘要/Abstract

摘要：

随着互联网技术的不断发展以及网络规模的不断扩大，应用的类别纷繁复杂，新型应用层出不穷。为了保障用户服务质量（QoS）并确保网络安全，准确快速的流量分类是运营商及网络管理者亟须解决的问题。首先给出网络流量分类的问题定义和性能指标；然后分别介绍基于机器学习和基于深度学习的流量分类方法，分析了这些方法的优缺点，并对现存问题进行阐述；接着围绕流量分类线上部署时会遇到的 3 个问题：数据集问题、新应用识别问题、部署开销问题对相关工作进行阐述与分析，并进一步探讨目前网络流量分类研究面临的挑战；最后对网络流量分类下一步的研究方向进行展望。

关键词: QoS, 网络安全, 流量分类, 数据采集, 新应用识别

Abstract:

With the continuous development of Internet technology and the continuous expansion of network scale, there are many different types of applications , and various new applications have endlessly emerged.In order to ensure the quality of service (QoS) and ensure network security, accurate and fast traffic classification is an urgent problem for both operators and network managers.Firstly, the problem definition and performance metrics of network traffic classification were given.Then, the traffic classification methods based on machine learning and deep learning were introduced respectively, the advantages and disadvantages of these methods were analyzed, and the existing problems were expounded.Next, the related work by focusing on the three problems encountered elaborated and analyzed in traffic classification when considering online deployment: dataset, zero-day application identification and the cost of online deployment, and further discusses the challenges faced by the current network traffic classification researches.Finally, the next research direction of network traffic classification was prospected.

Key words: QoS, network security, traffic classification, data collection, zero-day application identification

中图分类号:

TP393

顾玥, 李丹, 高凯辉. 基于机器学习和深度学习的网络流量分类研究[J]. 电信科学, 2021, 37(3): 105-113.

Yue GU, Dan LI, Kaihui GAO. Research on network traffic classification based on machine learning and deep learning[J]. Telecommunications Science, 2021, 37(3): 105-113.

图/表 5

图1

图2

表1

图3

表2

参考文献 27

[1]	LOTFOLLAHI M , SIAVOSHANI M J , ZADE R S H ,et al. Deep packet:a novel approach for encrypted traffic classification using deep learning[J]. Soft Computing, 2020,24(3): 1999-2012.
[2]	WANG W , ZHU M , ZENG X W ,et al. Malware traffic classification using convolutional neural network for representation learning[C]// Proceedings of 2017 International Conference on Information Networking (ICOIN). Piscataway:IEEE Press, 2017: 712-717.
[3]	WANG W , ZHU M , WANG J L ,et al. End-to-end encrypted traffic classification with one-dimensional convolution neural networks[C]// Proceedings of 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). Piscataway:IEEE Press, 2017: 43-48.
[4]	ZHENG W , GOU C , YAN L ,et al. Learning to classify:aflow-based relation network for encrypted traffic classification[C]// Proceedings of the Web Conference 2020.[S.l.:s.n.], 2020: 13-22.
[5]	WANG S H , SUN C , MENG Z L ,et al. Martini:bridging the gap between network measurement and control using switching ASICs[C]// Proceedings of 2020 IEEE 28th International Conference on Network Protocols (ICNP). Piscataway:IEEE Press, 2020: 1-12.
[6]	ZHANG J , CHEN X , XIANG Y ,et al. Robust network traffic classification[J]. IEEE/ACM Transactions on Networking, 2015,23(4): 1257-1270.
[7]	AULD T , MOORE A W , GULL S F . Bayesian neural networks for internet traffic classification[J]. IEEE Transactions on Neural Networks, 2007,18(1): 223-239.
[8]	MOORE A W , ZUEV D . Internet traffic classification using bayesian analysis techniques[C]// Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems. Piscataway:IEEE Press, 2005: 50-60.
[9]	DRAPER-GIL G , LASHKARI A H , MAMUN M S I ,et al. Characterization of encrypted and vpn traffic using time-related features[C]// Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP). Piscataway:IEEE Press, 2016: 407-414.
[10]	YAMANSAVASCILAR B , GUVENSAN M A , YAVUZ A G ,et al. Application identification via network traffic classification[C]// Proceedings of 2017 International Conference on Computing,Networking and Communications (ICNC). Piscataway:IEEE Press, 2017: 843-848.
[11]	MOORE A , ZUEV D , CROGAN M . Discriminators for use in flow-based classification[R]. 2013.
[12]	TAYLOR V F , SPOLAOR R , CONTI M ,et al. Appscanner:automatic fingerprinting of smartphone apps from encrypted network traffic[C]// Proceedings of 2016 IEEE European Symposium on Security and Privacy (EuroS＆P). Piscataway:IEEE Press, 2016: 439-454.
[13]	SHEN M , ZHANG J , ZHU L ,et al. Encrypted traffic classification of decentralized applications on ethereum using feature fusion[C]// Proceedings of 2019 IEEE/ACM 27th International Symposium on Quality of Service (IWQoS). Piscataway:IEEE Press, 2019: 1-10.
[14]	LI R , XIAO X , NI S ,et al. Byte segment neural network for network traffic classification[C]// Proceedings of 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS). Piscataway:IEEE Press, 2018: 1-10.
[15]	XIE G R , LI Q , JIANG Y ,et al. SAM:self-attention based deep learning method for online traffic classification[C]// Proceedings of the Workshop on Network Meets AI ＆ ML. Piscataway:IEEE Press, 2020: 14-20.
[16]	LIU C , HE L T , XION G ,et al. Fs-net:a flow sequence network for encrypted traffic classification[C]// Proceedings of IEEE INFOCOM 2019-IEEE Conference on Computer Communications. Piscataway:IEEE Press, 2019: 1171-1179.
[17]	LOPEZ-MARTIN M , CARRO B , SANCHEZ-ESGUEVILLAS A ,et al. Network traffic classifier with convolutional and recurrent neural networks for Internet of Things[J]. IEEE Access, 2017(5): 18042-18050.
[18]	SHAPIRA T , SHAVITT Y . Flowpic:encrypted internet traffic classification is as easy as image recognition[C]// Proceedings of IEEE INFOCOM 2019-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). Piscataway:IEEE Press, 2019: 680-687.
[19]	LIU Z X , BEN-BASAT R , EINZIGER G ,et al. Nitrosketch:robust and general sketch-based monitoring in software switches[C]// Proceedings of the ACM Special Interest Group on Data Communication. Piscataway:IEEE Press, 2019: 334-350.
[20]	RASHELBACH A , ROTTENSTREICH O , SILBERSTEIN M . A computational approach to packet classification[C]// Proceedings of the Annual Conference of the ACM Special Interest Group on Data Communication on the Applications,Technologies,Architectures,and Protocols for Computer Communication.[S.l.:s.n.], 2020: 542-556.
[21]	VU L , BUIC T , NGUYEN QUANG U . A deep learning based method for handling imbalanced problem in network traffic classification[C]// Proceedings of the Eighth International Symposium on Information and Communication Technology. Piscataway:IEEE Press, 2017: 333-339.
[22]	KINGMA D P , DHARIWAL P . Glow:generative flow with invertible 1×1 convolutions[J]. rXiv:1807.03039, 2018
[23]	GARCIA J , KORHONEN T . Efficient distribution-derived features for high-speed encrypted flow classification[C]// Proceedings of the 2018 Workshop on Network Meets AI ＆ ML.[S.l.:s.n.], 2018: 21-27.
[24]	GARCIA J , KORHONEN T . On runtime and classification performance of the discretize-optimize (DISCO) classification approach[J]. ACM SIGMETRICS Performance Evaluation Review, 2018,46(3): 167-170.
[25]	GARCIA J , KORHONEN T , ANDERSSON R ,et al. Towards video flow classification at a million encrypted flows per second[C]// Proceedings of 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA). Piscataway:IEEE Press, 2018: 358-365.
[26]	ZHANG J L , LI F H , YE F ,et al. Autonomous unknown-application filtering and labeling for DL-based traffic classifier update[C]// Proceedings of IEEE INFOCOM 2020-IEEE Conference on Computer Communications. Piscataway:IEEE Press, 2020: 397-405.
[27]	EDE T V , BORTOLAMEOTTI R , CONTINELLA A ,et al. Flowprint:semi-supervised mobile-app fingerprinting on encrypted network traffic[C]// Proceedings of Network and Distributed System Security Symposium.[S.l.:s.n.], 2020.

	是否需要人为特征提取	是否适用于加密流量	是否能够满足实时性	准确性
基于机器学习方法	是	是	否	较高
基于数据包原始字节特征的深度学习方法	否	若仅基于包负载字节内容分类则不适用；若仅基于包头字节内容则适用	是	较高
基于流内数据包序列特征的深度学习方法	否	是	否	极高

对比项	准确率	精度	召回率	F1分数
ACGAN	0.926 3	0.951 6	0.916 7	0.933 8
RBRN	0.956 3	0.956 9	0.959 0	0.957 9

基于机器学习和深度学习的网络流量分类研究

Research on network traffic classification based on machine learning and deep learning

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 27

相关文章 15

Metrics

推荐阅读 0

[1]	周胜利, 蒋可怡, 徐博, 徐睿, 张熙康, 赵泉喆, 徐阳东. 面向电信网络诈骗治理的网络安全课程构建效能评估研究[J]. 电信科学, 2023, 39(6): 122-128.
[2]	张乐, 马洪源. 运营商网络边缘云安全实践[J]. 电信科学, 2023, 39(4): 165-172.
[3]	陈伟雄, 杨晓晨, 春增军, 李若兰, 张华. 电力企业网络安全威胁情报管理体系的研究与实践[J]. 电信科学, 2022, 38(7): 184-189.
[4]	刘亚天, 呼博文, 陈茂飞, 刘东鑫. 5GC安全态势感知系统研究[J]. 电信科学, 2022, 38(11): 73-85.
[5]	张艳. 基于5G切片专线的组网技术和实现方法[J]. 电信科学, 2021, 37(10): 143-151.
[6]	高明,罗锦,周慧颖,焦海,应丽莉. 一种基于拟态防御的差异化反馈调度判决算法[J]. 电信科学, 2020, 36(5): 73-82.
[7]	李玉峰,陆肖元,曹晨红,李江涛,朱泓艺,孟楠. 智能网联汽车网络安全浅析[J]. 电信科学, 2020, 36(4): 36-45.
[8]	肖芫莹,游耀东,向黎希. 代码审计系统的误报率成因和优化[J]. 电信科学, 2020, 36(12): 155-162.
[9]	杨志强,粟栗,齐旻鹏,杨波. 5G安全技术与标准[J]. 电信科学, 2020, 36(12): 1-19.
[10]	何国锋. 零信任架构在5G云网中应用防护的研究[J]. 电信科学, 2020, 36(12): 123-132.
[11]	谢萍,刘孝颂. 基于区块链的SDN物联网部署安全[J]. 电信科学, 2020, 36(12): 139-146.
[12]	余航,王帅,金华敏. 基于RASP的Web安全检测方法[J]. 电信科学, 2020, 36(11): 113-120.
[13]	王俊文. 未来工业互联网发展的技术需求[J]. 电信科学, 2019, 35(8): 26-38.
[14]	邵帅,尚志军,王忠锋,辛国良,李悦悦,孔祥余,彭绪静. 基于QoS的电力光纤到户网络规划方法[J]. 电信科学, 2019, 35(6): 78-88.
[15]	李聪, 雷波, 解冲锋, 李云鹤. 基于区块链技术的可信网络[J]. 电信科学, 2019, 35(10): 60-68.