网络应用流类别不平衡环境下的SSL加密应用流识别关键技术

doi:10.11959/j.issn.1000-0801.2015355

电信科学 ›› 2015, Vol. 31 ›› Issue (12): 83-89.doi: 10.11959/j.issn.1000-0801.2015355

网络应用流类别不平衡环境下的SSL加密应用流识别关键技术

陈雪娇¹,王攀²,刘世栋³

¹ 南京信息职业技术学院南京210023
² 南京邮电大学南京210003
³ 国网智能电网研究院南京210003

出版日期:2015-12-20 发布日期:2017-03-27
基金资助:
2013 江苏省六大人才高峰计划项目;2013 国家发展和改革委员会信息安全专项资助项目;国家电网公司2014 年科技项目“电力信息通信网络流量预测和管道智能化关键技术研究及应用”;2015 江苏省产学研前瞻性联合研究项目

Key Technology of SSL Encrypted Application Identification Under Imbalance of Application Class

Xuejiao Chen¹,Pan Wang²,Shidong3 Liu³

¹ Nanjing College of Information Technology, Nanjing 210023, China
² Nanjing University of Posts and Telecommunications, Nanjing 210003
³ State Grid Smart Grid Research Institute, Nanjing 210003, China

Online:2015-12-20 Published:2017-03-27
Supported by:
2013 Six Talent Peaks Project in Jiangsu Province;2013 Information Security Special Funds of the National Developmen and Reform Commission;State Grid 2014 Science and Technology Project “ Research and Application of Network Traffic Prediction and Smart Pipe Key Technologies for Electric Power Information Communication Network”;2015 Industrialization， Education and Research Joint Prospective Project

摘要/Abstract

摘要：

通过深入研究网络类别不平衡的原因，选择SMOTE（synthetic minority over-sampling technique）过抽样方法对数据集进行预处理，并充分利用特征匹配高准确性的优点识别和分拣出SSL 加密流，进而利用基于互信息最大化的聚类方法和SVM分类方法进一步识别SSL加密应用，这种混合方法有效地结合了静态特征匹配和机器学习方法的优点，达到识别分类方法在准确性和识别速度的均衡。

关键词: 流量识别, ；流量分析, 行为特征, 行为建模, 行为模型

Abstract:

Through a in-depth study about the reason of network class imbalance, a method called SMOTE was chosen over the data set sampling preprocess, making full use of the advantages which is high accuracy of traffic model feature matching identification and sorting out the encrypted SSL flow, and then using the clustering method and the SVM based on mutual information classification method to further identify SSL encryption specific application, like HTTPS/POPS etc. The hybrid method effectively combines the advantages of static feature matching and machine learning methods,to achieve the balance of classification method on accuracy and speed.

Key words: traffic identification, traffic analysis, behavior characterization, behavior modeling, behavior pattern

陈雪娇,王攀,刘世栋. 网络应用流类别不平衡环境下的SSL加密应用流识别关键技术[J]. 电信科学, 2015, 31(12): 83-89.

Xuejiao Chen,Pan Wang,Shidong3 Liu. Key Technology of SSL Encrypted Application Identification Under Imbalance of Application Class[J]. Telecommunications Science, 2015, 31(12): 83-89.

图/表 4

参考文献 19

1	Bai Y B , Kobayashi H . Intrusion detection systems: technology and development. Proceedings of the 17th International Conference on Advanced Information Networking and Applications, Xi'an, China, 2003:27～29
2	Wright C , Monrose F , Masson G M . HMM profiles for network traffic classification. Proceedings of the ACM DMSEC, Washington DC, USA, 2004:9～15
3	Haffner P , Sen S , Spatscheck O , et al. ACAS: automated construction of application signatures. Proceedings of the ACM SIGCOMM, Philadelphia, USA, 2005:197～202
4	Moore A W , Zuev D . Internet traffic classification using Bayesian analysis techniques. Proceedings of the ACM SIGMETRICS, Banff, Alberta, Canada, 2005:50～60
5	Moore A , Papagiannaki K . Toward the accurate identification of network applications. Proceedings of the Passive＆Active Measurement Workshop, Boston, USA, 2005
6	Williams N , Zander S , Armitage G . A prelimenary performance comparison of five machine learning algorithms for practical IP traffic flow comparison. ACM SIGCOMM Computer Communication Review, 2006,36（5）:5～16
7	Zhang Y , Paxso V . Detecting back doors. Proceedings of the 9th USENIX Security Symposium, Denver, USA, 2000:157～170
8	Dreger H , Feldmann A , Mai M , et al. Dynamic application layer protocol analysis for network intrusion detection. Proceedings of the 15th USENIX Security Symposium, Vancouver, Canada, 2006:257～272
9	Early J , Brodley C , Rosenberg C . Behavioral authentication of server flows. Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, USA, 2003:46～55
10	Karagiannis T , Papagiannaki K , Faloutsos M . BLINC:multilevel traffic classification in the dark. Proceedings of Applications, Technologies, Architectures, and Protocols for Computer Communications, Philadelphia, USA, 2005:229～240
12	Wright C V , Monrose F , Masson G M , et al. On inferring application protocol behaviors in encrypted network traffic. Journal of Machine Learning Research, 2006（7）:2745～2769
	Bernaille L , Teixeira R . Early recognition of encrypted applications. Proceedings of Passive and Active Measurement Conference（PAM）, Louvainla-neuve, Belgium, 2007
13	Alshammari R , Nur Z H A . A flow based approach for SSH traffic Detection. Proceedings of IEEE International Conference on Systems, Man and Cybernetics, Montreal, Canada, 2007,296～301
4	赵博，郭虹，刘勤让等. 基于加权累积和检验的加密流量盲识别算法. 软件学报 2013,24（6）:1334～1345 Zhao B , Guo H , Liu Q R , et al. Protocol independent identification of encrypted traffic based on weighted cumulative sum test.. Journal of Software, 2013,24（6）:1334～1345
15	何高峰，杨明，罗军舟等. Tor 匿名通信流量在线识别方法. 软件学报 2013,24（3）:540～556 He G F , Yang M , Luo J Z , et al. Online dentification of Tor anonymous communication traffic. Journal of Software, 2013,24（3）:540～556
16	王炜，程东年，马海龙 . 基于趋势感知协议指纹的Skype 加密流量识别算法. 计算机应用研究 2014（8）:64～71 Wang W , Cheng D N , Ma H L . Skype encrypted traffic identification based on trend-aware procotol fingerprints. Application Research of Computers, 2014（8）:64～71
17	王炜，程东年 . 基于M-序列检验的加密流量识别. 计算机工程与设计 2014,35（11）:3712～3716 Wang W , Cheng D N . M-serial test based encrypted traffic identification. Computer Engineerin and Design, 2014,35（11）:3712～3716
18	张宏莉，鲁刚 . 分类不平衡协议流的机器学习算法评估与比较. 软件学报 2102,23（6）:1500～1516 Zhang H L , Lu G . Machine learning algorithms classifying the imbalanced protocol flows: evaluation and comparison. ournal of Software, 2102,23（6）:1500～1516
19	Chawla N V , Bowyer K W Hall L O , et al, SMOTE: synthetic minority over-sampling technique. Journal of Artificial Intelligence Research, 2002,16（1）:321～357

[1]	周坚,石永革,何美斌. 基于A-D模型的K-means算法在通话异常客户挖掘中的应用[J]. 电信科学, 2018, 34(4): 81-89.
[2]	罗亚玲,黎文伟,苏欣. Android恶意应用HTTP行为特征生成与提取方法[J]. 电信科学, 2016, 32(8): 136-145.
[3]	刘珍,王若愚. 基于行为特征学习的互联网流量分类方法[J]. 电信科学, 2016, 32(6): 143-152.
[4]	邢宇恒. 基于知识库的系统安全评估方法[J]. 电信科学, 2016, 32(4): 192-196.
[5]	申志伟,崔瑞媛,吕恒. 国际漫游通信产品用户识别模型及实证分析[J]. 电信科学, 2016, 32(1): 138-143.
[6]	黄凤,王瑶,黄莉,姚继明,刘世栋. 基于多层级联算法的网络业务流量识别技术[J]. 电信科学, 2015, 31(Z1): 249-253.
[7]	钱亚冠,张旻. 基于过抽样技术的P2P流量识别方法[J]. 电信科学, 2014, 30(4): 109-113.
[8]	徐雅斌,李艳平,刘曦子. 一个基于云计算的P2P流量识别系统模型的研究[J]. 电信科学, 2012, 28(10): 58-63.
[9]	朱永庆,邹洁. 移动互联网流量管理相关问题探讨[J]. 电信科学, 2009, 25(6): 13-17.
[10]	刘琼,李世银,刘孟芸,王秀娟. P2P流媒体网络电视通信机制研究[J]. 电信科学, 2009, 25(6): 61-63.

网络应用流类别不平衡环境下的SSL加密应用流识别关键技术

Key Technology of SSL Encrypted Application Identification Under Imbalance of Application Class

在线阅读

PDF下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 19

相关文章 10

Metrics

推荐阅读 0