|
|
基于多阶段神经网络的加密流量分类
|
Abstract:
随着加密技术的普及,准确分类加密流量对于识别匿名网络应用程序和防止网络犯罪至关重要。现有方法局限于专家经验或局部数据包信息,无法理解数据包之间的依赖关系。为解决这个问题,提出了多阶段神经网络流量分类器(MSNTC),使用卷积神经网络(CNN)将会话图像拆分为数据包序列,长短时记忆网络(LSTM)获取流量上下文嵌入,自我注意力机制获得多通道特征图,再利用多尺度卷积神经网络聚合全局信息。在ISCX-VPN和ISCX-Tor数据集上对MSNTC模型进行评估,并与其他方法对比。实验结果表明,MSNTC模型在网络流量分类任务中展现出更好性能,验证了其优越性和通用性。
With the proliferation of encryption technology, the accurate classification of encrypted traffic is of vital importance for the identification of anonymous network applications and the prevention of cybercrime. Existing methods are limited to expert experience or partial packet information, thereby failing to comprehend the interdependencies between packets. To address this issue, a novel multi-stage neural network traffic classifier (MSNTC) is proposed, wherein convolutional neural networks (CNN) are employed to decompose session images into packet sequences, long short-term memory networks (LSTM) capture traffic context embeddings, self-attention mechanisms obtain multi-channel feature maps, and multi-scale convolutional neural networks are utilized to aggregate global information. The MSNTC model is evaluated on the ISCX-VPN and ISCX-Tor datasets and compared with other deep learning methods. Experimental results demonstrate the superior performance of the MSNTC model in network traffic classification tasks, thereby corroborating its superiority and universality.
| [1] | Xiang, J., Fulton, N. and Chong, S. (2021) Relational Analysis of Sensor Attacks on Cyber-Physical Systems. 2021 IEEE 34th Computer Security Foundations Symposium (CSF), Dubrovnik, 21-25 June 2021, 1-16. https://doi.org/10.1109/CSF51468.2021.00035 |
| [2] | Rezaei, S. and Liu, X. (2019) Deep Learning for Encrypted Traffic Classification: An Overview. IEEE Communications Magazine, 57, 76-81. https://doi.org/10.1109/MCOM.2019.1800819 |
| [3] | Chen, L., Gao, S., Liu, B., Lu, Z. and Jiang, Z. (2020) THS-IDPC: A Three-Stage Hierarchical Sampling Method Based on Improved Density Peaks Clustering Algorithm for Encrypted Malicious Traffic Detection. The Journal of Supercomputing, 76, 7489-7518. https://doi.org/10.1007/s11227-020-03372-1 |
| [4] | Anderson, B. and McGrew, D. (2016) Identifying Encrypted Malware Traffic with Contextual Flow Data. Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, Vienna, 28 October 2016, 35-46. https://doi.org/10.1145/2996758.2996768 |
| [5] | Erman, J., Mahanti, A., Arlitt, M.F., et al. (2007) Identifying and Discriminating between Web and Peer-to-Peer Traffic in the Network Core. Proceedings of the 16th international conference on World Wide Web, Banff, 8-12 May 2007, 883-892. https://doi.org/10.1145/1242572.1242692 |
| [6] | 陈子涵, 程光, 徐子恒, 等. 互联网加密流量检测、分类与识别研究综述[J]. 计算机学报, 2023, 46(5): 1060-1085. |
| [7] | Fan, Z. and Liu, R. (2017) Investigation of Machine Learning Based Network Traffic Classification. 2017 International Symposium on Wireless Communication Systems (ISWCS), Bologna, 28-31 August 2017, 1-6. https://doi.org/10.1109/ISWCS.2017.8108090 |
| [8] | Taylor, V.F., Spolaor, R., Conti, M. and Martinovic, I. (2018) Robust Smartphone App Identification via Encrypted Network Traffic Analysis. IEEE Transactions on Information Forensics and Security, 13, 63-78. https://doi.org/10.1109/TIFS.2017.2737970 |
| [9] | Al-Naami, K., Chandra, S., Mustafa, A., et al. (2016) Adaptive Encrypted Traffic Fingerprinting with Bi-Directional Dependence. Proceedings of the 32nd Annual Conference on Computer Security Applications, Los Angeles, 5-8 December 2016, 177-188. https://doi.org/10.1145/2991079.2991123 |
| [10] | 冷涛. 基于深度学习的加密流量分类研究综述[J]. 计算机与现代化, 2021(8): 112-120. |
| [11] | Wei, W., Ming, Z., Zeng, X., et al. (2017) Malware Traffic Classification Using Convolutional Neural Network for Representation Learning. 2017 International Conference on Information Networking (ICOIN), Da Nang, 11-13 January 2017, 712-717. |
| [12] | Wang, W., Zhu, M., Wang, J., Zeng, X., et al. (2017) End-to-End Encrypted Traffic Classification with One-Dimensional Convolution Neural Networks. 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), Beijing, 22-24 July 2017, 43-48. |
| [13] | Kumano, Y., Ata, S., Nakamura, N., et al. (2014) Towards Real-Time Processing for Application Identification of Encrypted Traffic. 2014 International Conference on Computing, Networking and Communications (ICNC), Honolulu, 3-6 February 2014, 136-140. https://doi.org/10.1109/ICCNC.2014.6785319 |
| [14] | Lotfollahi, M., Siavoshani, J.M., Zade, R.S.H., et al. (2020) Deep Packet: A Novel Approach for Encrypted Traffic Classification Using Deep Learning. Soft Computing, 24, 1999-2012. https://doi.org/10.1007/s00500-019-04030-2 |
| [15] | Lin, K., Xu, X. and Gao, H. (2021) TSCRNN: A Novel Classification Scheme of Encrypted Traffic Based on Flow Spatiotemporal Features for Efficient Management of IIoT. Computer Networks, 190, Article 107974. https://doi.org/10.1016/j.comnet.2021.107974 |
| [16] | Vaswani, A., Shazeer, N., Parmar, N., et al. (2017) Attention Is All You Need. Proceedings of the 31st International Conference on Neural Information Processing Systems, Long Beach, 4-9 December 2017, 6000-6010. |
| [17] | Lashkari, A.H., Draper-Gil, G., Mamun, M.S.I., et al. (2016) Characterization of Encrypted and VPN Traffic Using Time-Related Features. Proceedings of the 2nd International Conference on Information Systems Security and Privacy ICISSP, Rome, 19-21 February 2016, 407-414. https://doi.org/10.5220/0005740704070414 |
| [18] | Lashkari, A.H., Gil, G.D., Mamun, M.S.I., et al. (2017) Characterization of Tor Traffic Using Time Based Features. Proceedings of the 3rd International Conference on Information System Security and Privacy, Porto, 19-21 February 2017, 253-262. |
| [19] | Menzies, S., Greenwald, J. and Frank, A. (2007) An Analysis of Evaluation Metrics for Machine Learning Based Software Fault Prediction Models. Journal of Systems and Software, 80, 1910-1923. |
| [20] | Van Ede, T., Bortolameotti, R., Continella, A., et al. (2020) FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. Proceedings of the 27th Annual Network and Distributed System Security Symposium, San Diego, 23-26 February 2020, 1-18. https://doi.org/10.14722/ndss.2020.24412 |
