Encrypted Proxy Traffic Identification Method Based on Convolutional Neural Network#br#

Abstract

Abstract: A method for identifying encrypted proxy traffic based on convolutional neural network is proposed. First, the stream reassembly operation is performed on the selfdeployed and selfcaptured raw encrypted traffic, and then the first L×L bytes of the first N data packets of the restored data stream are extracted to form a grayscale image as the stream feature image of the data stream whose (Height, Width, Channel) is (N×L, L, 1). After that, all the samples are divided into training set, verification set, and test set, which are utilized by the designed convolutional neural network model for training, verification and testing respectively. Finally, by selecting different combinations of the first N data packets and the packet length strategy L to conduct experiments, it is finally measured that when N=4, L=40×40, the highest identification accuracy of the model can reach 99.38%, which has certain advantages in terms of accuracy compared with other related similar methods.

Key words: encrypted proxy, stream reassembly, stream feature image, deep learning, convolutional neural network

摘要： 提出了一种基于卷积神经网络的加密代理流量识别方法.首先对使用自主部署、自主采集方法捕获的原始加密流量进行流还原操作，然后提取还原后数据流的前N个数据包的前L×L个字节，组成1张(Height，Width，Channel)为(N×L，L，1)像素的灰度图片，作为该数据流的流特征图(stream feature image).此后将全部的样本分成训练集、验证集、测试集，分别输入设计的卷积神经网络模型进行训练、验证和测试.最后，通过选取不同的前N个数据包和包长策略L组合进行实验，测得在N=4，L=40×40时，该模型的最高识别准确率能够达到99.38%，与其他相关同类方法相比，在准确率方面有一定的优势.

关键词: 加密代理, 流还原, 流特征图, 深度学习, 卷积神经网络

李敬. 基于卷积神经网络的加密代理流量识别方法[J]. 信息安全研究, 2023, 9(8): 722-.

References

［1］吕英豪, 陈嘉耕. 一种新的轻量级安全代理协议［J］. 信息安全学报, 2021, 6(3): 106124［2］张正旭, 许源. 网络监管下的上网代理类插件分析与研究［J］. 网络空间安全, 2020, 11(6): 4349［3］潘吴斌, 程光, 郭晓军, 等. 网络加密流量识别研究综述及展望［J］. 通信学报, 2016, 37(9): 154167［4］何杭松. 基于Xgboost算法的Shadowsocks流量识别研究［J］. 软件导刊, 2018, 17(12): 200203［5］鲁刚, 张宏莉, 叶麟. P2P流量识别［J］. 软件学报, 2011, 22(6): 12811298［6］翟明芳, 张兴明, 赵博. 基于深度学习的加密恶意流量检测研究［J］. 网络与信息安全学报, 2020, 6(3): 6677［7］赵双, 陈曙晖. 基于机器学习的流量识别技术综述与展望［J］. 计算机工程与科学, 2018, 40(10): 17461756［8］李勤, 师维, 孙界平, 等. 基于卷积神经网络的网络流量识别技术研究［J］. 四川大学学报: 自然科学版, 2017, 54(5): 959964［9］王勇, 周慧怡, 俸皓, 等. 基于深度卷积神经网络的网络流量分类方法［J］. 通信学报, 2018, 39(1): 1423［10］王伟. 基于深度学习的网络流量分类及异常检测方法研究［D］. 合肥: 中国科学技术大学, 2018［11］陈雪娇, 王攀, 俞家辉. 基于卷积神经网络的加密流量识别方法［J］. 南京邮电大学学报: 自然科学版, 2018, 38(6): 3641［12］Lim H K, Kim J B, Heo J S, et al. Packetbased network traffic classification using deep learning［C］ Proc of 2019 Int Conf on Artificial Intelligence in Information and Communication (ICAIIC). Piscataway, NJ: IEEE, 2019: 4651［13］Ran J, Chen Y, Li S . Threedimensional convolutional neural network based traffic classification for wireless communications［C］ Proc of 2018 IEEE Global Conf on Signal and Information Processing (GlobalSIP). Piscataway, NJ: IEEE, 2018: 712717［14］Wei W, Ming Z, Zeng X, et al. Malware traffic classification using convolutional neural network for representation learning［C］ Proc of 2017 Int Conf on Information Networking (ICOIN). Piscataway, NJ: IEEE, 2017: 257265［15］Libnids(Library network intusion detection system)［EBOL］. ［20220913］. http:libnids.sourceforge.net［16］PyTorch［EBOL］. ［20220913］. https:pytorch.org［17］于海东, 邢明. 基于机器学习多模型的SSL加密威胁检测技术研究和应用［J］. 信息安全研究, 2021, 7(增刊1): 151157［18］蹇诗婕, 卢志刚, 姜波, 等. 基于层次聚类方法的流量异常检测［J］. 信息安全研究, 2020, 6(6): 474481［19］邹源, 张甲, 江滨. 基于LSTM循环神经网络的恶意加密流量检测［J］. 计算机应用与软件, 2020, 37(2): 308312

[1]	. Comparison Research on Intrusion Detection Model Based on Machine Learning [J]. Journal of Information Security Reserach, 2023, 9(8): 739-.
[2]	. Research on Vulnerability Text Feature Classification Technology Based on BERT [J]. Journal of Information Security Reserach, 2023, 9(7): 687-.
[3]	. Image Steganalysis Method Based on Multiattention Mechanism and Siamese Network [J]. Journal of Information Security Reserach, 2023, 9(6): 573-.
[4]	. Neural Network Backdoor Detection Method Based on Multilevel Measurement Difference [J]. Journal of Information Security Reserach, 2023, 9(6): 587-.
[5]	. Research on Adversarial Examples Generation Technology Based on Text Keywords [J]. Journal of Information Security Reserach, 2023, 9(4): 338-.
[6]	. [J]. Journal of Information Security Reserach, 2022, 8(8): 760-.
[7]	. [J]. Journal of Information Security Reserach, 2022, 8(8): 793-.
[8]	. [J]. Journal of Information Security Reserach, 2022, 8(8): 812-.
[9]	. DGCNN-based Exploit Kit Attack Activities Detection Method [J]. Journal of Information Security Reserach, 2022, 8(7): 685-.
[10]	. Research and Prospect of Adversarial Attack in the Field of Natural Laguage Processing [J]. Journal of Information Security Reserach, 2022, 8(3): 202-.
[11]	. Physical Adversarial Attacks Against Deep Reinforcement Learning Based Navigation [J]. Journal of Information Security Reserach, 2022, 8(3): 212-.
[12]	. Technology and Research Progress of Generative Adversarial Networks [J]. Journal of Information Security Reserach, 2022, 8(3): 235-.
[13]	. The Review of Generation and Detection Technology for Deepfakes [J]. Journal of Information Security Reserach, 2022, 8(3): 258-.
[14]	. A Traceable Deep Learning Classifier Based on Differential Privacy [J]. Journal of Information Security Reserach, 2022, 8(3): 277-.
[15]	. Security situation assessment and prediction method for industrial control system [J]. Journal of Information Security Reserach, 2022, 8(2): 145-.

Encrypted Proxy Traffic Identification Method Based on Convolutional Neural Network#br#

基于卷积神经网络的加密代理流量识别方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics