摘要
随着加密技术的发展和私有协议的不断出现,加密流量的识别已经成为信息安全领域的重要研究方向.该文在现有加密流量识别技术研究基础上提出一种基于深度包检测技术(deep packet inspection,DPI)和负载随机性的加密流量识别方法,该方法主要分为三部分:首先用DPI技术对网络流量快速筛选识别;其次对DPI无法识别流量的有效负载计算信息熵值和蒙特卡罗仿真估计π值的误差;最后输入C4.5决策树分类器进行分类评估.所提方法不仅可克服了DPI无法完全识别协议交互阶段的加密数据和私有协议的缺陷,同时解决了用信息熵识别加密流量和非加密压缩流量误判的问题.实验表明,所提方法较现有的识别模型对加密流量的识别效果有较大提高,同时验证了所提方法的鲁棒性.
With the development of encryption technologies and the emergence of private protocols,the identification of encrypted traffic has become an important research area in the field of information security.Based on the research of existing encrypted traffic identification technologies,an encrypted traffic identification algorithm based on DPI(deep packet inspection)and load randomness is proposed in this paper.The proposed algorithm mainly contains three steps.First,the DPI is used to filter and identify network traffic rapidly.Second,for those payload which could not be recognized by the DPI,their information entropies are calculated and the error ofπ-value is computed by Monte Carlo simulation.Finally,the C4.5 decision tree classifier is input for classification evaluation.The method can not only overcome the limitation that DPI can’t fully identify the encrypted traffic and private protocol in the protocol interaction phase,but also solve the mis-distinguish of encrypted traffic and compressed file traffic as employing information entropy independently.Experimental results show that the proposed method is much more effective on encrypted traffic than the existing methods.At the same time,the method is proved to have good robustness.
作者
孙中军
翟江涛
戴跃伟
SUN Zhongjun;ZHAI Jiangtao;DAI Yuewei(School of Electronics and Information,Jiangsu University of Science and Technology,Zhenjiang 212003,Jiangsu Province,China;School of Computer and Software,Nanjing University of Information Science&Technology,Nanjing 210044,China)
出处
《应用科学学报》
CAS
CSCD
北大核心
2019年第5期711-720,共10页
Journal of Applied Sciences
基金
国家自然科学基金(No.61702235,No.61472188,No.61602247,No.U1636117)
江苏省自然科学基金(No.BK20150472,No.BK20160840)资助
关键词
加密流量
深度包检测技术
信息熵
蒙特卡罗仿真
C4.5决策树
encrypted traffic
deep packet inspection(DPI)
information entropy
Monte Carlo simulation
C4.5 decision tree
