摘要
随着流量加密技术的不断发展,加密流量已逐渐取代非加密流量成为当前网络环境的主流,其在保护用户隐私的同时,也常被各种恶意软件用来规避传统的基于端口或载荷关键字的入侵检测系统的防御,给网络安全带来了严重威胁。针对常规识别方法的局限性,研究人员尝试利用人工智能的方法来识别加密流量的应用类型,但现有研究对加密流量的特征信息的利用不够充分,导致相关方法在实际复杂的网络环境中表现不佳。为此,提出了一种基于Attention-CNN的加密流量识别方法,在加密流量数据初步特征提取的基础上,使用BiLSTM+Attention和1D-CNN模型对加密流量的时序和空间特征进行特征压缩和进一步提取,并利用基于全连接神经网络得到的混合特征进行最终的识别。文中采用通用的ISCXVPN2016开源数据集进行实验验证,结果表明所提方法的整体识别准确率达到了0.987,且相比现有研究,对不同类别流量识别结果的F1评价指标有显著提升。
With the development of traffic encryption technology,encrypted traffic has gradually replaced non-encrypted traffic and become the most important part of the current network environment.While protecting users’privacy,encrypted traffic is also used by malicious software to avoid the defense of traditional intrusion detection system based on the port or payload keywords of traffic,which brings serious threat to network security.In view of the limitations of conventional classification methods,resear-chers try to use artificial intelligence method to classify the application type of encrypted traffic,but the existing researches usually do not make full use of the characteristics of encrypted traffic,resulting in poor performance in the actual complex network environment.To solve the problems mentioned above,this paper proposes an encrypted traffic classification method based on Attention-CNN model.After the preliminary feature extraction of encrypted traffic,we use both BiLSTM+Attention and 1D-CNN model to compress and further extract the temporal and spatial features of encrypted traffic respectively.Finally,one fully connected neural network is used for the final classification based on the obtained mixed features.Experiments are carried out on the ISCXVPN2016 dataset which is the widely used open source dataset in encrypted traffic classification area.Experimental results show that the overall classification precision of the Attetnion-CNN could reach 98.7%and the F1 score is significantly improved compared with several existing studies.
作者
陈明豪
祝跃飞
芦斌
翟懿
李玎
CHEN Ming-hao;ZHU Yue-fei;LU Bin;ZHAI Yi;LI Ding(School of Cyberspace Security,Information Engineering University,Zhengzhou 450001,China;State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China)
出处
《计算机科学》
CSCD
北大核心
2021年第4期325-332,共8页
Computer Science
基金
国家重点研发计划前沿科技创新专项基金(2019QY1300)。
