计算机科学 ›› 2021, Vol. 48 ›› Issue (4): 295-302.doi: 10.11896/jsjkx.200700189

所属专题: 信息安全 虚拟专题

• 信息安全 • 上一篇    下一篇

基于混合方法的IPSec VPN加密流量识别

周益旻1,2, 刘方正1, 王勇1   

  1. 1 国防科技大学电子对抗学院 合肥230037
    2 安徽省网络空间安全态势感知与评估重点实验室 合肥230037
  • 收稿日期:2020-06-24 修回日期:2020-08-21 出版日期:2021-04-15 发布日期:2021-04-09
  • 通讯作者: 刘方正(yoyofangzheng@aliyun.com)
  • 基金资助:
    国家自然科学基金(6167454)

IPSec VPN Encrypted Traffic Identification Based on Hybrid Method

ZHOU Yi-min1,2, LIU Fang-zheng1 , WANG Yong1   

  1. 1 College of Electromagnetic Countermeasure,National University of Defense Technology,Hefei 230037,China
    2 Anhui Key Laboratory of Cyberspace Security Situation Awareness and Evaluation,Hefei 230037,China
  • Received:2020-06-24 Revised:2020-08-21 Online:2021-04-15 Published:2021-04-09
  • About author:ZHOU Yi-min,born in 1996,postgradua-te.His main research interests include network information security and so on.(dyzhouyimin@sina.com)
    LIU Fang-zheng,born in 1982,Ph.D,lecturer.His main research interests include network information security and so on.
  • Supported by:
    National Natural Science Foundation of China(6167454).

摘要: 文中提出了一种混合方法,将指纹识别与机器学习方法相结合,实现了IPSec VPN加密流量的识别。该方法首先基于负载特征从网络流量中筛选出IPSec VPN流量;接着,基于时间相关的流特征,利用随机森林算法建立了IPSec VPN流量分类模型,通过参数优化以及特征选择,整体流量识别的准确率达到了93%。实验结果验证了通过流特征提取的机器学习方法识别IPSec VPN流量的可行性;同时表明了该方法能够有效均衡识别精度与识别速度,达到了高效识别IPSec VPN加密流量的效果。

关键词: IPSec VPN, 参数优化, 加密流量识别, 时间相关流特征, 随机森林

Abstract: This paper proposes a hybrid method,which combines fingerprint identification with machine learning method to rea-lize the identification of IPSec VPN encrypted traffic.Firstly,the method selects the IPSec VPN traffic from the network traffic based on the load characteristics.Secondly,based on the time-related flow features,it uses the random forest algorithm to establish the IPSec VPN traffic classification model.Through parameter optimization and feature selection,the overall traffic identification accuracy reaches 93%.The experimental results verify the feasibility of identifying IPSec VPN traffic by machine learning method based on time-related flow features.At the same time,the experimental results show that the proposed method can effectively balance the recognition accuracy and recognition speed,and achieve the effect of efficient identification of IPSec VPN encrypted traffic.

Key words: Encrypted traffic identification, IPSec VPN, Parameter optimization, Random forest, Time-related flow features

中图分类号: 

  • TP393.8
[1]WANG T,HU A Q.A Conformance Test Method of IPSecVPN Protocol based on Edge Detection[J].Information Network Security,2014(2):7-11.
[2]FADLULLAH Z M,TALEB T,VASILAKOS A V,et al.DTRAB:combating against attacks on encrypted protocols through traffic feature analysis[J].IEEE/ACM Transactions on Networking(TON),2010,18(4):1234-1247.
[3]ROUGHAN M,SEN S,SPATSCHECK O,et al.Class-of-service mapping for QoS:a statistical signature-based approach to IP traffic classification[C]//The 4th ACM SIGCOMM Conference on Internet Measurement.ACM,2004:135-148.
[4]PAN W,CHENG G,GUO X,et al.Review and perspective on encrypted traffic identification research[J].Journal on Communications,2016,37(9):154-167.
[5]BERNAILLE L,TEIXEIRA R.Early recognition of encrypted applications[M]//Passive and Active Network Measurement.Springer Berlin Heidelberg,2007:165-175.
[6]ZENG X,CHEN X,SHAO G,et al.Flow context and host behavior based Shadowsocks’s traffic identification[J].IEEE Access,2019,7:41017-41032.
[7]LASHKARI A H,DRAPER-GIL G,MAMUN M S I,et al.Charac- terization of encrypted and VPN traffic using time-related features[C]//The International Conference on Information Systems Security and Privacy.2016:94-98.
[8]YILDIRIM T,RADCLIFFE P J.VoIP traffic classification inIPSec tunnels[C]//2010 International Conference onElectro-nics and Information Engineering.IEEE,2010,1:v1-151-v1-157.
[9]WANG Q L,WANG Z X,ZHANG L C,et al.GMM-based Application-layer Protocol Identification of ESP Traffic[J].Computer Engineering,2011,37(24):91-93.
[10]BAGUI S,FANG X,KALAIMANNAN E,et al.Comparison of machine-learning algorithms for classification of VPN network traffic flow using time-related features[J].Journal of Cyber Security Technology,2017,1(2):108-126.
[11]DONG S,LI R.Traffic identification method based on multiple probabilistic neural network model[J].Neural Computing and Applications,2019,31(2):473-487.
[12]ZHUO C,ZHANG.The research and comparison of the ah and esp in IPSec[J].Computer Applications and Software,2004(7):105-106,124.
[13]MOORE A,ZUEV D,CROGAN M.Discriminators for use in flow-based classification Technical report[D].London:Queen Mary University of London,Department of Computer Science,2005:6-13.
[14]DIAS K L,PONGELUPE M A,CAMINHAS W M,et al.An innovative approach for real-time network traffic classification[J].Computer Networks,2019,158:143-157.
[15]DAINOTTI A,PESCAPE A,CLAFFY K C.Issues and future directions in traffic classification[J].Network,IEEE,2012,26(1):35-40.
[16]BREIMAN L.Random forest [J].Machine Learning,2001,5(1):5-32.
[17]WEN B W,DONG W H,XIE W J,et al.Optimization of random forest parameters based on improved grid search algorithm[J].Computer Engineering and Applications,2018,54(10):159-162.
[18]WU C W,LIANG J H,WANG W.Random Forest Algorithm Based on Recursive Feature Elimination[J].Statistics and decision making,2017(21):60-63.
[19]CHAWLA N V,KARAKOULAS G.Learning From LabeledAnd Unlabeled Data:An Empirical Study Across Techniques And Domains[J].Journal of Artificial Intelligence Research,2011,23(1):331-366.
[20]YAO W,WEI L I,WU K H,et al.Application of Fusion Model of GBDT and LR in Encrypted Traffic Identification[J].Computer and Modernization,2020(3):93.
[1] 高振卓, 王志海, 刘海洋.
嵌入典型时间序列特征的随机Shapelet森林算法
Random Shapelet Forest Algorithm Embedded with Canonical Time Series Features
计算机科学, 2022, 49(7): 40-49. https://doi.org/10.11896/jsjkx.210700226
[2] 胡艳羽, 赵龙, 董祥军.
一种用于癌症分类的两阶段深度特征选择提取算法
Two-stage Deep Feature Selection Extraction Algorithm for Cancer Classification
计算机科学, 2022, 49(7): 73-78. https://doi.org/10.11896/jsjkx.210500092
[3] 王兵, 吴洪亮, 牛新征.
基于改进势场法的机器人路径规划
Robot Path Planning Based on Improved Potential Field Method
计算机科学, 2022, 49(7): 196-203. https://doi.org/10.11896/jsjkx.210500020
[4] 王文强, 贾星星, 李朋.
自适应的集成定序算法
Adaptive Ensemble Ordering Algorithm
计算机科学, 2022, 49(6A): 242-246. https://doi.org/10.11896/jsjkx.210200108
[5] 阙华坤, 冯小峰, 刘盼龙, 郭文翀, 李健, 曾伟良, 范竞敏.
Grassberger熵随机森林在窃电行为检测的应用
Application of Grassberger Entropy Random Forest to Power-stealing Behavior Detection
计算机科学, 2022, 49(6A): 790-794. https://doi.org/10.11896/jsjkx.210800032
[6] 章晓庆, 方建生, 肖尊杰, 陈浜, RisaHIGASHITA, 陈婉, 袁进, 刘江.
基于眼前节相干光断层扫描成像的核性白内障分类算法
Classification Algorithm of Nuclear Cataract Based on Anterior Segment Coherence Tomography Image
计算机科学, 2022, 49(3): 204-210. https://doi.org/10.11896/jsjkx.201100085
[7] 刘振宇, 宋晓莹.
一种可用于分类型属性数据的多变量回归森林
Multivariate Regression Forest for Categorical Attribute Data
计算机科学, 2022, 49(1): 108-114. https://doi.org/10.11896/jsjkx.201200189
[8] 杨小琴, 刘国军, 郭建慧, 马文涛.
基于随机森林的空域-频域联合特征全参考彩色图像质量评价方法
Full Reference Color Image Quality Assessment Method Based on Spatial and Frequency Domain Joint Features with Random Forest
计算机科学, 2021, 48(8): 99-105. https://doi.org/10.11896/jsjkx.200700106
[9] 郑建华, 李小敏, 刘双印, 李迪.
融合级联上采样与下采样的改进随机森林不平衡数据分类算法
Improved Random Forest Imbalance Data Classification Algorithm Combining Cascaded Up-sampling and Down-sampling
计算机科学, 2021, 48(7): 145-154. https://doi.org/10.11896/jsjkx.200800120
[10] 曹扬晨, 朱国胜, 祁小云, 邹洁.
基于随机森林的入侵检测分类研究
Research on Intrusion Detection Classification Based on Random Forest
计算机科学, 2021, 48(6A): 459-463. https://doi.org/10.11896/jsjkx.200600161
[11] 李娜娜, 王勇, 周林, 邹春明, 田英杰, 郭乃网.
基于特征重要度二次筛选的DDoS攻击随机森林检测方法
DDoS Attack Random Forest Detection Method Based on Secondary Screening of Feature Importance
计算机科学, 2021, 48(6A): 464-467. https://doi.org/10.11896/jsjkx.200900101
[12] 徐佳庆, 胡小月, 唐付桥, 王强, 何杰.
基于随机森林的高性能互连网络阻塞故障检测
Detecting Blocking Failure in High Performance Interconnection Networks Based on Random Forest
计算机科学, 2021, 48(6): 246-252. https://doi.org/10.11896/jsjkx.201200142
[13] 邓丽, 武金达, 李科学, 卢亚康.
基于TPE的SpaRC算法超参数优化方法
SpaRC Algorithm Hyperparameter Optimization Methodology Based on TPE
计算机科学, 2021, 48(2): 70-75. https://doi.org/10.11896/jsjkx.200500156
[14] 张天瑞, 魏铭琦, 高秀秀.
基于IPSO-WRF的选择性激光烧结件气泡溶解时间预测模型
Prediction Model of Bubble Dissolution Time in Selective Laser Sintering Based on IPSO-WRF
计算机科学, 2021, 48(11A): 638-643. https://doi.org/10.11896/jsjkx.210300080
[15] 刘振鹏, 苏楠, 秦益文, 卢家欢, 李小菲.
FS-CRF:基于特征切分与级联随机森林的异常点检测模型
FS-CRF:Outlier Detection Model Based on Feature Segmentation and Cascaded Random Forest
计算机科学, 2020, 47(8): 185-188. https://doi.org/10.11896/jsjkx.190600162
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!