计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (8): 396-402.doi: 10.11896/jsjkx.230500032

• 信息安全 • 上一篇    下一篇

基于注意力机制的CNN和BiGRU的加密流量分类

陈思雨1, 马海龙2, 张建辉3   

  1. 1 郑州大学网络空间安全学院 郑州 450001
    2 解放军战略支援部队信息工程大学信息技术研究所 郑州 450001
    3 嵩山实验室 郑州 450001
  • 收稿日期:2023-05-06 修回日期:2023-08-31 出版日期:2024-08-15 发布日期:2024-08-13
  • 通讯作者: 马海龙(longmanclear@163.com)
  • 作者简介:(chensiyu0113@163.com)
  • 基金资助:
    国家重点研发计划(2022YFB2901403);河南省重大科技专项(221100210900-01)

Encrypted Traffic Classification of CNN and BiGRU Based on Self-attention

CHEN Siyu1, MA Hailong2, ZHANG Jianhui3   

  1. 1 School of Cyber Science and Engineering,Zhengzhou University,Zhengzhou 450001,China
    2 Institute of Information Technology,PLA Information Engineering University,Zhengzhou 450001,China
    3 Songshan Laboratory,Zhengzhou 450001,China
  • Received:2023-05-06 Revised:2023-08-31 Online:2024-08-15 Published:2024-08-13
  • About author:CHEN Siyu,born in 2000,master.Her main research interests include cyber security and encrypted traffic classification.
    MA Hailong,born in 1980,Ph.D,professor,Ph.D supervisor.His main research interests include endogenous security in cyberspace,intelligent awareness of cyber threats,and innovative cyber systems.
  • Supported by:
    National Key Research and Development Program of China(2022YFB2901403) and Major Scientific and Technological Project in Henan Province(221100210900-01).

PDF (PC)

412

摘要: 针对传统加密流量分类方法准确率低、利用流量载荷会侵犯用户隐私,以及泛化能力弱的问题,提出一种基于注意力机制的CNN和BiGRU(CNN-AttBiGRU)的加密流量分类方法,可以同时适用于常规加密和VPN、Tor加密流量。该方法基于包大小、包到达时间以及包到达方向将流量转化为直观的图片,为提高模型准确率,使用CNN提取流量图片的空间特征,同时设计BiGRU和Self-attention模型提取时间特征,充分利用流量图片的时间和空间特征,可按照流量类别、加密技术和应用类型对流量进行不同层面的分类。该方法对加密流量类别分类的平均准确率达95.2%,较以往提升11.65%;对加密技术分类的准确率达95.5%,较以往提升7.1%;对流量所使用的应用程序分类的准确率达99.8%,较以往提升11.03%。实验结果表明,CNN-AttBiGRU方法的泛化能力强,并且其仅利用加密流量的部分统计特征,有效地保护了用户隐私,同时取得了高准确率。

关键词: 加密流量分类, 深度学习, 卷积神经网络, 双向门控循环单元, 自注意力机制

Abstract: To address the problems of low accuracy of traditional encrypted traffic classification methods,the use of traffic load will violate user privacy and weak generalization ability,an encrypted traffic classification method of CNN and BiGRU based on self-attention(CNN-AttBiGRU) is proposed,which can be applied to both regular encrypted and VPN and Tor encrypted traffic.The method converts traffic into intuitive pictures based on packet size,packet arrival time and packet arrival direction.To improve the accuracy of the model,CNN is used to extract the spatial features of traffic pictures,while BiGRU and self-attention models are designed to extract temporal features,making full use of the temporal and spatial features of traffic pictures.The traffic can be classified at different levels by traffic category,encryption technique and application type.The proposed method achieves an average accuracy of 95.2% for classification of encrypted traffic categories,which is 11.65% better than before;95.5% for classification of encryption technologies,which is 7.1% better than before;and 99.8% for classification of applications used by traffic,which is 11.03% better than before.Experimental results show that the CNN-AttBiGRU method has strong ge-neralization ability and only utilizes some statistical features of encrypted traffic,which effectively protects user privacy while achieving high accuracy rates.

Key words: Encrypted traffic classification, Deep learning, CNN, BiGRU, Self-attention

中图分类号: 

  • TP309
[1]WANG Z,FOK K W,THING V L L.Machine learning for encrypted malicious traffic detection:Approaches,datasets and comparative study[J].Computers & Security,2022,113:102542.
[2]REZAEI S,LIU X.Deep learning for encrypted traffic classification:An overview[J].IEEE Communications Magazine,2019,57(5):76-81.
[3]ZENG Y,GU H,WEI W,et al.Deep-Full-Range:a deep lear-ning based network encrypted traffic classification and intrusion detection framework[J].IEEE Access,2019,7:45182-45190.
[4]DRAPER-GIL G,LASHKARI A H,MAMUN M S I,et al.Characterization of encrypted and vpn traffic using time-related[C]//Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP).2016:407-414.
[5]LASHKARI A H,DRAPER-GIL G,MAMUN M S I,et al.Characterization of tor traffic using time based features[C]//ICISSP.2017:253-262.
[6]WANG Y,ZHOU W Y,FENG H,et al.A deep convolutional neural network-based approach for network traffic classification[J].Journal on Communications,201839(1):14-23.
[7]CHENG J,WU Y,E Y P,et al.MATEC:A lightweight neural network for online encrypted traffic classification[J].Computer Networks,2021,199:108472.
[8]ACETO G,CIUONZO D,MONTIERI A,et al.Mobile encryp-ted traffic classification using deep learning:Experimental evaluation,lessons learned,and challenges[J].IEEE Transactions on Network and Service Management,2019,16(2):445-458.
[9]LIU C,HE L,XIONG G,et al.Fs-net:A flow sequence network for encrypted traffic classification[C]//IEEE INFOCOM 2019-IEEE Conference on Computer Communications.IEEE,2019:1171-1179.
[10]HE Y,LI W.Image-based encrypted traffic classification with convolution neural networks[C]//2020 IEEE Fifth Interna-tional Conference on Data Science in Cyberspace(DSC).IEEE,2020:271-278.
[11]ZHANG S L,CHENG G,ZHANG W C.An improved deep convolutional neural network-based method for network traffic classification[J].Chinese Science:Information Science,2021,51(1):56-74.
[12]LOTFOLLAHI M,JAFARI SIAVOSHANI M,SHIRALIHOSSEIN ZADE R,et al.Deep packet:A novel approach for encrypted traffic classification using deep learning[J].Soft Computing,2020,24(3):1999-2012.
[13]XIE J N,MA C H,LI Z Y,et al.An encrypted traffic classification method based on convolutional neural networks[J].Journal of Network and Information Security,2022,8(6):84-91.
[14]SHAPIRA T,SHAVITT Y.FlowPic:A generic representation for encrypted traffic classification and applications identification[J].IEEE Transactions on Network and Service Management,2021,18(2):1218-1232.
[15]GUO L,WU Q,LIU S,et al.Deep learning-based real-time VPN encrypted traffic identification methods[J].Journal of Real-Time Image Processing,2020,17:103-114.
[16]DODIA P,ALSABAH M,ALRAWI O,et al.Exposing the Rat in the Tunnel:Using Traffic Analysis for Tor-based Malware Detection[C]//Proceedings of the 2022 ACM SIGSACConfe-rence on Computer and Communications Security.2022:875-889.
[17]CHEN M H,ZHU Y F,LU B,et al.Attention-CNN-based application type identification for encrypted traffic[J].Computer Science,2021,48(4):325-332.
[18]KRIZHEVSKY A,SUTSKEVER I,HINTON G E.Imagenetclassification with deep convolutional neural networks[J].Communications of the ACM,2017,60(6):84-90.
[19]YAO H,LIU C,ZHANG P,et al.Identification of encryptedtraffic through attention mechanism based long short term memory[J].IEEE Transactions on Big Data,2019,8(1):241-252.
[20]LIU X,YOU J,WU Y,et al.Attention-based bidirectional GRU networks for efficient HTTPS traffic classification[J].Information Sciences,2020,541:297-315.
[21]KINGMA D P,BA J.Adam:A method for stochastic optimization[J].arXiv:1412.6980,2014.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发