计算机科学 ›› 2023, Vol. 50 ›› Issue (10): 308-314.doi: 10.11896/jsjkx.230500141
孙云霄1, 李军1, 王佰玲1,2
SUN Yunxiao1, LI Jun1, WANG Bailing1,2
摘要: IPSec VPN按照应用场景的不同可以分为闭合型网络和开放型网络,闭合型网络常用于定制虚拟专用网,而开放型网络代理是规避网络审计的常用手段,因此,IPSec VPN网络类型的识别分类对于网络监管具有重要意义。根据两种网络类型在业务复杂度上的区别,提出利用加密流量侧信道特征进行IPSec VPN闭合性检测的方法,提取IPSec加密流量帧长序列和隧道内TCP最大分片长度(Maximum Segment Size,MSS)的分布,引入信息熵来度量MSS值的分布情况,将MSS值信息熵和帧长序列的标准差作为特征向量,使用支持向量机和随机森林等机器学习算法进行训练和预测。实验结果表明,使用该分类方法进行闭合性检测的准确率超过了96%,可有效识别用于开放代理的VPN隧道。
中图分类号:
[1]HAN Z H,CHEN X S,ZENG X M,et al.Detecting Proxy User Based on Communication Behavior Portrait[J].The Computer Journal,2019,62(12):1777-1792. [2]REZAEI S,LIU X.Deep Learning for Encrypted Traffic Classification:An Overview [J].IEEE Communications Magazine,2019,57(5):76-81. [3]ALSHAMMARI R,ZINCIR-HEYWOOD N.Generalization ofsignatures for SSH encrypted traffic identification[C]//Proceedings of Computational Intelligence in Cyber Security Confe-rence.2009:167-174. [4]ANDERSON B,PAUL S,MCGREW D.Deciphering Malware's Use of TLS(without Decryption)[J].Journal of Computer Virology and Hacking Techniques,2018,14(3):195-211. [5]ANDERSON B,MCGREW D.Machine learning for encrypted malware traffic classification:accounting for noisy labels and non-stationarity[C]//Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.2017:1723-1732. [6]L7 filter[EB/OL].[2023-02-10].http://l7-filter.sourceforge.net/. [7]OpenDPI[EB/OL].[2023-02-10].https://github.com/thoma-sbhatia/OpenDPI. [8]WANG L,FENG H M,LIU B,et al.SSL VPN encrypted trafficidentification based on hybrid method[J].Computer Applications and Software,2019,36(2):321-328. [9]SU M Y .Using clustering to improve the KNN-based classifiers for online anomaly network traffic identification[J].Journal of Network & Computer Applications,2011,34(2):722-730. [10]WU D,CHEN X,CHEN C,et al.On addressing the imbalance problem:a correlated KNN approach for network traffic classification[C]//Proceedings of International Conference on Network and System Security.Cham:Springer International Publishing,2014:138-151. [11]ZHOU Y M,LIU F Z,WANG Y.IPSec VPN Encrypted Traffic Identification Based on Hybrid Method[J].Computer Science,2021,48(4):295-302. [12]WANG A,GE J,SHANG N,et al.Practical cases of side-channel analysis[J].Journal of Cryptologic Research,2018,5(4):383-398. [13]KOCHER P C.Timing attacks on implementations of Diffie-Hellman,RSA,DSS,and other systems[C]//Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology.1996:104-113. [14]KOCHER P C,JAFFE J,JUN B.Differential power analysis[C]//Advances in Cryptology—CRYPTO'99.1999:388-397. [15]GANDOLFI K,MOURTEL C,OLIVIER F.Electromagneticanalysis:Concrete results[C]//Cryptographic Hardware and Embedded Systems(CHES 2001).2001:251-261. [16]TAYLOR V F,SPOLAOR R,CONTI M,et al.Appscanner:Automatic fingerprinting of smartphone apps from encrypted network traffic[C]//2016 IEEE European Symposium on Security and Privacy(EuroS&P).IEEE,2016:439-454. [17]IETF.Security Architecture for the Internet Protocol [EB/OL].[2023-02-10].https://www.ietf.org. [18]IETF.Requirements for Internet Hosts-Communication Layers[EB/OL].[2023-02-10].https://www.ietf.org/. [19]SHANNON C E.A mathematical theory of communication[J].The Bell System Technical Journal,1948,27(3):379-423. [20]DRAPER-GIL G,LASHKARI A H,MAMUN M S I,et al.Characterization of encrypted and vpn traffic using time-related[C]//Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP).2016:407-414. [21]DAI J,CHEN Y,CHEN Y,et al.An analysis of Network Traffic Identification based on Decision Tree[C]//2021 International Conference on Artificial Intelligence and Electromechanical Automation(AIEA).IEEE,2021:308-311. |
|