计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (10): 399-407.doi: 10.11896/jsjkx.230900103

• 信息安全 • 上一篇    下一篇

融合Inception与SE-Attention的加密流量移动业务识别

王依菁1, 王清贤1, 丁大钊2, 闫廷聚1, 曹琰1   

  1. 1 郑州大学网络空间安全学院 郑州 450002
    2 嵩山实验室 郑州 450000
  • 收稿日期:2023-09-18 修回日期:2024-03-11 出版日期:2024-10-15 发布日期:2024-10-11
  • 通讯作者: 曹琰(ieycao@zzu.edu.cn)
  • 作者简介:(wyj1111@gs.zzu.edu.cn)
  • 基金资助:
    国家自然科学基金(61871404);河南省科技攻关项目(232102210045,232102210124);嵩山实验室资助项目(232102210124);嵩山实验室预研项目(YYYY032022005)

Identification of Mobile Service Type of Encrypted Traffic Based on Fusion of Inception andSE-Attention

WANG Yijing1, WANG Qingxian1, DING Dazhao2, YAN Tingju1, CAO Yan1   

  1. 1 School of Cyber Science and Engineering,Zhengzhou University,Zhengzhou 450002,China
    2 Songshan Laboratory,Zhengzhou 450000,China
  • Received:2023-09-18 Revised:2024-03-11 Online:2024-10-15 Published:2024-10-11
  • About author:WANG Yijing,born in 1999,postgra-duate.Her main research interests include wireless network security and encrypted traffic classification.
    CAO Yan,born in 1983,Ph.D,is a member of CCF(No.17447M).His main research interests include network and system security and vulnerability discovery.
  • Supported by:
    National Natural Science Foundation of China(61871404),Science and Technology Project of Henan Province(232102210045,232102210124),Songshan Laboratory Sponsorship Project(232102210124) and Songshan Laboratory Pre-Research Project(YYYY032022005).

PDF (PC)

270

摘要: 移动设备通常接入无线局域网,并依赖WiFi加密协议对网络中数据链路层流量进行加密,以维护通信安全。然而,现有加密流量识别方法主要针对网络层及以上的流量载荷进行分析,无法有效识别链路层加密流量的移动业务类别。针对该问题,提出了一种在WiFi加密场景下基于链路层流量的移动业务识别方法。通过被动嗅探WiFi数据帧,提取链路层中可用的流量侧信道特征,将流量数据转换为二维直方图矩阵。融合Inception网络和SE-Attention机制,提出识别模型——SE-Inception,旨在更好地捕捉到流量数据帧分布特征中的细节和全局信息,突出对重要特征的关注,以提高识别准确率。文中采用真实数据集进行实验验证,结果表明该方法在WiFi加密场景下可有效识别链路层加密流量的移动业务类别,平均准确率可达98.29%,相比于已有的识别方法具有更优的性能。

关键词: 无线局域网, 链路层加密流量, 流量识别, Inception, SE注意力机制

Abstract: Mobile devices usually access WLAN and rely on WiFi encryption protocol to encrypt data link layer traffic in the network to maintain communication security.However,existing encrypted traffic identification methods mainly analyze traffic loads at the network layer and above,and cannot effectively identify the mobile service category of link layer encrypted traffic.To address this problem,a mobile service identification method based on link layer traffic in WiFi encryption scenarios is proposed.By passively sniffing WiFi data frames and extracting the traffic-side channel features available in the link layer,the traffic data is converted into a 2D histogram matrix.The recognition model,SE-Inception,is proposed by integrating the Inception network and SE-Attention mechanism,aiming to better capture the details and global information in the distribution features of traffic data frames,and highlighting the attention to important features to improve the recognition accuracy.In this paper,real datasets are used for experimental validation,and the results show that the method can effectively recognize the mobile service category of link-layer encrypted traffic in WiFi encryption scenarios,with an average accuracy of up to 98.29%,which is a better performance compared with the existing recognition methods.

Key words: WLAN, Link-layer encrypted traffic, Traffic identification, Inception, SE-attention

中图分类号: 

  • TP309
[1]CNNIC.The 52nd Statistical Report on China's Internet Deve-lopment [EB/OL].(2023-08-28)[2023-08-30].https://www.cnnic.cn/n4/2023/0828/c199-10830.html.
[2]LASHKARI A H,DANESH M M S,SAMADI B.A survey on wireless security protocols (WEP,WPA and WPA2/802.11 i)[C]//2009 2nd IEEE International Conference on Computer Science and Information Technology.IEEE,2009:48-52.
[3]Radware (2018).Global application and network security report[EB/OL].https://www.Datacomcz/userfiles/radware_ert_report_2017_2018_fifinal.pdf.
[4]RAO Q M,PENG Y B.Automatic Fingerprint Extraction Me-thod Based On DPI[J].Computer Applications and Software,2021,38(4):328-333.
[5]LIU Y,SONG T,LIAO L J.A Real-Time Mobile Traffic Classification Approach Based on Timing Sequence Flow[J].Transactions of Beijing Institute of Technology,2018,38(5):537-544.
[6]YAO H,RANJAN G,TONGAONKAR A,et al.Samples:Self adaptive mining of persistent lexical snippets for classifying mobile application traffic[C]//Proceedings of the 21st Annual International Conference on Mobile Computing and Networking.2015:439-451.
[7]HAN X,ZHOU Y,HUANG L,et al.Maximum entropy based IP-traffic classification in mobile communication networks[C]//2012 IEEE Wireless Communications and Networking Confe-rence(WCNC).IEEE,2012:2140-2145.
[8]WANG Q,YAHYAVI A,KEMME B,et al.I know what youdid on your smartphone:Inferring app usage over encrypted data traffic[C]//2015 IEEE Conference on Communications and Network Security (CNS).IEEE,2015:433-441.
[9]ZHANG F,HE W,LIU X,et al.Inferring users' online activities through traffic analysis[C]//Proceedings of the Fourth ACM Conference on Wireless Network Security.2011:59-70.
[10]YIN H D,ZHANG J Y,SHANG Q H.Classification and Recognition of Encrypted Traffic in Wireless Networks Based on Data Link Layer Features[J].Computer Measurement & Control,2021,29(5):220-224.
[11]LI J,MA X,GUODONG L,et al.Can we learn what people are doing from raw DNS queries?[C]//IEEE INFOCOM 2018-IEEE Conference on Computer Communications.IEEE,2018:2240-2248.
[12]VAN EDE T,BORTOLAMEOTTI R,CONTINELLA A,et al.Flowprint:Semi-supervised mobile-app fingerprinting on encrypted network traffic[C]//Network and Distributed System Security Symposium (NDSS).2020.
[13]MONGKOLLUKSAMEE S,VISOOTTIVISETH V,FUKUDA K.Enhancing the performance of mobile traffic identification with communication patterns[C]//2015 IEEE 39th Annual Computer Software and Applications Conference.IEEE,2015:336-345.
[14]BAGUI S,FANG X,KALAIMANNAN E,et al.Comparison of machine-learning algorithms for classification of VPN network traffic flow using time-related features[J].Journal of Cyber Security Technology,2017,1(2):108-126.
[15]TAYLOR V F,SPOLAOR R,CONTI M,et al.Robust smartphone app identification via encrypted network traffic analysis[J].IEEE Transactions on Information Forensics and Security,2017,13(1):63-78.
[16]SALTAFORMAGGIO B,CHOI H,JOHNSON K,et al.Eavesdropping on {Fine-Grained} user activities within smartphone apps over encrypted network traffic[C]//10th USENIX Workshop on Offensive Technologies (WOOT 16).2016.
[17]GUO L,WU Q,LIU S,et al.Deep learning-based real-time VPN encrypted traffic identification methods[J].Journal of Real-Time Image Processing,2020,17:103-114.
[18]XIAO X,XIAO W,LI R,et al.EBSNN:extended byte segment neural network for network traffic classification[J].IEEE Transactions on Dependable and Secure Computing,2021,19(5):3521-3538.
[19]ACETO G,CIUONZO D,MONTIERI A,et al.Encrypted multi-task traffic classification via multimodal deep learning[C]//IEEE International Conference on Communications.IEEE,2021:1-6.
[20]HU X,GU C,WEI F.CLD-Net:a network combining CNN and LSTM for internet encrypted traffic classification[J].Security and Communication Networks,2021,2021:1-15.
[21]CHEN M H,ZHU Y F,LU B,et al.Classification of Application Type of Encrypted Traffic Based on Attention-CNN[J].Computer Science,2021,48(4):325-332.
[22]LI Q,SHI W,SUN J P,et al.The research of network trafficidentification based on convolutional neural network[J].Journal of Sichuan University(Natural Science Edition),2017,54(5):959-964.
[23]CHEN X J,WANG P,YU J H.CNN based entrypted trafficidentification method[J].Journal of Nanjing University of Posts and Telecommunications(Natural Science Edition),2018,38(6):36-41.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发