计算机科学 ›› 2021, Vol. 48 ›› Issue (4): 325-332.doi: 10.11896/jsjkx.200900155

• 信息安全 • 上一篇    

基于Attention-CNN的加密流量应用类型识别

陈明豪, 祝跃飞, 芦斌, 翟懿, 李玎   

  1. 信息工程大学网络空间安全学院 郑州450001
    数学工程与先进计算国家重点实验室 郑州450001
  • 收稿日期:2020-06-24 修回日期:2020-11-02 出版日期:2021-04-15 发布日期:2021-04-09
  • 通讯作者: 祝跃飞(yfzhu17@sina.com)
  • 基金资助:
    国家重点研发计划前沿科技创新专项基金(2019QY1300)

Classification of Application Type of Encrypted Traffic Based on Attention-CNN

CHEN Ming-hao, ZHU Yue-fei, LU Bin, ZHAI Yi, LI Ding   

  1. School of Cyberspace Security,Information Engineering University,Zhengzhou 450001,China
    State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China
  • Received:2020-06-24 Revised:2020-11-02 Online:2021-04-15 Published:2021-04-09
  • About author:CHEN Ming-hao,born in 1996,master.His main research interests include cyber security and encrypted traffic classification.(1069304038@qq.com)
    ZHU Yue-fei,born in 1962,professor,Ph.D,supervisor.His main research interests include intrusion detection,cryptography and information security.
  • Supported by:
    Cutting-edge Science and Technology Innovation Project of the Key R&D Program of China(2019QY1300).

摘要: 随着流量加密技术的不断发展,加密流量已逐渐取代非加密流量成为当前网络环境的主流,其在保护用户隐私的同时,也常被各种恶意软件用来规避传统的基于端口或载荷关键字的入侵检测系统的防御,给网络安全带来了严重威胁。针对常规识别方法的局限性,研究人员尝试利用人工智能的方法来识别加密流量的应用类型,但现有研究对加密流量的特征信息的利用不够充分,导致相关方法在实际复杂的网络环境中表现不佳。为此,提出了一种基于Attention-CNN的加密流量识别方法,在加密流量数据初步特征提取的基础上,使用BiLSTM+Attention和1D-CNN模型对加密流量的时序和空间特征进行特征压缩和进一步提取,并利用基于全连接神经网络得到的混合特征进行最终的识别。文中采用通用的ISCXVPN2016开源数据集进行实验验证,结果表明所提方法的整体识别准确率达到了0.987,且相比现有研究,对不同类别流量识别结果的F1评价指标有显著提升。

关键词: 1D-CNN, Attention机制, BiLSTM, 加密流量, 网络安全

Abstract: With the development of traffic encryption technology,encrypted traffic has gradually replaced non-encrypted traffic and become the most important part of the current network environment.While protecting users’ privacy,encrypted traffic is also used by malicious software to avoid the defense of traditional intrusion detection system based on the port or payload keywords of traffic,which brings serious threat to network security.In view of the limitations of conventional classification methods,resear-chers try to use artificial intelligence method to classify the application type of encrypted traffic,but the existing researches usually do not make full use of the characteristics of encrypted traffic,resulting in poor performance in the actual complex network environment.To solve the problems mentioned above,this paper proposes an encrypted traffic classification method based on Attention-CNN model.After the preliminary feature extraction of encrypted traffic,we use both BiLSTM+Attention and 1D-CNN model to compress and further extract the temporal and spatial features of encrypted traffic respectively.Finally,one fully connected neural network is used for the final classification based on the obtained mixed features.Experiments are carried out on the ISCXVPN2016 dataset which is the widely used open source dataset in encrypted traffic classification area.Experimental results show that the overall classification precision of the Attetnion-CNN could reach 98.7% and the F1 score is significantly improved compared with several existing studies.

Key words: 1D-CNN, Attention mechanism, BiLSTM, Cyber security, Encrypted traffic

中图分类号: 

  • TP309
[1]Google.Google Transparencyreport [R/OL].(2020-07)[2020-07-01].https://transparencyreport.google.com/https/overview.
[2]Cisco.Cisco Encrypted Traffic Analytics White Paper[R/OL].(2019-07)[2019-07-20].https://www.cisco.com/c/en/us/solutions/enterprisenetworks/enterprise-network-security/eta.html.
[3]Radware (2018).Global application and network security report[EB/OL].https://www.datacomcz/userfifiles/radware_ert_report_2017_2018_fifinal.pdf.
[4]MADHUKAR A,WILLIAMSON C.A Longitudinal Study ofP2P Traffic Classification[C]//modeling,analysis,and simulation on computer and telecommunication systems.2006:179-188.
[5]REZAEI S,LIU X.Deep Learning for Encrypted Traffic Classification:An Overview[J].IEEE Communications Magazine,2019,57(5):76-81.
[6]LOPEZ-MARTIN M,CARRO B,SANCHEZ-ESGUEVILLASA,et al.Network Traffic Classifier With Convolutional and Recurrent Neural Networks for Internet of Things[J].IEEE Access,2017(99):18042-18050.
[7]CHEN Z,HE K,LI J,et al.Seq2Img:A sequence-to-imagebased approach towards IP traffic classification using convolutional neural networks[C]//International Conference on Big Data.2017:1271-1276.
[8]HOCHST J,BAUMGARTNER L,HOLLICK M,et al.Unsupervised Traffic Flow Classification Using a Neural Autoenco-der[C]//Local Computer Networks.2017:523-526.
[9]HU B,ZHOU Z H,LIAO L H,et al.TLS malicious traffic detection based on combined features of packet payload and stream fingerprints[J].Computer Engineering,2020,46(520):163-169.
[10]ZOU Y,ZHANG J,JIANG B.Detection of malicious encrypted traffic based on LSTM recurrent neural network[J].Computer Applications and Software,2020,37(2):308-312.
[11]GUO L,WU Q,LIU S,et al.Deep learning-based real-time VPN encrypted traffic identification methods[J].Journal of Real-Time Image Processing,2020,17(1):103-114.
[12]CHENG H,XIE J X,CHEN L H.CNN-based Encrypted C&C Communication Traffic Identification Method[J].Computer Engineering,2019,45(8):31-34,41.
[13]HWANG R H,PENG M C,NGUYEN V L,et al.An LSTM-Based Deep Learning Approach for Classifying Malicious Traffic at the Packet Level[J].Applied Sciences,2019,9(16):3414.
[14]REZAEI S,LIU X.How to Achieve High Classification Accuracy with Just a Few Labels:A Semi-supervised Approach Using Sampled Packets[J].arXiv:1812.09761,2020.
[15]VU L,BUI C T,NGUYEN Q U,et al.A Deep Learning Based Method for Handling Imbalanced Problem in Network Traffic Classification[C]//International Symposium on Information and Communication Technology.2017:333-339.
[16]LASHKARI A H,DRAPER-GIL G,MAMUN M S I,et al.Characterization of Encrypted and VPN Traffic Using Time-Related Features[C]//Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016).2016:407-414.
[17]LOTFOLLAHI M,SIAVOSHANI M J,ZADE R S,et al.Deep Packet:A Novel Approach For Encrypted Traffic Classification Using Deep Learning[J].Soft Computing,2020,24(3):1999-2012.
[18]ZHOU P,SHI W,TIAN J,et al.Attention-Based Bidirectional Long Short-Term Memory Networks for Relation Classification[C]//Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 2:Short Papers).2016.
[19]WANG W,ZHU M,ZENG X,et al.Malware traffic classifica-tion using convolutional neural network for representation learning[C]//International Conference on Information Networking.2017:712-717.
[20]WANG W,ZHU M,WANG J,et al.End-to-end encrypted traffic classification with one-dimensional convolution neural networks[C]//2017 IEEE International Conference on Intelligence and Security Informatics (ISI).IEEE,2017.
[1] 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠.
基于战术关联的网络安全风险评估框架
Network Security Risk Assessment Framework Based on Tactical Correlation
计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171
[2] 王磊, 李晓宇.
基于随机洋葱路由的LBS移动隐私保护方案
LBS Mobile Privacy Protection Scheme Based on Random Onion Routing
计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077
[3] 赵冬梅, 吴亚星, 张红斌.
基于IPSO-BiLSTM的网络安全态势预测
Network Security Situation Prediction Based on IPSO-BiLSTM
计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103
[4] 陶礼靖, 邱菡, 朱俊虎, 李航天.
面向网络安全训练评估的受训者行为描述模型
Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment
计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048
[5] 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏.
基于网络媒体的非线性动力学信息传播模型
Nonlinear Dynamics Information Dissemination Model Based on Network Media
计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043
[6] 吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳.
基于进化神经网络的电力信息网安全态势量化方法
Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network
计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151
[7] 于家畦, 康晓东, 白程程, 刘汉卿.
一种新的中文电子病历文本检索模型
New Text Retrieval Model of Chinese Electronic Medical Records
计算机科学, 2022, 49(6A): 32-38. https://doi.org/10.11896/jsjkx.210400198
[8] 邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓.
一种可快速迁移的领域知识图谱构建方法
Fast and Transmissible Domain Knowledge Graph Construction Method
计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018
[9] 张师鹏, 李永忠.
基于降噪自编码器和三支决策的入侵检测方法
Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions
计算机科学, 2021, 48(9): 345-351. https://doi.org/10.11896/jsjkx.200500059
[10] 周仕承, 刘京菊, 钟晓峰, 卢灿举.
基于深度强化学习的智能化渗透测试路径发现
Intelligent Penetration Testing Path Discovery Based on Deep Reinforcement Learning
计算机科学, 2021, 48(7): 40-46. https://doi.org/10.11896/jsjkx.210400057
[11] 李贝贝, 宋佳芮, 杜卿芸, 何俊江.
DRL-IDS:基于深度强化学习的工业物联网入侵检测系统
DRL-IDS:Deep Reinforcement Learning Based Intrusion Detection System for Industrial Internet of Things
计算机科学, 2021, 48(7): 47-54. https://doi.org/10.11896/jsjkx.210400021
[12] 陈海彪, 黄声勇, 蔡洁锐.
一个基于智能电网的跨层路由的信任评估协议
Trust Evaluation Protocol for Cross-layer Routing Based on Smart Grid
计算机科学, 2021, 48(6A): 491-497. https://doi.org/10.11896/jsjkx.201000169
[13] 王金恒, 单志龙, 谭汉松, 王煜林.
基于遗传优化PNN神经网络的网络安全态势评估
Network Security Situation Assessment Based on Genetic Optimized PNN Neural Network
计算机科学, 2021, 48(6): 338-342. https://doi.org/10.11896/jsjkx.201200239
[14] 董哲, 邵若琦, 陈玉梁, 翟维枫.
基于BERT和对抗训练的食品领域命名实体识别
Named Entity Recognition in Food Field Based on BERT and Adversarial Training
计算机科学, 2021, 48(5): 247-253. https://doi.org/10.11896/jsjkx.200800181
[15] 张凯, 刘京菊.
基于吸收Markov链的网络入侵路径分析方法
Attack Path Analysis Method Based on Absorbing Markov Chain
计算机科学, 2021, 48(5): 294-300. https://doi.org/10.11896/jsjkx.200700108
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!