计算机科学 ›› 2021, Vol. 48 ›› Issue (4): 325-332.doi: 10.11896/jsjkx.200900155
• 信息安全 • 上一篇
陈明豪, 祝跃飞, 芦斌, 翟懿, 李玎
CHEN Ming-hao, ZHU Yue-fei, LU Bin, ZHAI Yi, LI Ding
摘要: 随着流量加密技术的不断发展,加密流量已逐渐取代非加密流量成为当前网络环境的主流,其在保护用户隐私的同时,也常被各种恶意软件用来规避传统的基于端口或载荷关键字的入侵检测系统的防御,给网络安全带来了严重威胁。针对常规识别方法的局限性,研究人员尝试利用人工智能的方法来识别加密流量的应用类型,但现有研究对加密流量的特征信息的利用不够充分,导致相关方法在实际复杂的网络环境中表现不佳。为此,提出了一种基于Attention-CNN的加密流量识别方法,在加密流量数据初步特征提取的基础上,使用BiLSTM+Attention和1D-CNN模型对加密流量的时序和空间特征进行特征压缩和进一步提取,并利用基于全连接神经网络得到的混合特征进行最终的识别。文中采用通用的ISCXVPN2016开源数据集进行实验验证,结果表明所提方法的整体识别准确率达到了0.987,且相比现有研究,对不同类别流量识别结果的F1评价指标有显著提升。
中图分类号:
[1]Google.Google Transparencyreport [R/OL].(2020-07)[2020-07-01].https://transparencyreport.google.com/https/overview. [2]Cisco.Cisco Encrypted Traffic Analytics White Paper[R/OL].(2019-07)[2019-07-20].https://www.cisco.com/c/en/us/solutions/enterprisenetworks/enterprise-network-security/eta.html. [3]Radware (2018).Global application and network security report[EB/OL].https://www.datacomcz/userfifiles/radware_ert_report_2017_2018_fifinal.pdf. [4]MADHUKAR A,WILLIAMSON C.A Longitudinal Study ofP2P Traffic Classification[C]//modeling,analysis,and simulation on computer and telecommunication systems.2006:179-188. [5]REZAEI S,LIU X.Deep Learning for Encrypted Traffic Classification:An Overview[J].IEEE Communications Magazine,2019,57(5):76-81. [6]LOPEZ-MARTIN M,CARRO B,SANCHEZ-ESGUEVILLASA,et al.Network Traffic Classifier With Convolutional and Recurrent Neural Networks for Internet of Things[J].IEEE Access,2017(99):18042-18050. [7]CHEN Z,HE K,LI J,et al.Seq2Img:A sequence-to-imagebased approach towards IP traffic classification using convolutional neural networks[C]//International Conference on Big Data.2017:1271-1276. [8]HOCHST J,BAUMGARTNER L,HOLLICK M,et al.Unsupervised Traffic Flow Classification Using a Neural Autoenco-der[C]//Local Computer Networks.2017:523-526. [9]HU B,ZHOU Z H,LIAO L H,et al.TLS malicious traffic detection based on combined features of packet payload and stream fingerprints[J].Computer Engineering,2020,46(520):163-169. [10]ZOU Y,ZHANG J,JIANG B.Detection of malicious encrypted traffic based on LSTM recurrent neural network[J].Computer Applications and Software,2020,37(2):308-312. [11]GUO L,WU Q,LIU S,et al.Deep learning-based real-time VPN encrypted traffic identification methods[J].Journal of Real-Time Image Processing,2020,17(1):103-114. [12]CHENG H,XIE J X,CHEN L H.CNN-based Encrypted C&C Communication Traffic Identification Method[J].Computer Engineering,2019,45(8):31-34,41. [13]HWANG R H,PENG M C,NGUYEN V L,et al.An LSTM-Based Deep Learning Approach for Classifying Malicious Traffic at the Packet Level[J].Applied Sciences,2019,9(16):3414. [14]REZAEI S,LIU X.How to Achieve High Classification Accuracy with Just a Few Labels:A Semi-supervised Approach Using Sampled Packets[J].arXiv:1812.09761,2020. [15]VU L,BUI C T,NGUYEN Q U,et al.A Deep Learning Based Method for Handling Imbalanced Problem in Network Traffic Classification[C]//International Symposium on Information and Communication Technology.2017:333-339. [16]LASHKARI A H,DRAPER-GIL G,MAMUN M S I,et al.Characterization of Encrypted and VPN Traffic Using Time-Related Features[C]//Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016).2016:407-414. [17]LOTFOLLAHI M,SIAVOSHANI M J,ZADE R S,et al.Deep Packet:A Novel Approach For Encrypted Traffic Classification Using Deep Learning[J].Soft Computing,2020,24(3):1999-2012. [18]ZHOU P,SHI W,TIAN J,et al.Attention-Based Bidirectional Long Short-Term Memory Networks for Relation Classification[C]//Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 2:Short Papers).2016. [19]WANG W,ZHU M,ZENG X,et al.Malware traffic classifica-tion using convolutional neural network for representation learning[C]//International Conference on Information Networking.2017:712-717. [20]WANG W,ZHU M,WANG J,et al.End-to-end encrypted traffic classification with one-dimensional convolution neural networks[C]//2017 IEEE International Conference on Intelligence and Security Informatics (ISI).IEEE,2017. |
[1] | 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠. 基于战术关联的网络安全风险评估框架 Network Security Risk Assessment Framework Based on Tactical Correlation 计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171 |
[2] | 王磊, 李晓宇. 基于随机洋葱路由的LBS移动隐私保护方案 LBS Mobile Privacy Protection Scheme Based on Random Onion Routing 计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077 |
[3] | 赵冬梅, 吴亚星, 张红斌. 基于IPSO-BiLSTM的网络安全态势预测 Network Security Situation Prediction Based on IPSO-BiLSTM 计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103 |
[4] | 陶礼靖, 邱菡, 朱俊虎, 李航天. 面向网络安全训练评估的受训者行为描述模型 Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment 计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048 |
[5] | 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏. 基于网络媒体的非线性动力学信息传播模型 Nonlinear Dynamics Information Dissemination Model Based on Network Media 计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043 |
[6] | 吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳. 基于进化神经网络的电力信息网安全态势量化方法 Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network 计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151 |
[7] | 于家畦, 康晓东, 白程程, 刘汉卿. 一种新的中文电子病历文本检索模型 New Text Retrieval Model of Chinese Electronic Medical Records 计算机科学, 2022, 49(6A): 32-38. https://doi.org/10.11896/jsjkx.210400198 |
[8] | 邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓. 一种可快速迁移的领域知识图谱构建方法 Fast and Transmissible Domain Knowledge Graph Construction Method 计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018 |
[9] | 张师鹏, 李永忠. 基于降噪自编码器和三支决策的入侵检测方法 Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions 计算机科学, 2021, 48(9): 345-351. https://doi.org/10.11896/jsjkx.200500059 |
[10] | 周仕承, 刘京菊, 钟晓峰, 卢灿举. 基于深度强化学习的智能化渗透测试路径发现 Intelligent Penetration Testing Path Discovery Based on Deep Reinforcement Learning 计算机科学, 2021, 48(7): 40-46. https://doi.org/10.11896/jsjkx.210400057 |
[11] | 李贝贝, 宋佳芮, 杜卿芸, 何俊江. DRL-IDS:基于深度强化学习的工业物联网入侵检测系统 DRL-IDS:Deep Reinforcement Learning Based Intrusion Detection System for Industrial Internet of Things 计算机科学, 2021, 48(7): 47-54. https://doi.org/10.11896/jsjkx.210400021 |
[12] | 陈海彪, 黄声勇, 蔡洁锐. 一个基于智能电网的跨层路由的信任评估协议 Trust Evaluation Protocol for Cross-layer Routing Based on Smart Grid 计算机科学, 2021, 48(6A): 491-497. https://doi.org/10.11896/jsjkx.201000169 |
[13] | 王金恒, 单志龙, 谭汉松, 王煜林. 基于遗传优化PNN神经网络的网络安全态势评估 Network Security Situation Assessment Based on Genetic Optimized PNN Neural Network 计算机科学, 2021, 48(6): 338-342. https://doi.org/10.11896/jsjkx.201200239 |
[14] | 董哲, 邵若琦, 陈玉梁, 翟维枫. 基于BERT和对抗训练的食品领域命名实体识别 Named Entity Recognition in Food Field Based on BERT and Adversarial Training 计算机科学, 2021, 48(5): 247-253. https://doi.org/10.11896/jsjkx.200800181 |
[15] | 张凯, 刘京菊. 基于吸收Markov链的网络入侵路径分析方法 Attack Path Analysis Method Based on Absorbing Markov Chain 计算机科学, 2021, 48(5): 294-300. https://doi.org/10.11896/jsjkx.200700108 |
|