计算机科学 ›› 2022, Vol. 49 ›› Issue (11): 293-301.doi: 10.11896/jsjkx.210800252
吴吉胜, 洪征, 马甜甜, 林培鸿
WU Ji-sheng, HONG Zheng, MA Tian-tian, LIN Pei-hong
摘要: 针对现有协议识别方法无法有效提取协议数据的时间和空间特征导致协议识别准确率不高的问题,提出了一种基于一维残差网络和循环神经网络的应用层协议识别方法。所构造的协议识别模型由一维预激活残差网络(PreResNet)和双向门控循环神经网络(BiGRU)组成,利用一维PreResNet提取协议数据的空间特征,利用 BiGRU提取协议数据的时间特征,在此基础上通过注意力机制提取与协议识别有关的关键特征来提高协议识别的准确率。所提方法首先从网络流量中提取应用层协议数据,对数据进行预处理,从而将其转化为一维向量;然后利用训练数据对分类模型进行训练,得到成熟的协议识别模型;最后用训练好的分类模型识别应用层协议。在公开数据集ISCX2012上进行测试实验,结果表明,所提协议识别模型的总体准确率为96.87%,平均F值为96.81%,高于对比的协议识别模型。
中图分类号:
[1]HE K M,ZHANG X Y,REN S Q,et al.Identity Mappings in Deep Residual Networks[C]//Proceedings of the European Conference on Computer Vision(ECCV).2016:630-645. [2]LOPEZ-MARTIN M,CARRO B,SANCHEZ-ESGUEVILLASA,et al.Network Traffic Classifier With Convolutional and Recurrent Neural Networks for Internet of Things[J].IEEE Access,2017,5:18042-18050. [3]CHUNG J Y,GULCEHRE C,CHO K,et al.Empirical Evaluation of Gated Recurrent Neural Networks on Sequence Modeling[J].arXiv:1412.3555,2014. [4]ZHENG C,XUE M Y,HONG T T,et al.DC-BiGRU_CNNModel for Short-text Classification[J].Computer Science,2019,46(11):186-192. [5]BAHDANAU D,CHO K,BENGIO Y.Neural Machine Translation by Jointly Learning to Align and Translate[J].arXiv:1409.0473,2014. [6]MAO J W,HU Y Q,JIANG D,et al.CBFS:A Clustering-Based Feature Selection Mechanism for Network Anomaly Detection[J].IEEE Access,2020,8:116216-116225. [7]MONSHIZADEH M,KHATRI V,GAMDOU M,et al.Improving Data Generalization With Variational Autoencoders for Network Traffic Anomaly Detection [J].IEEE Access,2021,9:56893-56907. [8]CHEN W X,LYU F,WU F,et al.Sequential Message Characterization for Early Classification of Encrypted Internet Traffic [J].IEEE Transactions on Vehicular Technology,2021,70(4):3746-3760. [9]LI D Q,WANG X,YU B,et al.Network Traffic Classification Method Based on One-Dimensional Convolution Neural Network[J].Computer Engineering and Applications,2020,56(3):94-99. [10]ISLAM F U,LIU G J,ZHAI J T,et al.VoIP Traffic Detection in Tunneled and Anonymous Networks Using Deep Learning [J].IEEE Access,2021,9:59783-59799. [11]FENG W B,HONG Z,WU L F,et al.Network Protocol Recognition Based on Convolutional Neural Network[J].China Communications,2020,17(4):125-139. [12]MA R L,QIN S J.Identification of unknown protocol trafficbased on deep learning[C]//2017 3rd IEEE International Conference on Computer and Communications(ICCC).2017:1195-1198. [13]WANG Y,ZHOU H Y,FENG H,et al.Network traffic classification method basing on CNN[J].Journal on Communications,2018,39(1):14-23. [14]RAN J,CHEN Y X,LI S L.Three-dimensional convolutional neural network based traffic classification for wireless communications[C]//2018 IEEE Global Conference on Signal and Information Processing(GlobalSIP).2018:624-627. [15]LIPPMAN R,CUNNINGHAM R,FRIED D,et al.Results of the DARPA 1998 offline intrusion detection evalution[OL].https://ll.mit.edu/ideval/files/RAID_1999a.pdf. [16]SHIRAVI A,SHIRAVI H,TAVALLAEE M,et al.Toward developing a systematic approach to generate benchmark datasets for intrusion detection[J].Computers & Security,2012,31(3):357-374. |
[1] | 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠. 基于战术关联的网络安全风险评估框架 Network Security Risk Assessment Framework Based on Tactical Correlation 计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171 |
[2] | 王磊, 李晓宇. 基于随机洋葱路由的LBS移动隐私保护方案 LBS Mobile Privacy Protection Scheme Based on Random Onion Routing 计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077 |
[3] | 王馨彤, 王璇, 孙知信. 基于多尺度记忆残差网络的网络流量异常检测模型 Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network 计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011 |
[4] | 彭双, 伍江江, 陈浩, 杜春, 李军. 基于注意力神经网络的对地观测卫星星上自主任务规划方法 Satellite Onboard Observation Task Planning Based on Attention Neural Network 计算机科学, 2022, 49(7): 242-247. https://doi.org/10.11896/jsjkx.210500093 |
[5] | 赵冬梅, 吴亚星, 张红斌. 基于IPSO-BiLSTM的网络安全态势预测 Network Security Situation Prediction Based on IPSO-BiLSTM 计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103 |
[6] | 邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓. 一种可快速迁移的领域知识图谱构建方法 Fast and Transmissible Domain Knowledge Graph Construction Method 计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018 |
[7] | 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏. 基于网络媒体的非线性动力学信息传播模型 Nonlinear Dynamics Information Dissemination Model Based on Network Media 计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043 |
[8] | 高荣华, 白强, 王荣, 吴华瑞, 孙想. 改进注意力机制的多叉树网络多作物早期病害识别方法 Multi-tree Network Multi-crop Early Disease Recognition Method Based on Improved Attention Mechanism 计算机科学, 2022, 49(6A): 363-369. https://doi.org/10.11896/jsjkx.210500044 |
[9] | 陶礼靖, 邱菡, 朱俊虎, 李航天. 面向网络安全训练评估的受训者行为描述模型 Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment 计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048 |
[10] | 吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳. 基于进化神经网络的电力信息网安全态势量化方法 Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network 计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151 |
[11] | 韩红旗, 冉亚鑫, 张运良, 桂婕, 高雄, 易梦琳. 基于共同子空间分类学习的跨媒体检索研究 Study on Cross-media Information Retrieval Based on Common Subspace Classification Learning 计算机科学, 2022, 49(5): 33-42. https://doi.org/10.11896/jsjkx.210200157 |
[12] | 赵人行, 徐频捷, 刘瑶. 基于深度卷积残差网络的心电单导联房颤检测方法 ECG-based Atrial Fibrillation Detection Based on Deep Convolutional Residual Neural Network 计算机科学, 2022, 49(5): 186-193. https://doi.org/10.11896/jsjkx.220200002 |
[13] | 喻昕, 林植良. 解决一类非光滑伪凸优化问题的新型神经网络 Novel Neural Network for Dealing with a Kind of Non-smooth Pseudoconvex Optimization Problems 计算机科学, 2022, 49(5): 227-234. https://doi.org/10.11896/jsjkx.210400179 |
[14] | 安鑫, 代子彪, 李阳, 孙晓, 任福继. 基于BERT的端到端语音合成方法 End-to-End Speech Synthesis Based on BERT 计算机科学, 2022, 49(4): 221-226. https://doi.org/10.11896/jsjkx.210300071 |
[15] | 高心悦, 田汉民. 基于改进U-Net网络的液滴分割方法 Droplet Segmentation Method Based on Improved U-Net Network 计算机科学, 2022, 49(4): 227-232. https://doi.org/10.11896/jsjkx.210300193 |
|