计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (11A): 241200126-7.doi: 10.11896/jsjkx.241200126

• 信息安全 • 上一篇    下一篇

基于多层级图表征增强的加密应用流量识别方法

王志宏1, 刘昇然2, 池泽桂3, 杨莹1   

  1. 1 公安部第三研究所网络侦查技术研发中心 上海 200000
    2 广东省公安厅网络警察总队 广州 510000
    3 惠州市公安局网络警察支队 广东 惠州 516000
  • 出版日期:2025-11-15 发布日期:2025-11-10
  • 通讯作者: 王志宏(zhwang817@foxmail.com)
  • 基金资助:
    公安部科技强警基础工作计划项目(2023JC21);国家重点研发计划项目(2021YFB3101405)

Classification of Encrypted Application Traffic Enhanced by Multi-level GraphRepresentation

WANG Zhihong1, LIU Shengran2, CHI Zegui3, YANG Ying1   

  1. 1 R&D Center of Network Investigation Technology,The Third Research Institute of The Ministry of Public Security,Shanghai 200000,China
    2 NET Police Corps,Guangdong Provincial Public Security,Guangzhou 510000,China
    3 NET Police Troops,Huizhou Municipal Public Security Bureau,Huizhou,Guangdong 516000,China
  • Online:2025-11-15 Published:2025-11-10
  • Supported by:
    Ministry of Public Security Science and Technology Strengthening Police Project(2023JC21)and National Key R&D Program of China(2021YFB101405).

PDF (PC)

9

摘要: 随着对隐私保护和数据安全需求的提高,流量加密技术被越来越多的应用和服务使用。流量加密技术在保护用户隐私的同时,也为非法目的使用者提供了便利,给网络安全防御和监管带来了严重威胁。针对当前加密应用流量识别中单条和多条会话流表征不足的问题,提出了一种基于多层级图表征增强的加密应用流量识别方法。该方法从单条会话流出发,基于数据包负载长度、方向、包序列、簇信息等交互特征,实现了单条会话流中基于多类型交互信息的数据包图构建和表征。进一步,突破单条会话流限制,研究基于流序列关联关系的多会话流图构建和表征。最后,引入图神经网络技术,实现了基于数据包图表征和会话流图表征的加密应用流量识别。在通用的ISCX VPN-nonVPN 2016数据集上进行实验验证,结果表明所提方法在VPN和non-VPN类别上的整体识别准确率分别达到了98.1%和89.2%,且相比于现有Text-based-CNN和k-GNN等基线算法,其对不同类别流量识别结果的F1值有显著提升。

关键词: 加密流量, 加密应用识别, 图神经网络, 数据包图, 会话流图

Abstract: With the increasing demand for privacy protection and data security,more and more applications and services use traffic encryption technology.While protecting users’ privacy,it also provides convenience for illegal users,seriously threatening network security defense and supervision.Due to the limitation of single and multiple records in representation,this paper proposes a model of encrypted application traffic enhanced by the multi-level graph representation.The proposed method constructs packet graphs based on multi-type interactive information in a single record,such as payload length,direction,sequence,and cluster information.Furtherly,multi-record graphs are constructed based on flow sequence association to break through the limitation of a single record.Finally,the graph neural network is introduced to realize the representation of traffic based on packet graphs and record graphs.Experiments are carried out on the ISCX VPN-nonVPN 2016 dataset,which is a widely used open-source dataset in the encrypted traffic classification area.Experimental results show the overall classification accuracy of the proposed method on VPN and non-VPN reach 98.1% and 89.2% respectively,and the F1 score is significantly improved compared with Text-based-CNN,k-GNN etc.

Key words: Encrypted traffic, Encrypted application classification, Graph neural network, Package graph, Record graph

中图分类号: 

  • TP391
[1]MADHUKAR A,WILLIAMSON C.A longitudinal study ofP2P traffic classification[C]//Proceedings of the 14th IEEE International Symposium on Modeling,Analysis,and Simulation.Piscataway:IEEE,2006:179-188.
[2]GU C,ZHANG S,SUN Y.Realtime encrypted traffic identification using machine learning[J].Journal of Software,2011,6(6):1009-1016.
[3]HAYES J,DANEZIES G.k-fingerprinting:A robust scalablewebsite fingerprinting technique[C]//Proceedings of the 25th USENIX Security Symposium.New York:ACM,2016:1187-1203.
[4]SUN G L,XUE Y,DONG Y,et al.An novel hybrid method for effectively classifying encrypted traffic[C]//Proceedings of the 2010 IEEE Global Telecommunications Conference.Piscataway:IEEE,2010:1-5.
[5]NGUYEN T T T,ARMITAGE G.A survey of techniques for internet traffic classification using machine learning[J].IEEE communications surveys & tutorials,2008,10(4):56-76.
[6]WANG Z.The applications of deep learning on traffic identification[J].BlackHat,2015,24(11):1-10.
[7]SONG M,RAN J,LI S.Encrypted traffic classification based on text convolution neural networks[C]//Proceedings of the 2019 IEEE 7th International Conference on Computer Science and Network Technology.Piscataway:IEEE,2019:432-436.
[8]XUE W L,YU J,GUO Z Q,et al.End-to End Encrypted Traffic Classification Based on Feature Fusion Convolutional Neural Network[J].Computer Engineering and Applications,2023,9(1):32-41.
[9]SHI G Z,LI K Y,LIU Y,et al.Encrypted traffic identification method based on deep residual capsule network with attention mechanism[J].Chinese Journal of Network and Information Security,2023,9(1):32-41.
[10]LIU C,HE L,XIONG G,et al.Fs-net:A flow sequence network for encrypted traffic classification[C]//The Proceeding of the 2019-IEEE Conference on Computer Communications.Piscataway:IEEE,2019:1171-1179.
[11]ZHANG S R,BO Y J,CHEN B,et al.Encrypted Traffic Classification Method Based on Multi-Layer Bidirectional SRU and Attention Model[J].Computer Engineering,2022,48(11):127-136.
[12]LIN P,YE K,HU Y,et al.A Novel Multimodal deep learning framework for encrypted traffic classification[J].IEEE/ACM Transactions on Networking,2023,31(3):1369-1384.
[13]HUOH T L,LUO Y,LI P,et al.Flow-based encrypted network traffic classification with graph neural networks[J].IEEE Transactions on Network and Service Management,2022,20(2):1224-1237.
[14]OKONKWO Z,FOO E,HOU Z,et al.Encrypted network traffic classification with higher order graph neural network[C]//The Proceeding of the 2023 Australasian Conference on Information Security and Privacy.Cham:Springer,2023:630-650.
[15]YU X W,CHEN D W.Research on Encrypted Traffic Classification of Graph Neural Network Based on Attention Mechanism[J].Journal of Information Security Research,2023,9(1):9-13.
[16]YANG Y,YAN Y,GAO Z,et al.A network traffic classificationmethod based on dual-mode feature extraction and hybrid neural networks[J].IEEE Transactions on Network and Service Mana-gement,2023,20(4):4073-4084.
[17]DENG X,LIU C H,OU Y Y,et al.Encrypted malicious trafficidentification based on CNN CBAM-BiGRU attention[J].Computer Engineering,2023,49(11):178-186.
[18]CHEN S Y,MA H L,ZHANG J H.Encrypted traffic classification based on CNN and BiGRU based on attention mechanism[J].Computer Science,2024,51(8):396-402.
[19]HU G,XIAO X,SHEN M,et al.TCGNN:Packet-grained network traffic classification via graph neural networks[J].Engineering Applications of Artificial Intelligence,2023,123:106531.
[20]CHEN Z,CHENG G,NIU D,et al.WFF-EGNN:encryptedtraffic classification based on weaved flow fragment via ensemble graph neural networks[J].IEEE Transactions on Machine Learning in Communications and Networking,2023,1:389-411.
[21]CAI W,GOU G,JIANG M,et al.Memg:mobile encrypted traffic classification with markov chains and graph neural network[C]//The Proceeding of the 2021 IEEE 23rd International Conference on High Performance Computing & Communications;7th Int Conf on Data Science & Systems;19th Int Conf on Smart City;7th Int Conf on Dependability in Sensor,Cloud & Big Data Systems & Application(HPCC/DSS/SmartCity/DependSys).Piscataway:IEEE,2021:478-486.
[22]SHEN M,ZHANG J,ZHU L,et al.Accurate decentralized application identification via encrypted traffic analysis using graph neural networks[J].IEEE Transactions on Information Forensics and Security,2021,16:2367-2380.
[23]WANG Q F,ZHAI J T,CHEN W,et al.An encrypted trafficclassification method based on graph convolutional neural networks[J].Electronic measurement technology,2022,45(14):109-115.
[24]LIN H G,ZHANG Y L,GUO N X,et al.P2P Botnet Detection Method Based on Graph Neural Network[J].Advanced Engineering Sciences,2022,54(2):65-72.
[25]LI M X,PENG C,WANG H,et al.A robust encrypted traffic identification scheme based on graph neural network[J].Telecommunications Science,2024,40(6):89-99.
[26]GIOACCHINI L,CAVALLO A,MELLIA M,et al.Exploringtemporal GNN embeddings for darknet traffic analysis[C]//Proceedings of the 2nd on Graph Neural Networking Workshop.New York:ACM,2023:31-36.
[27]ZHAO J J,LI Q,LIU S L,et al.Towards traffic supervision in 6G:a graph neural network-based encrypted malicious traffic detection method[J].Scientia Sinica Informationis,2022,52:270-286.
[28]TAO Y,DU L M,SHEN T T.Encrypted Traffic Identification Based on Two-branch Multi-stage Spatiotemporal Feature Fusion[J].Journal of Chinese Computer Systems,2024,45(6):1489-1495.
[29]HE H Y,YANG Z G,CHEN X N.PERT:payload encoding rep-resentation from transformer for encrypted traffic classification [J].ZTE Communications,2022,19(4):90-97.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发