Research On Encrypted Traffic Classification Based On Deep Learning

In the current trend of network traffic encrypted,with the wide application of network encryption technology and protocol.Facing with massive encrypted traffic,traffic tends to be complicated and diversified,it seriously affects the recognition effect of traffic detection system.Therefore,how to accurately classify encrypted traffic without decryption has gradually become a current research hotspot.1)in the dataset processing level,the problem of unbalanced distribution of encrypted traffic data still needs further research;2)in the feature extraction level,the current method of artificially designing features is difficult to deal with the current massive data,and the designed features are lagging,which consumes a lot of manpower and material resources;3)in the classifier level,the application scenario of classification model is single,the generalization ability is weak,and the stability of classification accuracy is poor.Relying on the technology of deep learning the key problems of encrypted traffic classification are studied.This paper aims to improve the accuracy and generalization ability of classification in the current complex network environment.The research work and main contributions of this paper are as follows:In view of the fact that current machine learning algorithms rely on hand features driven by domain experts and cannot meet the current large-scale network classification of massive encrypted traffic,in order to ensure the quality of service,network security management and anomaly detection requirements for refined classification of encrypted traffic,a Research on encryption traffic classification based on characterization learning.First,the convolutional neural network in characterization learning is used to improve the feature learning method.When more abundant features are learned,the parameters of the convolution kernel are reduced to achieve a high-accuracy encryption traffic classification effect.Theoretical analysis and experimental results show that the method proposed in this paper has a higher accuracy rate of encrypted traffic classification while realizing automatic feature learning.Aiming at the problem that the classifier tends to the majority class samples and the minority class samples are misclassified due to the imbalance of the flow categories in the flow data,an imbalanced flow data distribution preprocessing model based on an improved conditional variational auto-encoding algorithm is proposed.Compared with the traditional unbalanced data processing method,this method uses a decoder to generate a small sample of traffic data,and adds the newly generated traffic data to the original data to form a balanced enhanced data set.This method can solve the problems of over-fitting and fuzzy boundary in traditional over-sampling algorithms and the problem of missing valid information of samples in under-sampling.The improved oversampling algorithm proposed in this paper can save a lot of time and reduce the complexity of the task.Finally,through a number of experiments to adjust the super parameters of the neural network,the results of the accuracy,precision and F1 value of the encrypted traffic experimental data set show that this method can improve 1%-5% compared with other methods,and has high application value.Aiming at the feature dependence of encrypted malicious traffic and the low stability of detection accuracy,a detection model based on the combination of graph convolutional neural network and long-and short-term memory cyclic neural network is proposed.This method uses graph convolutional neural networks to learn the node attribute characteristics and structural characteristics of network traffic,and uses two-way LSTM to further learn the upper-layer timing characteristics of network traffic.The above-mentioned feature learning process is an automatic learning process without decrypting the encrypted traffic.The network can dynamically update the learning node features to ensure the anomaly detection of new traffic types.Several experimental indexes are used to compare the four methods from three aspects: the accuracy of the classifier,the detection effect of unbalanced data and the stability of the detection accuracy of the classifier.The experimental results show that the proposed method effectively improves the stability of the classification detection accuracy.