Research And Implementation Of Fine-grained Identification Under SSH Tunnel Based On Deep Learning

With the rapid development of Internet technology in recent years,the number of users in the network is also on the rise,resulting in an increasingly large network traffic.Network traffic and the rapid growth of various application protocol data messages in the network increase the traffic in the network and complicate the protocol types,which seriously affect the overall network rate and bring great inconvenience to network supervision.In order to reduce the risk of network security and filter the illegal applications and contents existing in the network,the traffic classification in the network needs to be refined and classified.The main research results of the thesis include the following aspects:1.Propose an identification model of application under SSH tunnel based on convolutional neural network.The model has three convolutional layers that better extract the characteristics of the input data by combining the convolutional layer with the pooled layer.The experiment uses the network traffic payload information captured in the simulation environment as a data set,and the final model recognition accuracy reaches 95%.The experimental results show the effectiveness of the proposed method and can be used to identify encrypted tunnel traffic.The model identifies the types of applications in the network that are hidden in the tunnel and reduces the risk of malware intrusion.2.Proposed a deep learning algorithm based on SFTP file type identification model.This thesis uses crawlers to crawl raw file data such as pictures,audio,text,etc.from the network,and then uses a script to send the file through SFTP and capture traffic to construct the data set.The convolutional neural network model built by Keras framework and Tensorflow backend achieves a final recognition rate of 93%.The purpose of this experiment is to understand the condition of the network in more detail and prevent the network bandwidth occupied by violating the specified file type in the network and affecting the network security.3.Combined with the above two experiments identification model,at the same time adding network traffic real-time acquisition and analysis functions,developed a set of network traffic monitoring system.In the system implementation,this thesis sets up Web services on the server,and grab the network export traffic.The system is based on the B/S architecture,allowing network managers to view real-time information on the web browser.