Research And Implementation Of Unknown And Encrypted Traffic Identification Based On Convolutional Neural Network

The scale and density of network traffic are increasing year by year.The types of protocols and the types of application services are diversified.More malicious traffic hides data through disguise and encryption.Therefore,how to accurately identify network traffic is an important issue in network security.In this paper,the most popular deep learning techniques are used to establish the identification model.The model is trained by the payload of the traffic,and the protocol and application types of the traffic are identified.Especially,the identification of unknown and encrypted traffic have achieved good results.The research results of this paper have the following three points:1.Aiming at solving the problem that the unknown protocol types in complex network environment are difficult to identify,a deep learning-based unknown protocol traffic identification model is proposed in this paper.In this experiment,all types of traffic are classified according to application layer protocol types,and the unknown traffic which does not belong to any known protocol types is classified as a new unknown protocol type.In this paper,200,000 data streams are captured,and the load information of each data stream is used as a data set,then the identification model is trained and tested under Keras framework and Theano background with a convolution neural network in deep learning method.The accuracy of the identification model for traffic protocol types is 97.11%,and the identification accuracy of the unknown traffic is 86.05%.The experimental results show that this method is effective and it can identify unknown protocol traffic with high accuracy.2.Combined with the experimental experience of identification of traffic protocol types,the identification model for encrypted traffic is proposed,aiming at solving the problem that it is difficult to identify encrypted traffic with traditional methods.In the experiment,the application service using encryption algorithm to transmit data is classified into different types,and the simulation data is set up,then the encrypted traffic which dose not belong to known types in training model is classified into one type.In this paper,we collect 185,341 encrypted traffic generated by the application,train and test the identification model with a convolution neural network constructed by Keras framework and Theano background.Finally the identification accuracy of the encrypted traffic is 95.65%.It validates that the convolution neural networks can identify encrypted traffic accurately.3.Based on the above two identification models,a network traffic monitoring system is formed.This system uses B/S architecture to build a front-end web page for interface interaction.The server loads the proposed traffic identification models in this paper to identify the traffic flow.This system realizes the functions of traffic capture,traffic identification,identification results display and high-risk traffic alarming.In the end,a network traffic monitoring system formed with superior performance and complete functions.