Research On Application Of Network Traffic Identification Based On TCP Flow Feature Extraction Technology

As the basis of network management and security analysis,network traffic iden-tification plays a vital role in network security situational awareness.With the rapid development of the Internet,new types of services using private protocols or encrypted protocols are emerging in an endless stream.Their appearance makes the traditional traffic identification technologies based on port number and Deep Packet Inspection gradually ineffective.Due to its high efficiency and the ability to identify encrypted network traffic,Deep Flow Inspection(DFI)technology has attracted more and more attention in the field of network traffic identification.The existing DFI-based traffic identification technologies have a low recognition rate because of the lack of features or improper selection of the dissimilarity measure.Thus,the network security and the quality of service cannot be adequately guaranteed.Therefore,it is of great signifi-cance in network security situational awareness to study the dissimilarity measurement algorithms and feature selection algorithms in different traffic identification scenarios.According to the transmission features of the TCP flow,this dissertation proposes a new dissimilarity measurement algorithm and feature extraction algorithm and studies the problem of malicious intrusion detection and smart device identification in network traffic identification.Given the current research status of malicious intrusion detection technologies,this dissertation first carries out the application of dissimilarity measure-ment in unsupervised malicious intrusion detection technologies.Secondly,to over-come the shortcomings of the low recognition rate of unsupervised algorithms,this dissertation studies the supervised malicious intrusion detection technology based on TCP flow features.Finally,starting from the source of traffic generation,this disser-tation studies the smart device identification technology based on TCP flow features.The main contents and contributions of this dissertation are summarized as follows:1.Aiming at the defect that distance-based dissimilarity measurement cannot ac-curately measure the dissimilarity between data points in manifold structure.this dis-sertation presents an improved data dependent dissimilarity measure.We apply this measure to the unsupervised malicious intrusion detection experiment based on TCP flow features.The detection accuracy shows that the proposed measure outperforms the existing distance-based dissimilarity measures.2.Given the fact that the current supervised malicious intrusion detection tech-nologies based on traffic identification have insufficient features,this dissertation uses the 246 attributes generated during the TCP communication process as the feature space to identify malicious intrusion behaviors and designs a heuristic method for dimension reduction.The experimental procedure detects a total of six real malicious intrusion samples including WannaCry.The detection accuracy shows that our proposed plan is superior to the existing methods.3.Because smart device control is a fundamental measure to ensure network ser-vice quality and information security,this dissertation proposes a method for identify-ing smart devices by using the statistical features of TCP data streams generated during loading of webpages by different devices.The average recognition rate of these de-vices measured in an actual WiFi environment reaches 98.4%.The method is highly scalable and can efficiently identify different types of websites,and the recognition rate can reach 95.9%.