Research On Ssl Vpn Encrypted Traffic Identification Method Based On Hybrid Method

In today's accelerated development of the Internet,network traffic has increased dramatically.At the same time,various types of cyber attacks have also increased,and network security issues have received more and more attention.SSL VPN is a widely used secure transmission method.It establishes a secure tunnel to ensure the security of information transmission,but it also brings opportunities for many lawless elements.Some hackers use this method to bypass the firewall.Testing of safety facilities.Therefore,the effective identification of SSL VPN encrypted traffic is very important for network supervision.Based on the characteristics of SSL VPN encrypted traffic,this paper proposes a hybrid method to realize the identification of SSL VPN encrypted traffic in two stages.The hybrid method of this paper first uses the fingerprint identification method to identify the SSL encrypted traffic in the network,narrows the recognition range,and then uses the machine learning method to identify the SSL VPN traffic in the network.The main work of this paper is reflected in the following three aspects:First,this paper proposes a new fingerprint identification method to realize the identification of SSL encrypted traffic,which effectively solves the problem of high leakage recognition rate in traditional fingerprint identification methods.The method proposed in this paper expands the scope of SSL message recognition and adds the relevant features of the stream as the basis for judgment.The experimental results show that the proposed method is better than the traditional fingerprint recognition method,and the average recognition accuracy is above 0.985.9 percentage points higher than the traditional method.Secondly,aiming at the shortcomings of the SMOTE method,this paper proposes a new C-SMOTE method,which solves the problem of sample margination and classification boundary blur in the SMOTE method.The SMOTE method uses a randomly selected sample of a few types to generate a new sample to achieve sample balance.This method is widely used because it is simple and effective,but it also has some shortcomings.Since the center point samples in the SMOTE method are randomly selected,if the extracted samples are noise points or at the edge of the data set,the newly generated samples will not perform well and cannot reflect the characteristics of the original samples.At the same time,the randomly generated new samples may also cause the classification boundary to be blurred,which makes the classification performance of the model degrade.The C-SMOTE method proposed in this paper takes a centroid of the minority sample as the center to generate a new sample,and then deletes the boundary fuzzy sample after generating a new data set.Both theoretical analysis and experimental results show that the effect of the C-SMOTE method is significantly better than the SMOTE method,and the effect of the classifier is improved by more than 2.1 percentage points.Thirdly,based on genetic algorithm(GA)and random forest(RF)algorithm,two algorithms,PGA-RF and CGA-RF,are proposed.The two methods are combined to realize the effective identification of SSL VPN encrypted traffic.The PGA-RF algorithm combines the genetic algorithm with the random forest to find the optimal parameters of the RF algorithm under the current conditions,and then uses these parameter values as input to the CGA-RF algorithm.The CGA-RF algorithm combines the idea of genetic algorithm and selective integration to select a high quality subclassifier from the set of classifiers to construct a random forest.The experimental results show that the CGA-RF algorithm is significantly better than the RF algorithm,and the recognition rate of SSL VPN encrypted traffic reaches 93.2%.