Analysis Of Encrypted Traffic Based On Machine Learning

With the continuous development of Internet technology,the security awareness of network users is constantly increasing.In order to protect the privacy of users and meet the needs of network security,network traffic needs to be encrypted during communication,but encrypted traffic also gives malicious traffic an opportunity,so research on the technology related to encrypted traffic has become a hot spot.Here,based on machine learning,research is conducted on the problem of low recognition rate of abnormal encrypted traffic(especially related recognition of malware)and poor recognition of normal dynamic web traffic.The specific work includes the following aspects:(1)An abnormal encrypted traffic identification method based on RF-PSO feature extraction is proposed.This method uses a new feature selection algorithm RF-PSO algorithm,combining Relief F algorithm with particle swarm optimization algorithm.First,assign weights to multiple features through the Relief F algorithm,and select the feature group with strong classification ability according to the weight;then reduce the dimensionality of the features to reduce the calculation of the particle space search;then use the PSO algorithm to eliminate the features Redundant features in the group to get the optimal feature subset;Finally,the XGBoost classification algorithm is used to identify normal encrypted traffic and abnormal encrypted traffic,and to distinguish the malware that the abnormal traffic belongs to.Experimental results show that this method can effectively distinguish normal encrypted traffic from abnormal encrypted traffic.Compared with the method of identifying abnormal traffic based on multi-granularity characteristics,the recognition accuracy of malware has improved,and it has a better classification for different malware..(2)For the application of web fingerprint recognition on normal dynamic web page traffic,a web fingerprint recognition method for VPN traffic based on feature enhancement is proposed.According to the surge time of traffic density,a new characteristic traffic surge period is introduced,and the LightGBM algorithm is used for classification.The experimental results show that the use of new features can make up for the gap between the fingerprint performance of static and dynamic websites.The recognition rate of fingerprint recognition technology on dynamic websites has increased from 90% to 96%.This paper innovatively proposes two methods for feature extraction of encrypted traffic.The experiments were conducted to identify malware from abnormal encrypted traffic and normal encrypted traffic from dynamic web pages.The experiments show that both methods have high recognition accuracy.