Research On Encrypted Traffic Classification Based On Deep Learning

With the rapid development of the Internet,the traffic on the network has been growing exponentially,making network management increasingly difficult.As a key technology in network management,network traffic classification technology is of great significance for maintaining network security and ensuring network Qo S.However,based on user privacy considerations,more and more encrypted traffic appears on the network,making traditional network traffic classification schemes based on port numbers and deep packet inspection no longer applicable.Although classification method of encrypted traffic based on machine learning has achieved some results,this method needs to extract effective expert features,so it has certain limitations.In recent years,researchers have gradually turned their attention to deep learning,classifying encrypted traffic with the ability of deep learning to automatically extract features.Based on the existing deep learning encrypted traffic classification schemes,the main research contents of this paper are as follows:(1)We use a traffic capture tool to capture encrypted traffic generated by 14 applications in a real network environment,divide it into traffic sessions,and process the sessions to obtain four different data sets.Aiming at the problem that the softmax loss function cannot extract deep feature relationships,we combine a prototype learning loss function with a traditional Convolutional Neural Network(CNN)to construct a convolutional prototype network.Onedimensional convolutional prototype network and two-dimensional convolutional prototype network are used to classify different data sets,and compared with traditional convolutional neural networks,respectively.It is proved that the new network is beneficial to improve the classification accuracy of encrypted traffic.In addition,we use a convolutional prototype network to classify encrypted traffic containing unknown classes.The experimental results show that compared with the traditional network,the proposed network improves the classification performance of known classes and also improves the recall rate of unknown classes.(2)Concerning the problem that the convolutional neural network cannot extract the timing characteristics between session traffic packets,we introduce Long Short-term Memory(LSTM)network into encrypted traffic classification,and construct a LSTM prototype network.The first 128 bytes of the first 8 packets of each session traffic are used to extract the timing characteristics between the packets.Compared with the convolutional prototype network using the same data set,the classification performance is effectively improved.In order to make the extracted features more comprehensive,we propose the LSTM-CNN prototype network structure,using LSTM and convolutional neural network to extract the time series features and spatial features in the data packet,and combine the two features to classify encrypted traffic.The experimental results show that the classification accuracy of this kind of network is up to 95.8%,which is better than the single LSTM prototype network and convolution prototype network.Finally,we use the LSTM-CNN prototype network to classify encrypted traffic containing unknown classes,and compare two classification strategies based on the probability threshold and distance threshold.The experimental results show that the method based on distance threshold performs better in classification and the overall accuracy rate reached 93.65%.