Research On Encrypted Traffic Recognition Based On Deep Learning

With the rapid development of network technology,various network applications and services are emerging one after another,and network traffic is showing explosive growth.At the same time,network security issues have gradually become a hot spot of concern.With the enhancement of people’s security awareness,encryption technology has been widely used,making the encrypted traffic in the network continue to rise However,encryption is a double-edged sword,which not only protects the privacy of users,but also provides opportunities for eavesdroppers.Therefore,as an important foundation for improving network management,improving network service quality,and maintaining network security,accurate identification of network encrypted traffic has become an urgent problem to be solved.However,traditional traffic recognition algorithms no longer work due to port concealment,difficulty in feature extraction and the emergence of encryption protocols.Although the combination of machine learning algorithms and manual design was once the mainstream method to solve this problem,it requires a lot of manpower to extract and process features,which rely on prior knowledge heavily.Therefore,this htese used the deep learning technology that can automatically extract the potential features of encrypted traffic to carry out the research on the identification of encrypted traffic.The main work of this thesis are summarized as follows:1.The thesis proposed the feature selection methods for network encryption traffic identification.In response to the current needs for the identification of encrypted traffic and analysis of network traffic encryption principles and related protocols,this thesis proposed extracted a variety of features based on encrypted traffic for the identification of application type and content type,such as protocol state sequence of flows,the length of network packets,payload of packets and so on.Besides,considering the multi-stage characteristics of encrypted traffic that are the handshake negotiation stage and data transmission stage,the encryption protocol extension field information and the length sequence of the TCP data segment are extracted based on the above characteristics.Finally,taking advantage of different algorithm models to explore the features according to the different forms of features,and selected the features that have the best effect on identifying encrypted traffic.2.The thesis proposed an encrypted traffic identification algorithm based on fusion of multi-stage analysis.Aiming at the current single-task identification of encrypted traffic,this thesis used the multi-stage features selected above to realize multi-task recognition.In addition,the algorithm based on multi-stage feature fusion for different recognition tasks was further proposed after the comparison of relevant experimental effects and the visual analysis of multi-stage features to improve the identification effect of encrypted traffic.The experimental results showed that the fusion of multi-stage features not only improved the effect of single-task identification,but the correlation effect of the identification was also better than other schemes for multi-task recognition.3.The thesis designed and implemented a prototype system for online network encryption traffic identification.In response to the current real-time encrypted traffic identification requirements,this thesis uses the multi-stage feature fusion algorithm mentioned above as the theoretical support to propose the functional framework of the online encrypted traffic identification system.The specific implementation process was explained from the perspective of offline training and online identification for the entire system,at the same time,the identification effect is visualized through the front and rear end interfaces.