Research On Traffic Analysis And Identification Technology Based On Network Flow Characteristics

With the rapid development of Internet technology,cyberspace has become an indispensable activity space for human life.Network services and applications emerge in endlessly,which makes the scale of network traffic data increase rapidly.Therefore,how to identify the type of traffic and filter some malicious traffic to avoid high-speed network congestion and ensure the quality of service for key services quickly and accurately,have important reference and practical value in research fields such as network resource allocation,service quality assurance and intrusion detection.As the widespread application of new services such as private protocols or encryption protocols,the traditional traffic identification methods have been unable to meet performance requirements,especially the shortcomings of low efficiency in identifying anonymous or malicious traffic,low multi-class accuracy and poor generalization capabilities.In this environment,the recognition method based on the characteristics of the network flow is widely concerned in the field of traffic recognition because of efficiency and flexibility.Based on this research background,this thesis analyzes the characteristics of anonymous traffic and malicious traffic,and designs corresponding detection and recognition schemes by machine learning and deep learning according to the characteristics of network traffic.The main research work and contributions are as follows:(1)This thesis analyzes the characteristics of Tor anonymous network interaction,designs a set of network flow characteristics for Tor traffic behavior detection and a set of network flow characteristics for Tor traffic application identification,and extracts the set of characteristics on UNB-CIC Tor through network flow aggregation,feature extraction,data cleaning and other operations.In addition,this thesis analyzes the different characteristics of malicious network traffic in time and space.While retaining the original data timing characteristics,47 network traffic characteristics are extracted from the malicious traffic data set IDS2018 for training and testing of the later model.(2)In order to solve the problem that the existing anonymous network traffic identification technology based on supervised learning has insufficient representation learning ability,this thesis designs an anonymous network traffic behavior detection and application identification method based on improved deep forest.In order to obtain more feature sub samples,this paper uses the multi grained scanning of deep forest to find the correlation among multiple features,and uses the powerful representation learning ability of cascaded forest to detect and identify Tor anonymous traffic.Moreover,in order to extract more information from multi grained scanning,this thesis implements a new multi grained scanning sliding mode according to the characteristics of network flow data,and further enhances the representational learning ability of cascaded forest by increasing the diversity of cascaded forest classifiers.(3)In view of the different characteristics of malicious network traffic in time or space,this thesis designs a combination of one-dimensional convolutional neural network and independent recurrent neural network model to identify malicious network traffic.Among them,one-dimensional convolution neural network is used to extract the local features of multiple network flow data,and independent recurrent neural network is used to obtain the sequential relationship between high-level features.Finally,this thesis analyzes the performance indexes under different network structures.Experiments includes six real malicious traffic samples such as DDo S and brute force,and the results show that the proposed method is better than the existing methods.