| With the rapid development of Internet communication technology and the expansion of network scale,more and more applications have been appearing in the network.Besides the known application traffic,there is also plenty of unknown,private and malicious network traffic,which has raised challenges for network security.Network traffic identification is a basic problem related to various network security applications,for example,intrusion detection and defense systems,network management systems,etc.It is considered that by analyzing network traffic,malicious traffic attacks can be detected therefore countermeasures can be taken immediately.Furthermore,based on the statistical results of application traffic,network resources can be reasonably configured to provide better network services.However,due to the popularization of traffic encryption technology and private protocols,as well as the large-scale increase of the network traffic data and applications,some traditional methods may not work today.There is a need to propose more accurate and efficient methods for real network traffic identification.Therefore,this paper aims to improve the accuracy and the degree of automation of traffic identification in a complex network environment.In this research,this paper will focus on the visualization of network traffic data packets,the automatic extraction of traffic image features,the identification of unknown traffic under limited resources,and the realization of intelligent traffic identification system.The main research results are as follows:1.A new method of converting network data packets to traffic images is proposed.In order to make the deep metric learning better adapt to the characteristics of traffic data,this paper first studies the visualization of network traffic data packets to convert the traffic into images that can be identified by the convolutional neural network.By analyzing the network traffic and the frame structure of the data packet,the Scapy tool is used to locate the transmission layer and the application layer of the data packet.The data at the corresponding location is extracted as the key information for traffic identification.After that,the information obtained is expanded into binary codes and mapped to grayscale images according to specific rules.Experiments have verified the rationality of this method in design,and it is found that,in comparison with other traffic processing methods,the method in this paper could achieve higher accuracy.2.A traffic feature extraction algorithm based on deep metric learning is proposed.In order to achieve the purpose of automatically extracting traffic features,this paper applies a deep neural network model to autonomously learn the features of traffic images.The network takes the lowdimensional feature embedding as output,and uses the L2-triplet loss function to directly optimize the feature embedding itself from the perspective of the network,therefore,the traffic image feature could be obtained by the final optimization.Furthermore,in terms of the design of the network model,this paper has also made some adaptive improvements for the traffic identification task.Firstly,this paper adopts L2 standardization to embed features on the surface of a hypersphere therefore the traffic features could have a more regular spatial distribution.Secondly,this paper uses the selective loss function calculation method to improve the difficulty of gradient descent that is easy to encounter in the deep metric learning.These two changes improve the efficiency of the feature extraction method in the traffic feature learning and extraction.3.A method of classification and identification of unknown traffic based on Convolutional Neural Networks(CNN)pre-trained model is proposed.With the purpose of strengthening the representation and identification capabilities of unknown traffic features,as well as solving the problem of limited traffic data and limited training resources,this paper takes advantages of a transferable CNN pre-trained model trained on the Image Net dataset to extract the traffic image feature.In the design of the model,by removing the classification layer of the CNN pre-trained model,the network directly outputs the feature embeddings of the traffic images,and then combines the t-Distributed Stochastic Neighbor Embedding(t-SNE)and K-means hybrid clustering algorithm to reduce the dimension of the feature and further realize the classification of unknown traffic.This method is an effective attempt of deep learning on unknown traffic classification tasks,and is a feasible solution to achieve unknown traffic classification in the absence of data and training resources.4.A set of intelligent and self-learning traffic identification system is designed and implemented.With the purpose of better adapting to the complex network environment and realizing the automation of traffic identification,this paper designs a real-time,efficient and intelligent hybrid traffic identification system based on the deep metric learning traffic feature extraction method.According to the design of the traffic identification algorithm,the system feeds back the known traffic class and distinguishes the unknown traffic in real time.Further,by means of the unknown traffic real-time classification algorithm it can further subdivide the unknown traffic and update the unknown feature database synchronously.It is assumed that the system's identification ability will be improved by accumulating unknown features.The system can automatically extract traffic features,identify complex mixed traffic in real time,and can adapt to the high-speed changing network environment in the future. |
PDF Full Text Request