Encrypted Traffic Detection Based On Multi-flow Joint Features

In recent years,the public's awareness of network security has become stronger,and personal privacy on the Internet has also become more and more important,and more and more network data has been encrypted for transmission.Although encryption technology benefits users who value privacy,it also creates some security risks while protecting privacy—encryption makes it difficult for detecting malicious traffic.Encrypted traffic detection can effectively monitor Internet traffic and is an important part of network security.The current methods for detecting encrypted traffic can be roughly divided into: identification method based on payload,identification method based on machine learning,identification method based on data packet size distribution,identification method based on behavior and hybrid method.However,most of the detection methods only analyze a single flow,and the identification granularity is relatively coarse,making it difficult to perform refined identification of encrypted traffic.When the terminal responds to user behavior,sometimes multiple pieces of network traffic are used to jointly complete a certain function,which has a strong logical correlation.The traditional encryption traffic detection method only focuses on a single flow,and does not pay attention to the correlation between network traffic.Based on theoretical analysis and experimental verification,this paper takes the correlation between network traffic into consideration,and proposes an encrypted traffic detection method based on multi-flow joint features.The main work of this paper:(1)Analyzed the network traffic generated by user behavior,combined with theoretical analysis,defined multi-flow and related concepts.(2)Summarizes several correlations among multi-flow,gives the definition and measurement method of network flow correlation,and conducts experimental evaluation.(3)Proposed a pure flow acquisition scheme,and completed the collection of experimental data based on it.(4)Explored multi-flow mining of network traffic,and proposed a multi-flow mining method based on hierarchical clustering which has been verified by experiments.(5)Proposed an encrypted traffic detection method based on multi-flow joint features.The method pays attention to the multi-stream generated by user behavior and the correlation between them,builds a model to identify user behavior,and finally verifies the effect of recognition through several experiments.