Research And Implementation Of Encrypted Traffic Based On Online Learning

The great development of the Internet has contributed to the appearance of various applications,therefore the Internet has generally become one of the essential infrastructures in people's daily life.Simultaneously,the security of network and personal privacy have naturally become the focus of concentration.For protecting communication security and privacy protection,more and more network traffic begins to use HTTPS encryption to deal with various eavesdropping and man in the middle attacks.But what followed was that malware also began to use HTTPS to protect their communication,which makes the identification of encrypted traffic in academia and industry jump to a hot issue of great attention.In academia,traditional traffic identification methods,such as deep packet inspection technology,behavior feature identification and network port mapping identification,are unsustainable in the face of the rapid development of the Internet and encrypted traffic,either because of port concealment,port customization,or huge overhead.Which has gradually become the mainstream is the encrypted traffic identification based on machine learning algorithm.In the industry,Huawei,Cisco and other large enterprises have given answers based on machine learning,such as Huawei's ECA,Cisco's NBAR and ETA.However,these products are limited to one side of network traffic,and the monitoring granularity is not detailed enough.At the same time,the update and optimization of machine learning model is also an important problem.Therefore,based on machine learning and online learning,combined with the intrusion detection system on the network side and terminal side,this thesis studies the identification of encrypted traffic.Firstly,the encrypted traffic problem is modeled based on machine learning.In the selection of algorithm model,online learning algorithm models such as Pegasos and Online Random Forest are used.Secondly,the host based intrusion detection system is introduced,and data fusion scheme based on the network side and terminal side is designed with network security events as shared data and IP as key.On these bases,an encrypted traffic detection prototype system based on online learning is designed and implemented.The system realizes flow collection,preprocessing,storage,recognition and visualization.According to the result feedback,the system carries out online incremental training and iterative optimization of the classifier model through the rest API.Finally,tests were carried out.The results reveal that the encrypted traffic identification method based on online learning can effectively meet the requirements of various indicators.At the same time,compared with the offline training model,the indicators of this method are close to the off-line training model.