Research And Application Of Encrypted Traffic Identification Technology Based On Deep Learning

With the rapid development of the Internet and the surge of network traffic,people put forward higher requirements for network information security and data protection.As a result,network traffic encryption technology emerged and becomes increasingly popular.However,more and more network attackers and malware use encryption technology to hide their illegal behavior.The traditional traffic detection technology is helpless in the face of more confused encrypted traffic.The impact of encryption is not only reflected in the field of security,but also reflected in the quality of service and network management,so the network regulatory authorities attach great importance to the identification of encrypted traffic.The existing industrial encrypted traffic identification methods often rely on expert experience,which costs a lot of manpower and material resources,and the extracted features are based on the premise of obtaining complete traffic,so it is difficult to realize early identification.In order to avoid complicated feature engineering,this thesis proposes an end-to-end scheme of encrypted traffic identification based on deep learning technology,so as to avoid preparatory work and obtain a more generalized identification model.The main contents of this thesis are as follows:An end-to-end recognition model of encrypted session traffic based on image processing is proposed.The first 784 bytes of the original encrypted traffic are extracted and converted into gray image.The Inception block is introduced to enrich the representation of features from different views of encrypted traffic image,and the weight of key spatial features is enhanced by convolutional block attention module(CBAM).The results of experiments on ISCX VPN-non VPN data set show that,compared with the ordinary two-dimensional convolutional neural network(CNN),the accuracy of the Inception-CBAM model is improved by 12.62%,the amount of calculation parameters is reduced by 98.27%,which demonstrates that the recognition effect of different traffic types is improved,and the recognition steps are simplified compared with the traditional feature engineering method.In order to make full use of the dynamic and hierarchical structure of encrypted traffic,a session level malicious HTTPS traffic identification method based on hierarchical features is proposed from the perspective of text processing,which integrates CNN and long short term memory network memory(LSTM)to extract the spatio-temporal characteristics of encrypted traffic at the packet layer and session layer,and introduces multi-head self-attention to enhance the influence of key features.The experiment is carried out on the CICAnd Mal2017 data set.Compared with the F1 values of the benchmark models,that of the model proposed increases 16.77% most,and the missing report rate is 3.19% and 2.18%lower than that of the hierarchical models called HAST-? and HABBi LSTM,respectively.A TLS encrypted data packet level identification method based on residual structure is proposed,which only uses a single TLS data packet and solves the network degradation problem caused by deepening CNN network by residual connection structure.The results of experiments carried out on CICAnd Mal2017 and ISCX VPN-non VPN data sets show that this model not only maintains a low complexity,but also has a greatly improved classification accuracy compared to that of some benchmark data packet recognition models.This thesis designs and develops an encrypted traffic identification system,which uses the encrypted traffic identification algorithm proposed in this article,integrates functions such as traffic processing,encrypted malicious traffics identification,and encrypted service traffic identification.It provides practical and reliable encrypted traffic identification prototypes system for network supervision departments.