Packet-based Encrypted Traffic Classification System

With the continuous development of the Internet,applications and protocols on the network emerge in an endless stream.In order to ensure the security of user data during network transmission,the technology of encrypting packets emerges as the times require.Although the iteratively upgraded encryption protocol ensures the security of network communication,on the other hand,it also protects the traffic used by hackers for malicious attacks from being discovered by the network intrusion prevention system.Since the act of decrypting user traffic is contrary to the original intention of the encryption protocol design,the research technology of how to classify encrypted traffic without decrypting the encrypted traffic has received constant attention.Encrypted traffic classification technology is a new technology that can automatically identify and classify encrypted traffic without relying on decryption behavior.The research on encrypted traffic is mainly divided into two parts,the first is the analysis of the encryption protocol,and the second is the analysis of the characteristics of the encrypted traffic itself.Encrypted traffic classification methods are mainly divided into rule-based traditional machine learning methods and deep learning-based methods,both of which have similarities and differences.What they have in common is that both methods rely on the extraction of encrypted traffic features.How to optimize the features to improve the classification accuracy is an urgent problem to be solved in the field of encrypted traffic classification.The difference is that traditional machine learning methods require manual feature extraction and rely on the professional experience of researchers,while deep learning methods do not.Considering the above characteristics,in order to ensure the security of cyberspace communication and protect the privacy of users,this paper implements an encrypted traffic classification system for identifying malicious behaviors.Mainly include the following work:1.In view of the problem that the encrypted traffic classification system of the old version is no longer available due to the iterative upgrade of the encryption protocol,this paper proposes an encrypted traffic classifier based on data packet behavior.and extract.Since the basic unit of traffic is the data packet,the research on traffic classification mainly focuses on the analysis of the flow or session as a unit,taking the data packet as a whole,mainly analyzing the statistical characteristics such as the upstream and downstream byte ratio of the data packet in the network traffic,ignoring The impact of packet behavior on encrypted traffic classification.There will also be packets of malicious behavior in normal traffic,and packets of normal behavior will also exist in malicious traffic.Packet-based encrypted traffic classifiers classify encrypted traffic by clustering packet behavior and introducing packet features.The experimental results show that the model can fully learn the behavior characteristics of encrypted traffic packets,and detect normal traffic and malicious traffic.2.Aiming at the problem that the encrypted traffic classification system of the old version is no longer available due to the iterative upgrade of the encryption protocol,this paper proposes an encrypted traffic classifier based on data packets.Since the basic unit of traffic is data packet,traffic classification research mainly focuses on the analysis of flow or session as a unit,ignoring the impact of data packet behavior on encrypted traffic classification.There will also be packets of malicious behavior in normal traffic,and packets of normal behavior will also exist in malicious traffic.Packet-based encrypted traffic classifiers classify encrypted traffic by clustering packet behavior and introducing packet features.The experimental results show that the model can fully learn the behavior characteristics of encrypted traffic packets,and detect normal traffic and malicious traffic.3.This paper designs and implements a system that can upload and classify traffic data online.This system integrates the above two classifiers,realizes the function of identifying whether there is malicious behavior in the traffic data,and displays the system model training process and classification progress to the user through the front-end page,and displays the final classification result of the traffic data.