The Design And Development Of Multi-modal End-to-end Identification System For Encrypted Network Traffic

In recent years,with the development of network technologies and the increasement in Internet penetration,network traffic have exploded worldwide.At the same time,as people become more security conscious,traffic encryption technologies have been widely used to protect the privacy of users when exchanging information over the Internet.However,traffic encryption technologies are double-edged swords.While protecting user privacy,they also make it more difficult for network administrators to carry out reasonable network analysis.In addition,hackers can also conceal their illegal network attacks by encrypting channels for network communication,making it more difficult for traditional firewall to accurately identify intrusions.Traffic identification is important for maintaining network security and improving network management.How to accurately identify network traffic in the scenario of encryption is a challenge that needs to be addressed urgently.Traditional traffic identification methods cannot perform well for network traffic that uses dynamic port and encryption technologies.Although many machine learning methods such as Markov chains and random forests can achieve a certain level of identification of encrypted traffic,their manually screening network traffic features rely on priori knowledges and can lead to incomplete information,thus affecting the accuracy of identification.With the appearance of deep learning,models such as Convolutional Neural Networks are widely used for end-to-end feature extraction of network packet bytes,but Convolutional Neural Networks are weak in capturing the interrelationships between packet bytes and are limited in their ability to represent network flows.In addition,most of the current traffic identification methods use single-modal information as input,resulting in inadequate extraction of network traffic feature information.To overcome the limitations mentioned above,this thesis designs a multi-modal end-toend deep learning framework for encrypted traffic identification.Specifically,the main contributions of this thesis are as follows.1.A multi-modal training framework is proposed to address the problem of inadequate extraction of feature information of network traffic that exists in traditional single-modal approaches.The framework is based on manually extracted features and raw byte streams to learn hidden feature information about network traffic,and combines the strengths of both to achieve higher identification accuracy.2.An end-to-end modelling scheme based on a Multi-head Self-attention Mechanism is proposed to address the problem that classical convolutional neural network methods are weak in capturing the interrelationships between packet bytes.The scheme employs an unsupervised network traffic pre-training strategy to enhance the model's ability to represent packets.3.A network anomaly detection system has been developed to address the problems of difficult network traffic identification and unintuitive management during real network deployment.The system integrates the multimodal end-to-end traffic identification method proposed in this thesis,which can effectively identify and display anomalous behaviour of network traffic and help network administrators to quickly grasp the current network security posture.The proposed model is validated using realistic raw network traffic data from the National Supercomputing Center in Shenzhen.The experiments show that the proposed model effectively combines the advantages of packet bytes and length sequences to accurately identify encrypted network traffic and achieves better identification results than the similar international models.