Research On Encrypted Traffic Identification Based On Deep Learning

With the increasing awareness of network security,the use of encrypted traffic is becoming more common.The continuous growth of high-speed internet traffic demand poses certain challenges to network security monitoring and management.Accurate classification of network traffic can ensure the provision of quality services to customers and effectively manage the network.Traditional traffic monitoring techniques cannot directly get the content of encrypted traffic.The classification and analysis of encrypted traffic has become an important research direction for network security monitoring and management.Deep learning methods integrate the selection and extraction of traffic features into one framework,avoiding the need for traffic feature design engineering while achieving good identification results.This paper studies the use of deep learning methods for identifying and classifying encrypted traffic,and the main work is summarized as follows:For the problem of poor feature extraction and selection in encrypted traffic identification techniques.This paper proposes to adopt the idea of end-to-end structure,and to build an Attention-CNN encrypted traffic detection model with the attention mechanism.First the convolutional neural networks is used to automatically learn features directly from traffic data.The information which is dynamically captured by the attention layer of the softmax activation function is used to weighting the output of the convolutional layer.The fully connected neural network is used for recognition.Then the ISCXVPN2016 public dataset is used for experiments,and the model is verified by ten-fold cross validation method.Finally,the attention feature map and the corresponding session byte information can be explained in detail.Locations with characteristic information are found and the encrypted traffic content of concern is explained.The experiment results show that this method has a significant improvement over the existing methods.At the same time the evaluation indexes for each type of traffic classification achieve better results.Encrypted traffic identification technology reduces classification efficiency due to category imbalance in unbalanced data sets.This paper proposes an encrypted traffic classification framework,which combines convolutional neural networks with cost sensitive learning,and adds an automatic encoder to extract features from traffic statistics.A classification model for dealing with imbalance data is established which named the Cost Sensitive Network Traffic Classification Framework(CSNTC).First,in the preprocessing step,a cost matrix is created for the distribution of various types of data,and a higher cost is allocated to a few classes compared to most classes.The misclassification cost matrix cost is applied to the network classification.Then,during training one-dimensional traffic datas are introduced into the convolutional neural network,and statistical features are introduced into the automatic encoder.The obtained mixed features are classified.The experimental results achieved high recognition accuracy.In order to further verify the recognition effect of the model in unbalanced data,validation is performed on two unbalanced encrypted traffic datasets.The results show the recognition improvement effect of this framework is significant in the case of unbalanced data set,which proves the effectiveness of the algorithm.Combined with the algorithm proposed in this paper,a network encryption traffic identification system is designed and implemented.The main function is to identify and classify the application services to which encrypted traffic belongs,and to distinguish various sources of network traffic,such as web browsing,email sending and receiving,file transmission,etc.The system includes a series of tasks such as data collection,data partitioning,feature extraction,model selection,model training,and testing,and presents a graphical interface for predicting classification.It is realized that the user uploads preprocessed encrypted traffic picture on the front end,and the back end call the model for real-time verification and finally presents the type of identifyed traffic and the probability of model testing classification on the interface.The system realizes the accurate and reliable classification of encrypted traffic,which has a certain application reference value.