Signcryption-Based Encrypted Traffic Detection Scheme

With the booming development of the Internet,network applications have penetrated into all aspects of people’s lives,resulting in an exponential increase in network traffic.Since a large amount of user privacy is hidden in the various network traffic,encrypted Traffic becomes the main form of network traffic flow to protect users’ privacy and information security.However,malicious behaviors also evade inspection by concealing information with encrypted traffic.Therefore,encrypted malicious traffic inspection has become popular in the current research field as the difficulty increases.The current encrypted traffic detection is mainly divided into characteristics-based machine learning detection and deep packet inspection-based traffic detection.However,traffic shaping can change the behavior characteristics of the traffic,thus affecting the accuracy of detection methods based on traffic characteristics.The method based on deep packet inspection of encrypted traffic is to perform an inspection of encrypted payloads,so it avoids the influence of traffic shaping and can achieve better detection results.Although fine-grained inspection can be more accurate,the existing methods based on deep packet inspection of encrypted traffic will cause a large delay in real-time scenarios.Signcryption can complete encryption and signature in one logical step.Compared with the traditional method of encrypting first and then signing,it has advantages in computational overhead and can improve the delay caused by the existing traditional encryption-then-signature method.However,the existing signcryption scheme cannot resolve the conflict between detection correctness and message confidentiality in this detection scenario.In order to solve the problems existing in the current encrypted traffic detection,the main work and research contents of this paper are as follows:(1)This article takes the encrypted traffic detection method as the main research.A signcryption-based encrypted traffic detection method is proposed by analyzing and summarizing the existing traffic detection technology.Compared with the existing schemes,this scheme can reduce the communication computing overhead of encrypted traffic based on deep packet inspection,and provide secure and efficient encrypted traffic detection.Then the security analysis is carried out,using the Discrete Logarithm Problem and the Computational Diffie-Hellman problem,the proposed scheme has ciphertext indistinguishability under CCA2 and existential unforgeability under CMA.Finally,we calculated the time of rule signcryption,the time of session rule generation,and the time of the sender processing the message through the experimental simulation.Compared with the traditional scheme,this scheme is more efficient.(2)This paper uses the gateway and the middle agent to negotiate the preprocessing protocol in the high concurrency scenario,instead of each client and the middle agent performing the processing protocol.Thus,it improves the signcryption-based encrypted traffic detection scheme delay problem caused by more computation in the preprocessing protocol for the number of users is large.The gateway and the middle agent perform a preprocessing protocol once and can be used by multiple client connections.Firstly,we construct the algorithms of rule signcryption,preprocessing protocol,sender processing message,and traffic detection in the scenario of quickly establishing security connection.Then,the security of the scheme is discussed with the random oracle model under the provable security theory.Finally,compared with the traditional scheme and the signcryption-based encrypted traffic detection scheme,the time of generating the session rules between the client and middle agent is reduced by establishing the intermediate rules in advance,and the delay in the preprocessing is improved.