网络应用流类别不平衡环境下的SSL加密应用流识别关键技术

陈雪娇; 王攀; 刘世栋

doi:10.11959/j.issn.1000-0801.2015355

您当前的位置：

首页 >

文章列表页 >

网络应用流类别不平衡环境下的SSL加密应用流识别关键技术

研究与开发 | 更新时间：2024-06-05

- 网络应用流类别不平衡环境下的SSL加密应用流识别关键技术
- Key Technology of SSL Encrypted Application Identification Under Imbalance of Application Class
- 电信科学 2015年31卷第12期页码：83-89
- 作者机构：
  
  1. 南京信息职业技术学院南京210023
  2. 南京邮电大学南京210003
  3. 国网智能电网研究院南京210003
- 作者简介：
  
  [ "陈雪娇，女，南京信息职业技术学院讲师，主要研究方向为信息网络、移动互联网、信息安全。" ]
  [ "王攀，男，博士，南京邮电大学副研究员，主要研究方向为信息网络、业务感知、DPI、大数据分析。" ]
  [ "刘世栋，男，博士，国网智能电网研究院信息通信研究所主任工程师，主要研究方向为电力通信网。" ]
- 基金信息：
  
  2013 江苏省六大人才高峰计划项目;2013 Six Talent Peaks Project in Jiangsu Province;2013 国家发展和改革委员会信息安全专项资助项目;2013 Information Security Special Funds of the National Developmen and Reform Commission;国家电网公司2014 年科技项目“电力信息通信网络流量预测和管道智能化关键技术研究及应用”;State Grid 2014 Science and Technology Project “ Research and Application of Network Traffic Prediction and Smart Pipe Key Technologies for Electric Power Information Communication Network”;2015江苏省产学研前瞻性联合研究项目;2015 Prospective Joint Research Project of Jiangsu Province(BY2015011-02)
- DOI：10.11959/j.issn.1000-0801.2015355
  中图分类号：
- 网络出版日期：2015-12，
  
  纸质出版日期：2015-12-20
- 稿件说明：
移动端阅览
陈雪娇, 王攀, 刘世栋. 网络应用流类别不平衡环境下的SSL加密应用流识别关键技术[J]. 电信科学, 2015,31(12):83-89.

Xuejiao Chen, Pan Wang, Shidong3 Liu. Key Technology of SSL Encrypted Application Identification Under Imbalance of Application Class[J]. Telecommunications science, 2015, 31(12): 83-89.
陈雪娇, 王攀, 刘世栋. 网络应用流类别不平衡环境下的SSL加密应用流识别关键技术[J]. 电信科学, 2015,31(12):83-89. DOI： 10.11959/j.issn.1000-0801.2015355.

Xuejiao Chen, Pan Wang, Shidong3 Liu. Key Technology of SSL Encrypted Application Identification Under Imbalance of Application Class[J]. Telecommunications science, 2015, 31(12): 83-89. DOI： 10.11959/j.issn.1000-0801.2015355.

摘要

通过深入研究网络类别不平衡的原因，选择SMOTE（synthetic minority over-sampling technique）过抽样方法对数据集进行预处理，并充分利用特征匹配高准确性的优点识别和分拣出SSL 加密流，进而利用基于互信息最大化的聚类方法和SVM分类方法进一步识别SSL加密应用，这种混合方法有效地结合了静态特征匹配和机器学习方法的优点，达到识别分类方法在准确性和识别速度的均衡。

Abstract

Through a in-depth study about the reason of network class imbalance

a method called SMOTE was chosen over the data set sampling preprocess

making full use of the advantages which is high accuracy of traffic model feature matching identification and sorting out the encrypted SSL flow

and then using the clustering method and the SVM based on mutual information classification method to further identify SSL encryption specific application

like HTTPS/POPS etc. The hybrid method effectively combines the advantages of static feature matching and machine learning methods

to achieve the balance of classification method on accuracy and speed.

关键词

Keywords

references

Bai Y B , Kobayashi H . Intrusion detection systems: technology and development . Proceedings of the 17th International Conference on Advanced Information Networking and Applications , Xi'an, China , 2003 : 27 ～ 29

Wright C , Monrose F , Masson G M . HMM profiles for network traffic classification . Proceedings of the ACM DMSEC , Washington DC, USA , 2004 : 9 ～ 15

Haffner P , Sen S , Spatscheck O , et al . ACAS: automated construction of application signatures . Proceedings of the ACM SIGCOMM , Philadelphia, USA , 2005 : 197 ～ 202

Moore A W , Zuev D . Internet traffic classification using Bayesian analysis techniques . Proceedings of the ACM SIGMETRICS , Banff, Alberta, Canada , 2005 : 50 ～ 60

Moore A , Papagiannaki K . Toward the accurate identification of network applications . Proceedings of the Passive＆Active Measurement Workshop , Boston, USA , 2005

Williams N , Zander S , Armitage G . A prelimenary performance comparison of five machine learning algorithms for practical IP traffic flow comparison . ACM SIGCOMM Computer Communication Review , 2006 , 36 （ 5 ）: 5 ～ 16

Zhang Y , Paxso V . Detecting back doors . Proceedings of the 9th USENIX Security Symposium , Denver, USA , 2000 : 157 ～ 170

Dreger H , Feldmann A , Mai M , et al . Dynamic application layer protocol analysis for network intrusion detection . Proceedings of the 15th USENIX Security Symposium , Vancouver, Canada , 2006 : 257 ～ 272

Early J , Brodley C , Rosenberg C . Behavioral authentication of server flows . Proceedings of the 19th Annual Computer Security Applications Conference , Las Vegas, USA , 2003 : 46 ～ 55

Karagiannis T , Papagiannaki K , Faloutsos M . BLINC:multilevel traffic classification in the dark . Proceedings of Applications, Technologies, Architectures, and Protocols for Computer Communications , Philadelphia, USA , 2005 : 229 ～ 240

Wright C V , Monrose F , Masson G M , et al . On inferring application protocol behaviors in encrypted network traffic . Journal of Machine Learning Research , 2006 （ 7 ）: 2745 ～ 2769

Bernaille L , Teixeira R . Early recognition of encrypted applications . Proceedings of Passive and Active Measurement Conference（PAM） , Louvainla-neuve, Belgium , 2007

Alshammari R , Nur Z H A . A flow based approach for SSH traffic Detection . Proceedings of IEEE International Conference on Systems, Man and Cybernetics , Montreal, Canada , 2007 , 296 ～ 301

赵博，郭虹，刘勤让等 . 基于加权累积和检验的加密流量盲识别算法 . 软件学报 2013 , 24 （ 6 ）: 1334 ～ 1345

Zhao B , Guo H , Liu Q R , et al . Protocol independent identification of encrypted traffic based on weighted cumulative sum test. . Journal of Software , 2013 , 24 （ 6 ）: 1334 ～ 1345

何高峰，杨明，罗军舟等 . Tor 匿名通信流量在线识别方法 . 软件学报 2013 , 24 （ 3 ）: 540 ～ 556

He G F , Yang M , Luo J Z , et al . Online dentification of Tor anonymous communication traffic . Journal of Software , 2013 , 24 （ 3 ）: 540 ～ 556

王炜，程东年，马海龙 . 基于趋势感知协议指纹的Skype 加密流量识别算法 . 计算机应用研究 2014 （ 8 ）: 64 ～ 71

Wang W , Cheng D N , Ma H L . Skype encrypted traffic identification based on trend-aware procotol fingerprints . Application Research of Computers , 2014 （ 8 ）: 64 ～ 71

王炜，程东年 . 基于M-序列检验的加密流量识别 . 计算机工程与设计 2014 , 35 （ 11 ）: 3712 ～ 3716

Wang W , Cheng D N . M-serial test based encrypted traffic identification . Computer Engineerin and Design , 2014 , 35 （ 11 ）: 3712 ～ 3716

张宏莉，鲁刚 . 分类不平衡协议流的机器学习算法评估与比较 . 软件学报 2102 , 23 （ 6 ）: 1500 ～ 1516

Zhang H L , Lu G . Machine learning algorithms classifying the imbalanced protocol flows: evaluation and comparison . ournal of Software , 2102 , 23 （ 6 ）: 1500 ～ 1516

Chawla N V , Bowyer K W Hall L O , et al , SMOTE: synthetic minority over-sampling technique . Journal of Artificial Intelligence Research , 2002 , 16 （ 1 ）: 321 ～ 357

浏览量

718

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于图神经网络的鲁棒加密流量识别

基于多层级联算法的网络业务流量识别技术