浏览全部资源
扫码关注微信
基于图神经网络的鲁棒加密流量识别
A robust encrypted traffic identification scheme based on graph neural network
- 电信科学 2024年40卷第6期 页码:89-99
- 作者机构:
1.中国科学技术大学,安徽 合肥 230026
2.合肥综合性国家科学中心人工智能研究院,安徽 合肥 230088
- 作者简介:
[ "李孟想(1999- ),男,中国科学技术大学硕士生,主要研究方向为流量识别。" ]
[ "彭闯(1998- ),男,中国科学技术大学硕士生,主要研究方向为计算机网络。" ]
[ "王浩(1997- ),男,中国科学技术大学硕士生,主要研究方向为计算机网络。" ]
[ "黄超明(1993- ),男,中国科学技术大学博士生,主要研究方向为计算机网络。" ]
[ "谭小彬(1973- ),男,博士,中国科学技术大学信息科学技术学院副教授,主要研究方向为未来网络架构、智能网络和多媒体通信。" ]
- 基金信息:国家重点研发计划项目(2022YFB2901400);安徽省科技重大专项(202103a05020007);未来网络试验设施(CENI)资助项目(2016-000052-73-01-000515);国家自然科学基金资助项目(62101525;62341113;62021001)
DOI:10.11959/j.issn.1000-0801.2024156
中图分类号: TP393收稿日期:2024-03-01,
修回日期:2024-05-12,
纸质出版日期:2024-06-20
- 稿件说明:
移动端阅览
李孟想,彭闯,王浩等.基于图神经网络的鲁棒加密流量识别[J].电信科学,2024,40(06):89-99.
LI Mengxiang,PENG Chuang,WANG Hao,et al.A robust encrypted traffic identification scheme based on graph neural network[J].Telecommunications Science,2024,40(06):89-99.
李孟想,彭闯,王浩等.基于图神经网络的鲁棒加密流量识别[J].电信科学,2024,40(06):89-99. DOI: 10.11959/j.issn.1000-0801.2024156.
LI Mengxiang,PENG Chuang,WANG Hao,et al.A robust encrypted traffic identification scheme based on graph neural network[J].Telecommunications Science,2024,40(06):89-99. DOI: 10.11959/j.issn.1000-0801.2024156.
摘要
当前的网络流量识别方法一般针对特定网络环境或数据集进行设计和测试,难以推广应用于复杂多变的实际网络环境。提出了一种基于图神经网络的鲁棒流量识别算法,用于在实际网络场景中实现准确的流量识别。首先,当前算法忽视网络环境波动,导致流行为模式发生改变,准确率下降,通过选择网络流中的高层协议特征对网络流进行聚类和筛选,以减小网络带宽波动对网站访问流量行为的影响。其次,由于当前算法大多只进行单流识别,忽视流间的相互关系,考虑网络流的多种类型特征信息及其相关性,并通过图神经网络提取网络流之间的时空相关特征,充分学习网络流量特征,通过多个流和多种特征的互补关系以提高算法的鲁棒性。最后,使用可以捕获数据全局信息的Transformer模型作为分类器对网络数据流的多类型特征进行分析,实现鲁棒网络流量识别。在不同网络环境下分别采集了对21个目标网站的共大约1 500次和1 400次的访问数据作为数据集进行训练测试,实现了90.7%的准确率,对比最新的ProGraph算法,准确率提高了7.3%,实验结果验证了所提方法的有效性。
Abstract
The current methods for identifying network traffic are generally designed and tested for specific network environments or datasets
making it difficult to generalize and apply to complex and ever-changing actual network environments. A robust traffic recognition algorithm based on graph neural networks was proposed for achieving accurate traffic recognition in practical network scenarios. Firstly
in response to the current algorithm’s neglect of network environment fluctuations and the decrease in accuracy caused by pattern changes
network flows were clustered and filtered by selecting high-level protocol features to reduce the impact of network bandwidth fluctuations on website access traffic behavior. Secondly
due to the fact that most current algorithms only perform single stream recognition and ignore the interrelationships between flows
the various types of feature information and their correlations of network flows were considered
and spatiotemporal correlation features between network flows were extracted through graph neural networks to fully learn network traffic characteristics. By complementing multiple flows and features
the robustness of the algorithm was improved. Finally
a Transformer model that could capture global data information was used as a classifier to analyze the multi type features of network data flow
achieving robust network traffic recognition. Approximately 1 500 and 1 400 visits to 21 target websites in different network environments were collected as datasets for training and testing
achieving an accuracy of 90.7%. Compared with the latest ProGraph algorithm
the accuracy is improved by 7.3%
and the experimental results verify the effectiveness of the proposed method.
关键词
Keywords
references
SCHNEIDER P . TCP/IP traffic classification based on port numbers [J ] . Division of Applied Sciences , Cambridge, MA , 1996 , 2138 ( 5 ): 1 - 6 .
EL-MAGHRABY R T , ABD ELAZIM N M , BAHAA-ELDIN A M . A survey on deep packet inspection [C ] // Proceedings of the 2017 12th International Conference on Computer Engineering and Systems (ICCES) . Piscataway : IEEE Press , 2017 : 188 - 197 .
SUN G L , XUE Y B , DONG Y F , et al . An novel hybrid method for effectively classifying encrypted traffic [C ] // Proceedings of the 2010 IEEE Global Telecommunications Conference GLOBECOM . Piscataway : IEEE Press , 2010 : 1 - 5 .
DING R S , LI W M . A hybrid method for service identification of SSL/TLS encrypted traffic [C ] // Proceedings of the 2016 2nd IEEE International Conference on Computer and Communications (ICCC) . Piscataway : IEEE Press , 2016 : 250 - 253 .
WANG W , ZHU M , ZENG X W , et al . Malware traffic classification using convolutional neural network for representation learning [C ] // Proceedings of the 2017 International Conference on Information Networking (ICOIN) . Piscataway : IEEE Press , 2017 : 712 - 717 .
FENG W B , HONG Z , WU L F , et al . Network protocol recognition based on convolutional neural network [J ] . China Communications , 2020 , 17 ( 4 ): 125 - 139 .
ABUROMMAN A A , BIN IBNE REAZ M . A novel weighted support vector machines multiclass classifier based on differential evolution for intrusion detection systems [J ] . Information Sciences , 2017 ( 414 ): 225 - 246 .
SERPEN G , AGHAEI E . Host-based misuse intrusion detection using PCA feature extraction and kNN classification algorithms [J ] . Intelligent Data Analysis , 2018 , 22 ( 5 ): 1101 - 1114 .
LOPEZ-MARTIN M , CARRO B , SANCHEZ-ESGUEVILLAS A , et al . Network traffic classifier with convolutional and recurrent neural networks for Internet of things [J ] . IEEE Access , 2017 ( 5 ): 18042 - 18050 .
ZOU Z , GE J G , ZHENG H B , et al . Encrypted traffic classification with a convolutional long short-term memory neural network [C ] // Proceedings of the 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS) . Piscataway : IEEE Press , 2018 : 329 - 334 .
LI W H , ZHANG X Y , BAO H F , et al . ProGraph: robust network traffic identification with graph propagation [J ] . IEEE/ACM Transactions on Networking , 2023 , 31 ( 3 ): 1385 - 1399 .
ACETO G , CIUONZO D , MONTIERI A , et al . MIMETIC: Mobile encrypted traffic classification using multimodal deep learning [J ] . Computer Networks , 2019 ( 165 ): 106944 .
SONG M Z , RAN J , LI S L . Encrypted traffic classification based on text convolution neural networks [C ] // Proceedings of the 2019 IEEE 7th International Conference on Computer Science and Network Technology (ICCSNT) . Piscataway : IEEE Press , 2019 : 432 - 436 .
LU J , GOU G P , SU M J , et al . GAP-WF: graph attention pooling network for fine-grained SSL/TLS website fingerprinting [C ] // Proceedings of the 2021 International Joint Conference on Neural Networks (IJCNN) . Piscataway : IEEE Press , 2021 : 1 - 8 .
LIU C , HE L T , XIONG G , et al . FS-net: a flow sequence network for encrypted traffic classification [C ] // Proceedings of the IEEE INFOCOM 2019 - IEEE Conference on Computer Communications . Piscataway : IEEE Press , 2019 : 1171 - 1179 .
VAN EDE T , BORTOLAMEOTTI R , CONTINELLA A , et al . FlowPrint: semi-supervised mobile-app fingerprinting on encrypted network traffic [C ] // Proceedings of the 2020 Network and Distributed System Security Symposium . Reston, VA : Internet Society , 2020 : 27 .
HUOH T L , LUO Y , LI P L , et al . Flow-based encrypted network traffic classification with graph neural networks [J ] . IEEE Transactions on Network and Service Management , 2023 , 20 ( 2 ): 1224 - 1237 .
BRODY S , ALON U , YAHAV E . How attentive are graph attention networks? [Z ] . 2021 .
VASWANI A , SHAZEER N , PARMAR N , et al . Attention is all you need [C ] // Proceedings of the 31st International Conference on Neural Information Processing Systems (NIPS) . Long Beach : Curran Associates Inc. 2017 : 6000 - 6010 .
SU J L , AHMED M , LU Y , et al . RoFormer: enhanced transformer with rotary position embedding [J ] . Neurocomputing , 2024 ( 568 ): 127063 .
0
浏览量
9
下载量
0
CSCD
- 网络PDF下载
- WORD下载
- XML下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies
- 总访问量:70096 今日访问量:151