End-to-end encrypted network traffic classification method based on deep learning

doi:10.19682/j.cnki.1005-8885.2020.0013

中国邮电高校学报(英文) ›› 2020, Vol. 27 ›› Issue (3): 21-30.doi: 10.19682/j.cnki.1005-8885.2020.0013

• Artificial Intelligence • 上一篇下一篇

End-to-end encrypted network traffic classification method based on deep learning

田世明¹,宫飞翔²,莫爽³,李蒙²,吴文睿³,肖丁³

1. 中国电力科学研究院
2.
3. 北京邮电大学

收稿日期:2020-01-03 修回日期:2020-04-12 出版日期:2020-06-24 发布日期:2020-08-30
通讯作者: 莫爽 E-mail:moshuang@bupt.edu.cn
基金资助:
国家电网科技项目“自服务电网大数据治理关键技术与应用研究”

End-to-end encrypted network traffic classification method based on deep learning

Received:2020-01-03 Revised:2020-04-12 Online:2020-06-24 Published:2020-08-30
Supported by:
Research on Key Technologies and Applications of Self-service Big Data Governance of Power Grid

摘要/Abstract

摘要： Network traffic classification, which matches network traffic for a specific class of different granularities, plays a vital role in the domain of network administration and cyber security. With the rapid development of network communication techniques, more and more network applications adopt encryption techniques during communication, which brings significant challenges to traditional network traffic classification methods. On the one hand, traditional methods mainly depend on matching features on the application layer of the ISO/OSI reference model, which leads to the failure of classifying encrypted traffic. On the other hand, machine learning-based methods require human-made features from network traffic data by human experts, which renders it difficult for them to deal with complex network protocols. In this paper, the convolution attention network (CAT) is proposed to overcom those difficulties. As an end-to-end model, CAT takes raw data as input and returns classification results automatically, with engineering by human experts. In CAT, firstly, the importance of different bytes with an attention mechanism of network traffic is achieved. Then, convolution neural network (CNN) is used to learn features automatically and feed the output into a softmax function to get classification results. It enables CAT to learn enough information from network traffic data and ensure the classified accuracy. Extensive experiments on the public encrypted network traffic dataset ISCX2016 demonstrate the effectiveness of the proposed model.

关键词: network traffic classification, convolution neural network, attention mechanism, network management, cyber security

Abstract: Network traffic classification, which matches network traffic for a specific class of different granularities, plays a vital role in the domain of network administration and cyber security. With the rapid development of network communication techniques, more and more network applications adopt encryption techniques during communication, which brings significant challenges to traditional network traffic classification methods. On the one hand, traditional methods mainly depend on matching features on the application layer of the ISO/OSI reference model, which leads to the failure of classifying encrypted traffic. On the other hand, machine learning-based methods require human-made features from network traffic data by human experts, which renders it difficult for them to deal with complex network protocols. In this paper, the convolution attention network (CAT) is proposed to overcom those difficulties. As an end-to-end model, CAT takes raw data as input and returns classification results automatically, with engineering by human experts. In CAT, firstly, the importance of different bytes with an attention mechanism of network traffic is achieved. Then, convolution neural network (CNN) is used to learn features automatically and feed the output into a softmax function to get classification results. It enables CAT to learn enough information from network traffic data and ensure the classified accuracy. Extensive experiments on the public encrypted network traffic dataset ISCX2016 demonstrate the effectiveness of the proposed model.

Key words: network traffic classification, convolution neural network, attention mechanism, network management, cyber security

参考文献 20

1.	Velan P, ?ermák M, ?eleda P, et al. A survey of methods for encrypted traffic classification and analysis. International Journal of Network Management, 2015, 25(5): 355-374.
2.	Draper-Gil G, Lashkari A H, Mamun M S I, et al. Characterization of encrypted and VPN traffic using time-related features. Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP’16), 2016, Feb 19-20, Rome, Italy. Piscataway, NJ, USA: IEEE, 2016: 407-414.
3.	Rezaei S, Liu X. Deep learning for encrypted traffic classification: An overview. IEEE Communications Magazine, 2019, 57(5): 76-81.
4.	Deri L, Martinelli M, Bujlow T, et al. nDPI: Open-source high-speed deep packet inspection. Proceedings of the 2014 International Wireless Communications and Mobile Computing Conference (IWCMC’14), 2014, Aug 4-8, Nicosia, Cyprus. Piscataway, NJ, USA: IEEE, 2014: 617-622.
5.	Alshammari R, Zincir-Heywood A N. Investigating two different approaches for encrypted traffic classification. Proceedings of the 6th Annual Conference on Privacy, Security and Trust, 2008, Oct 1-3, Fredericton, Canada. Piscataway, NJ, USA: IEEE, 2008: 156-166.
6.	Alshammari R, Zincir-Heywood A N. Machine learning based encrypted traffic classification: Identifying SSH and skype. Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009, Jul 8-10, Ottawa, Canada. Piscataway, NJ, USA: IEEE, 2009: 8p.
7.	Dusi M, Este A, Gringoli F, et al. Using GMM and SVM-based techniques for the classification of SSH-encrypted traffic. Proceedings of the 2009 IEEE International Conference on Communications (ICC”09), 2009, Jun 14-18, Dresden, Germany. Piscataway, NJ, USA: IEEE, 2009: 6p.
8.	Vl?du?u A, Com?neci D, Dobre C. Internet traffic classification based on flows' statistical properties with machine learning. International Journal of Network Management, 2017, 27(3): DOI: 10.1002/nem.1929.
9.	Chen Z T, He K, Li J, et al. Seq2Img: A sequence-to-image based approach towards IP traffic classification using convolutional neural networks. Proceedings of the 2017 IEEE International Conference on Big Data (Big Data’17), 2017, Dec 11-14, Boston, MA, USA. Piscataway, NJ, USA: IEEE, 2017: 1271-1276.
10	Wang W, Sheng Y Q, Wang J L, et al. HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access, 2017, 6: 1792-1806.
11	Erman J, Mahanti A, Arlitt M, et al. Offline/realtime traffic classification using semi-supervised learning. Performance Evaluation, 2007, 64(9/10/11/12): 1194-1213.
12	Grolman E, Finkelshtein A, Puzis R, et al. Transfer learning for user action identification in mobile apps via encrypted traffic analysis. IEEE Intelligent Systems, 2018, 33(2): 40-53.
13	Rezaei S, Liu X. How to achieve high classification accuracy with just a few labels: A semi-supervised approach using sampled packets. arXiv preprint, arXiv:1812.09761, 2018.
14	Cao Z G, Xiong G, Zhao Y, et al. A survey on encrypted traffic classification. Proceedings of the 2014 International Conference on Applications and Techniques in Information Security (ATIS’14), 2014, Nov 26-28, Melbourne, Australia. Berlin, Germany: Springer, 2014: 73-81.
15	Moore A W, Papagiannaki K. Toward the accurate identification of network applications. Proceedings of the 6th International Workshop on Passive and Active Network Measurement (PAM’05), 2005, Mar 31-Apr 1, Boston, MA, USA. Berlin, Germany: Springer, 2005: 41-54.
16	Aghaei-Foroushani V, Zincir-Heywood A N. A proxy identifier based on patterns in traffic flows. Proceedings of the IEEE 16th International Symposium on High Assurance Systems Engineering, 2015, Jan 8-10, Daytona Beach Shores, FL, USA. Piscataway, NJ, USA: IEEE, 2015: 118-125.
17	Wang W, Zhu M, Wang J L, et al. End-to-end encrypted traffic classification with one-dimensional convolution neural networks. Proceedings of the 2017 IEEE International Conference on Intelligence and Security Informatics (ISI’17), 2017, Jul 22-24, Beijing, China. Piscataway, NJ, USA: IEEE, 2017: 43-48.
18	Lotfollahi M, Zade R S H, Siavoshani M J, et al. Deep packet: A novel approach for encrypted traffic classification using deep learning. Preprint submitted to Elsevier, arXiv:1709.0265, 2017.
19	Ran J, Chen Y X, Li S L. Three-dimensional convolutional neural network based traffic classification for wireless communications. Proceedings of the 2018 IEEE Global Conference on Signal and Information Processing (GlobalSIP’18), 2018, Nov 26-29, Anaheim, CA, USA, Piscataway, NJ, USA: IEEE, 2018: 624-627.
20	Wu K H, Chen Z D, Li W. A novel intrusion detection model for a massive network using convolutional neural networks. IEEE Access, 2018, 6: 50850-50859.

End-to-end encrypted network traffic classification method based on deep learning

End-to-end encrypted network traffic classification method based on deep learning

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献 20

相关文章 0

编辑推荐

Metrics

本文评价