中国邮电高校学报(英文) ›› 2020, Vol. 27 ›› Issue (3): 21-30.doi: 10.19682/j.cnki.1005-8885.2020.0013

• Artificial Intelligence • 上一篇    下一篇

End-to-end encrypted network traffic classification method based on deep learning

田世明1,宫飞翔2,莫爽3,李蒙2,吴文睿3,肖丁3   

  1. 1. 中国电力科学研究院
    2.
    3. 北京邮电大学
  • 收稿日期:2020-01-03 修回日期:2020-04-12 出版日期:2020-06-24 发布日期:2020-08-30
  • 通讯作者: 莫爽 E-mail:moshuang@bupt.edu.cn
  • 基金资助:
    国家电网科技项目“自服务电网大数据治理关键技术与应用研究”

End-to-end encrypted network traffic classification method based on deep learning

  • Received:2020-01-03 Revised:2020-04-12 Online:2020-06-24 Published:2020-08-30
  • Supported by:
    Research on Key Technologies and Applications of Self-service Big Data Governance of Power Grid

摘要: Network traffic classification, which matches network traffic for a specific class of different granularities, plays a vital role in the domain of network administration and cyber security. With the rapid development of network communication techniques, more and more network applications adopt encryption techniques during communication, which brings significant challenges to traditional network traffic classification methods. On the one hand, traditional methods mainly depend on matching features on the application layer of the ISO/OSI reference model, which leads to the failure of classifying encrypted traffic. On the other hand, machine learning-based methods require human-made features from network traffic data by human experts, which renders it difficult for them to deal with complex network protocols. In this paper, the convolution attention network (CAT) is proposed to overcom those difficulties. As an end-to-end model, CAT takes raw data as input and returns classification results automatically, with engineering by human experts. In CAT, firstly, the importance of different bytes with an attention mechanism of network traffic is achieved. Then, convolution neural network (CNN) is used to learn features automatically and feed the output into a softmax function to get classification results. It enables CAT to learn enough information from network traffic data and ensure the classified accuracy. Extensive experiments on the public encrypted network traffic dataset ISCX2016 demonstrate the effectiveness of the proposed model.

关键词: network traffic classification, convolution neural network, attention mechanism, network management, cyber security

Abstract: Network traffic classification, which matches network traffic for a specific class of different granularities, plays a vital role in the domain of network administration and cyber security. With the rapid development of network communication techniques, more and more network applications adopt encryption techniques during communication, which brings significant challenges to traditional network traffic classification methods. On the one hand, traditional methods mainly depend on matching features on the application layer of the ISO/OSI reference model, which leads to the failure of classifying encrypted traffic. On the other hand, machine learning-based methods require human-made features from network traffic data by human experts, which renders it difficult for them to deal with complex network protocols. In this paper, the convolution attention network (CAT) is proposed to overcom those difficulties. As an end-to-end model, CAT takes raw data as input and returns classification results automatically, with engineering by human experts. In CAT, firstly, the importance of different bytes with an attention mechanism of network traffic is achieved. Then, convolution neural network (CNN) is used to learn features automatically and feed the output into a softmax function to get classification results. It enables CAT to learn enough information from network traffic data and ensure the classified accuracy. Extensive experiments on the public encrypted network traffic dataset ISCX2016 demonstrate the effectiveness of the proposed model.

Key words: network traffic classification, convolution neural network, attention mechanism, network management, cyber security