Unlock instant, AI-driven research and patent intelligence for your innovation.

Data packet frequency analysis-based network proxy encrypted traffic feature extraction method

A technology of frequency analysis and traffic characteristics, applied in data exchange networks, digital transmission systems, instruments, etc., it can solve the problems of fine-grained identification of traffic without Shadowsocks, and the inability to classify traffic at fine-grained level, so as to improve the classification effect and high accuracy. Effect

Inactive Publication Date: 2019-01-29
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF0 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method only identifies Shadowsocks traffic from background traffic, and cannot perform further fine-grained traffic classification
[0007] To sum up, in the field of SSH traffic classification, there is a coarse-grained classification of SSH, but in the field of proxy traffic identification using Shadowsocks encryption, there is currently only a method to identify Shadowsocks traffic from background traffic, and there is no method for encrypting Shadowsocks traffic. A method for fine-grained traffic identification

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data packet frequency analysis-based network proxy encrypted traffic feature extraction method
  • Data packet frequency analysis-based network proxy encrypted traffic feature extraction method
  • Data packet frequency analysis-based network proxy encrypted traffic feature extraction method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0068] This embodiment is based on the complete Shadowsocks encrypted proxy traffic feature extraction simulation carried out based on steps 1 to 4 of the present invention. The overall flow chart is as follows figure 1 As shown in Fig. 1, the network traffic characteristics generated by the combined action of highly discriminative packet extraction technology and clustering results are used for encryption proxy traffic classification.

[0069] Firstly, the data packets with high discrimination are extracted. The specific process is as follows: figure 2 shown. Assume that a captured data stream is expressed as F=(p 1 ,...,p n ), where p i represents the i-th packet. packet p i The information contained includes three parts of data packet direction, data packet size and data packet flag information, if the data packet p i If it is a SYN data packet with a length of 54 sent from the client to the server, the data packet is encoded as U_54_SYN, which represents a SYN packe...

Embodiment 2

[0078] In this embodiment, the method of the present invention is compared with other traffic classification algorithms to verify the advantages and effectiveness of the present invention. The network traffic constructed by combining the traffic feature extraction method (TF-IDF) based on word frequency analysis of the present invention with the traditional machine learning algorithm nearest neighbor algorithm (k-NN), support vector machine (SVM), and random forest (RANF) The classifiers outperform the result of classifying without using these classifiers directly. Using the same traffic data set to classify web traffic, the comparison results of different methods are shown in Table 2:

[0079] Table 2 Comparison of classification accuracy of different methods

[0080] classification algorithm

k-NN

k-NN_T

SVM

SVM_T

RANF

RANF_T

Accuracy

67.51%

72.85%

63.62%

72.81%

71.04%

76.16%

[0081] It can be seen from Table 2...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a data packet frequency analysis-based network proxy encrypted traffic feature extraction method and belongs to the field of machine learning and network service security. Themethod includes the following steps that: step 1, data packets are extracted based on a data packet frequency analysis result; step 2, data packet length-time stamp difference clustering is performed, and a clustering result is generated; step 3, an optimal cluster quantity is calculated; and step 4, and encrypted traffic features are calculated. According to the method, the word frequency inverse document frequency-based data packets with large discrimination degrees are adopted, the application of such kind of data packets enables a more discrimination effect compared with the direct application of all data packets; the such kind of data packets can be applied to any machine learning classification algorithms and enable high classification accuracy; and the data packet length-time stampdifference clustering is introduced, and therefore, the classification effect of webpages with different URLs and identical page elements can be improved. The data packet frequency analysis-based network proxy encrypted traffic feature extraction method has higher accuracy compared with an existing encrypted network traffic classification and recognition method.

Description

technical field [0001] The present invention relates to a network proxy encrypted traffic feature extraction method based on data packet frequency analysis, in particular to a machine learning Shadowsocks proxy encrypted traffic feature extraction method based on the difference clustering between data packet frequency and data packet length and time stamp , which aims to provide highly differentiated traffic characteristics for identifying Shadowsocks encrypted web traffic, which belongs to the field of machine learning and network service security. Background technique [0002] Traffic is the carrier of network information transmission. Shadowsocks is an encrypted proxy technology based on SOCKS5, which acts between the transport layer and the application layer to provide users with proxy services. The traffic identification technology referred to in the present invention is to carry out fine-grained classification and identification on the traffic encrypted by Shadowsocks...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/851H04L12/24G06K9/62H04L29/06
CPCH04L41/14H04L41/142H04L47/2441H04L47/2483H04L63/1416H04L63/168G06F18/2321
Inventor 沈蒙张晋鹏祝烈煌徐恪
Owner BEIJING INSTITUTE OF TECHNOLOGYGY