Network encrypted traffic identification method and device based on deep learning

Abstract

The embodiment of the invention provides a network encrypted traffic identification method and device based on deep learning, relates to the technical field of network security, and can improve the accuracy and efficiency of network encrypted traffic identification. The method comprises the steps of obtaining message information and communication behavior information of a preset number of data packets belonging to a communication establishment stage in to-be-identified network traffic; constructing a message two-dimensional data matrix according to the message information, and constructing a behavior two-dimensional data matrix according to the communication behavior information; and inputting the message two-dimensional data matrix and the behavior two-dimensional data matrix into a network traffic identification model, and determining the protocol type of the to-be-identified network traffic, wherein the network flow identification model is a sample two-dimensional data matrix passing through the sample network flow and a protocol type label corresponding to the sample network flow; and training the deep learning network to obtain a model, wherein the sample two-dimensional datamatrix comprises a sample message two-dimensional data matrix and a sample behavior two-dimensional data matrix corresponding to the sample network flow.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a method and device for identifying network encrypted traffic based on deep learning. Background technique [0002] With the rapid development of new network technologies such as the 5th generation mobile networks (5G) technology, the Internet of Things, and the Industrial Internet, and the diversification of application scenarios, the forms of network terminals are more diversified and the number is increasing exponentially. . Once the remote control, information theft, denial of service and other network attacks initiated by malicious devices successfully invade the network, it will pose a major threat to the user information security of network terminals. Therefore, the network security risks faced by network terminals are becoming increasingly prominent. [0003] At present, most network attacks need to achieve their malicious purposes through network commun...

AI Technical Summary

Problems solved by technology

Existing network monitoring and analysis methods, such as port identification and deep packet inspection, can only identify whether the network traffic using mainstream public network protocols is abnormal, and cannot effectively detect malicious encrypted network traffic.

And the existing methods based on statistical features, such as machine learning, input the network traffic characteristics into the machine learning model, and the model outputs the recognition results. Although this method does not rely on the analysis of the data packet payload, the network traffic characteristics of the input model Manual extraction is required, which consumes a lot of human resources, resulting in low recognition efficiency and low accuracy

Images