Network encrypted traffic recognition method and device

A traffic identification, network technology

Active Publication Date: 2021-01-01
NANJING UNIV OF POSTS & TELECOMM
View PDF3 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] The purpose of the present invention is to overcome the deficiencies in the prior art and provide a method and device for network encrypted traffic identification, which solves the problems of high time-consuming traffic identification algorithm and poor real-time performance caused by encryption technology in the current network environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network encrypted traffic recognition method and device
  • Network encrypted traffic recognition method and device
  • Network encrypted traffic recognition method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0089] The present invention provides a method for identifying network encrypted traffic, which is characterized in that it includes the following process:

[0090] Obtain the encrypted traffic file to be identified;

[0091] Pre-processing the encrypted traffic to be identified, the pre-processing includes: dividing the encrypted traffic stream into multiple streams; then collecting multiple continuous data packets from each stream as samples; finally vectorizing each sample, Standardize processing to obtain a formatted set of sample vectors;

[0092] Input the sample vector set obtained after preprocessing into the pre-trained hybrid neural network model to obtain a prediction vector, and the element values ​​in this prediction vector represent the predicted values ​​of encrypted traffic belonging to each category;

[0093]The hybrid neural network model includes: a 1D-CNN network, a stacked bidirectional LSTM network and a fully connected layer network; wherein the 1D-CNN ...

Embodiment 2

[0097] The extraction of features used to identify encrypted traffic is related to traffic preprocessing methods, vectorization methods, and information about different parts of the traffic data stream. For example, traffic metadata and payload information, which can provide different and effective features for identifying encrypted traffic. In this solution, on the one hand, it is considered to combine information such as flow meta-information, data packet partial load, and timing characteristics between data packets to improve data integrity. On the other hand, in this method, a hybrid neural network model is designed for automatic representation learning of the above information.

[0098] figure 1 It is an overall frame diagram of the method of the present invention, which mainly includes two stages: a preprocessing stage and a classification stage. The preprocessing stage directly converts raw traffic into standard data, which includes four steps: stream segmentation, st...

Embodiment 3

[0181] Correspondingly, the present invention also provides a network encrypted traffic identification device, including an encrypted traffic acquisition module, a preprocessing module, a classification prediction module, and a classification identification module; wherein:

[0182] An encrypted traffic acquisition module, configured to acquire encrypted traffic files to be identified;

[0183] A preprocessing module, configured to preprocess the encrypted traffic to be identified, the preprocessing module includes a flow segmentation unit, a collection unit and a vectorization unit, wherein:

[0184] A stream splitting unit, configured to split the encrypted traffic stream into multiple streams;

[0185] an acquisition unit, configured to acquire a plurality of continuous data packets from each flow as samples;

[0186] The vectorization unit is used to vectorize and standardize each sample to obtain a formatted sample vector set;

[0187] The classification prediction modu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network encrypted traffic recognition method and device. The method comprises a preprocessing stage and a classification stage. In the preprocessing stage, original flow is subjected to flow segmentation, sampling, vectorization and standardization, a sampling scheme in large flow is provided, and the classification problem of the large flow is solved. In the classification stage, spatial feature capture and abstract feature extraction are performed by using a CNN, and then traffic time sequence features are learned by using stacked bidirectional LSTM on the basis ofabstract features so that automatic feature extraction and efficient recognition of encrypted traffic can be realized. The method has universality, can automatically extract the space-time features ofthe encrypted traffic without manual feature design of experts, and can adapt to traffic feature changes caused by different encryption technologies and confusion technologies.

Description

technical field [0001] The present invention specifically relates to a method for identifying network encrypted traffic, and also relates to a device for identifying network encrypted traffic, which belongs to the technical fields of deep learning, network traffic analysis, and cyberspace security applications. Background technique [0002] Traffic classification is one of the most important tasks in modern network communication, but due to the popularization of encryption technology and the rapid growth of network throughput, it is becoming more and more difficult to realize high-speed and accurate encrypted traffic identification. Encrypted traffic classification is of great significance to traffic engineering, network resource management, QoS (Quality of Service), and cyberspace security management. In recent years, there has also been a huge demand for encrypted traffic analysis and management in new network fields such as IoT networks, software-defined networks, and mob...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62G06N3/04
CPCG06N3/049G06N3/044G06N3/045G06F18/214
Inventor 徐小龙林焜达
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap