Internet encrypted traffic interaction feature extraction method based on graph structure

Abstract

The invention discloses an Internet encrypted traffic interaction feature extraction method based on a graph structure, belongs to the technical field of encrypted network traffic classification, andis applied to fine-grained classification of network traffic after TLS encryption. Encrypted traffic interaction characteristics based on the graph structure are extracted from an original packet sequence, and the graph structure characteristics include sequence information, packet direction information, packet length information, burst traffic information and the like of data packets. Through quantitative calculation, compared with a packet length sequence, the intra-class distance is obviously reduced and the inter-class distance is increased after the graph structure characteristics are used. According to the method, the encrypted traffic characteristics with richer dimensions and higher discrimination can be obtained, and then the method is combined with deep neural networks such as agraph neural network to carry out refined classification and identification of the encrypted traffic. A large number of experimental data experiments prove that compared with an existing method, the method adopting the graph structure characteristics in combination with the graph neural network has higher accuracy and lower false alarm rate.

Description

technical field [0001] The invention relates to a method for extracting interactive features of Internet encrypted traffic, in particular to a method for extracting interactive features of Internet encrypted traffic based on a graph structure, which provides a feature with richer dimensions and higher discrimination for deep neural networks such as graph neural networks, and belongs to Encrypted network traffic classification technology field. Background technique [0002] Traffic classification can assist network operators in load balancing and routing planning, bringing better user experience to users. However, with the dramatic increase in the usage of encryption protocols such as SSL / TLS, traditional classification methods, such as deep packet inspection, fail due to the fact that the payload information is encrypted. In order to be able to classify encrypted network traffic, related research has begun to extract available information from encrypted network data packets...

AI Technical Summary

Problems solved by technology

In the work related to statistical features, there are literatures that calculate 54 statistical features for uplink, downlink, and bidirectional data packet lengths, such as the average length of uplink data packets. However, such feature calculation methods require a large number of packets and feature calculation time complexity. High, but also requires a complex feature selection process

In related work on sequence features, there are literatures that use packet length sequences as feature inputs for deep learning methods such as convolutional neural networks. However, most of the data packets in the network are transmitted with a fixed maximum length, making the packet length sequence The timing information of the discriminative reduction

[0004] To sum up, the features currently suitable for network encrypted traffic classification have problems such as high computational complexity or low discrimination.

Images