Encrypted traffic classification method and related equipment
A traffic classification and classification method technology, applied in the field of machine learning, can solve the problems of high CPU time, high false alarm rate, and low accuracy rate, and achieve the effects of low machine performance consumption, low false alarm rate, and high accuracy rate
Active Publication Date: 2021-12-10
BEIJING UNIV OF POSTS & TELECOMM +2
View PDF14 Cites 1 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, correspondingly, traditional encrypted traffic classification methods cannot effectively classify QUIC encrypted traffic.
[0004] The original encryption protocol is based on the TCP protocol at the transport layer, while the QUIC protocol is based on the UDP protocol, and above the transport layer, it has a separate packet header field that needs to be processed separately. Therefore, the original encryption protocol classification method, Unable to perform feature extraction for the QUIC protocol, and unable to complete subsequent encrypted traffic classification
[0005] The QUIC protocol has gradually improved and become popular in recent years. However, the previous encrypted traffic classification method has low accuracy, high false alarm rate, higher CPU time and more memory space when classifying QUIC traffic. Compared with the current Some SSL encryption methods can establish a connection without a round trip, and the complete payload of each QUIC datagram (above the UDP layer) is authenticated and encrypted, which is more difficult to extract features than existing encryption protocols , more difficult to classify
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0031] In order to make the purpose, technical solutions and advantages of the present disclosure clearer, the present disclosure will be further described in detail below in conjunction with specific embodiments and with reference to the accompanying drawings.
[0032] It should be noted that, unless otherwise defined, the technical terms or scientific terms used in one or more embodiments of the present disclosure shall have the usual meanings understood by those skilled in the art to which the present disclosure belongs. "First", "second" and similar words used in the embodiments of the present disclosure do not indicate any sequence, quantity or importance, but are only used to distinguish different components. "Comprising" or "comprising" and similar words mean that the elements or items appearing before the word include the elements or items listed after the word and their equivalents, without excluding other elements or items.
[0033] As mentioned in the background tec...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
One or more embodiments of the invention provide an encrypted traffic classification method and related equipment. The method comprises the following steps: firstly, monitoring and capturing network traffic data in real time to obtain QUIC data packets, classifying the QUIC data packets to obtain different QUIC streams, and performing feature extraction on the QUIC streams to obtain time sequence features, byte stream features and statistical features; inputting the extracted features into a first classification model and a second classification model according to a preset requirement for preliminary processing, and inputting processing results of the two classification models into a naive Bayes model for processing to obtain a final classification result. The classification method and the related equipment can effectively classify the QUIC encrypted traffic, and have the advantages of high accuracy, low false alarm rate, low machine performance consumption and the like.
Description
technical field [0001] The present disclosure relates to the technical field of machine learning, in particular to a method for classifying encrypted traffic and related equipment. Background technique [0002] Quick User Datagram Protocol (Quick UDP Internet Connection, QUIC) is a UDP-based low-latency Internet transport layer protocol developed by Google. In November 2016, the International Internet Engineering Task Force (IETF) held the first QUIC working group meeting, and it has not yet been widely used. Among them, the QUIC encryption protocol is a part of QUIC, which provides transmission security for connections. [0003] In order to maintain national network security and assist operators to achieve more flexible network management and network operation and maintenance, the task of encrypting traffic classification is particularly important. Network security and privacy protection are increasingly becoming the focus of attention of enterprises and network users. Th...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/851G06K9/62G06N20/00
CPCH04L47/2441G06N20/00G06F18/241Y02D30/50
Inventor 黄小红李丹丹李建华周宇迪丛群
Owner BEIJING UNIV OF POSTS & TELECOMM