VPN tool refined classification method based on hierarchical detection

Abstract

The invention discloses a VPN (Virtual Private Network) tool refined classification method for hierarchical detection, which comprises the following steps of: (1) according to key negotiation characteristics of different VPN tools, extracting length characteristics and time correlation characteristics of a single flow, and generating flow classification data sets of different proxy protocols; (2) constructing a GBDT-LR training model based on ensemble learning to realize preliminary classification of VPN tool proxy protocol levels; (3) constructing a 1D-CNN training model of a second level for classifying different VPN tools according to the preliminarily classified proxy protocol category; and (4) optimizing the difference between the predicted VPN tool category of the 1D-CNN training model and a real label by using a maximum entropy classifier, and finally outputting an identification result of the VPN tool. According to the method, various private VPN tools can be accurately identified, and the supervision efficiency and strength of network space security are improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for fine-grained classification of VPN tools for hierarchical detection. Background technique [0002] With the increasingly severe cyberspace security situation, the regulation of cyberspace is also more stringent. In order to evade supervision, private VPN tools hide users' real network addresses by enabling anonymous proxies, helping users access overseas nodes and obtain overseas related information, which brings a lot of challenges to my country's network supervision and network security governance. It is urgent to carry out classification research and security supervision of some private VPN tools. [0003] With the development of VPN technology, encrypted traffic covered by VPN technology loses the packet header information and traffic side channel feature information of the original traffic, which makes it more difficult to detect, identify and classify ...

AI Technical Summary

Problems solved by technology

Overall classification accuracy is poor, with some limitations

When it comes to the classification of specific VPN tools, the traffic of VPN tools using the same proxy protocol shows a high degree of similarity, and conventional encrypted traffic detection methods are difficult to identify. The industry has not yet carried out corresponding research, and further exploration is needed

Therefore, the research status is summarized as follows: 1) There is a certain gap in the current research on the classification of VPN proxy protocols, and there is no overall analysis and research on VPN tools mainly used by domestic users; The detection accuracy of VPN tools is low, making it difficult to effectively supervise VPN tools

Images