Encrypted traffic identification and classification method and system based on direct push graph

A technology of traffic identification and classification method, which is applied in the field of encrypted traffic identification and classification method and system based on transductive graph, which can solve the problem that intelligent encrypted traffic identification and classification technology cannot be well applied in actual deployment, is susceptible to interference, and encrypted traffic identification Problems such as the inability of the classification model to achieve stable recognition and classification effects

Active Publication Date: 2022-08-05
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Due to the limitations of side channel information and learning models, the current mainstream intelligent encrypted traffic identification and classification technology cannot be well applied to actual deployment
The current training material for encrypted traffic identification and classification technology is the side channel information of encrypted traffic, which is unstable in different network environments, which leads to the fact that the single distribution learned by the model cannot adapt to the disturbed side channel. channel characteristic distribution
The current training and testing methods for encrypted traffic identification and classification models are to initialize the model in a known single network environment, and deploy and test the initialized model in different network environments, which also leads to a single distribution learned by the model Inability to adapt to perturbed side channel characteristic distribution
Therefore, the new intelligent encrypted traffic identification and classification technology has the following difficult challenges: Due to the complexity and uncertainty of the network topology, the current encrypted traffic identification and classification technology cannot guarantee stable universality
Under different network environments, due to unpredictable network fluctuations, network delays, network bandwidth and topology, the feature distribution of encrypted traffic from the same network application under the same group of feature vectors is easily disturbed. The unstable feature distribution makes the current The encrypted traffic identification and classification model initialized under a single network cannot achieve stable identification and classification results

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Encrypted traffic identification and classification method and system based on direct push graph
  • Encrypted traffic identification and classification method and system based on direct push graph
  • Encrypted traffic identification and classification method and system based on direct push graph

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0064] Example 1 Using the encrypted traffic identification and classification algorithm based on the direct inference graph to identify and classify encrypted traffic under unknown networks

[0065] Taking the independently collected dataset CrossNet2022 as the dataset, the CrossNet2022 dataset contains encrypted traffic data collected in two network environments. For each network environment, the encrypted traffic data generated by the same network application is collected. These traffics are generated from 20 commonly used web application:

[0066] 1) First, for the encrypted traffic data of 20 network applications collected in one of the network environments, use the five-tuple of {destination IP, destination port, source IP, source port, transport layer protocol} as the key to segment the network session. . Divide the collected set of raw packets into individual network sessions;

[0067] 2) extract the destination IP address of the network layer of each network session...

example 2

[0079] Example 2 Identifying and classifying a new class of encrypted traffic for network applications not included in the training set using a transductive graph-based encrypted traffic identification and classification algorithm

[0080] Use two sub-data sets of CrossNet2022 as instance samples, in which 15 classes in CrossNet2022_A are used as training sets, and their labels are known; the data in CrossNet2022_B are used as test sets, including all 20 classes, which need to be identified that are not included in CrossNet2022_A 5 categories.

[0081] 1) Repeat 1)-9) in Example 1;

[0082] 2) For nodes to be tested that have not obtained predicted class labels in the transduction graph, the network sessions included in them are determined as new classes, that is, encrypted traffic sessions generated by network applications that do not appear in the training set.

[0083] Comparing the results of the method of the present invention and other methods, all methods are initializ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an encrypted traffic identification and classification method and system based on a direct push graph. The method comprises the following steps: firstly, collecting encrypted traffic data of a known category in a known network environment and encrypted traffic data of unknown label information in a cross-network environment; then, the collected network flow data is divided into single network sessions; aggregating sessions with the same address information to form a session cluster set; then, by taking session clusters in the session cluster set as node units, calculating feature similarity among nodes, and constructing relation edges among the nodes; constructing a direct push graph according to the relation edges between the node information and the nodes; and then, predicting category information of unknown nodes through an iterative'aggregation diffusion 'graph reasoning algorithm. The method can efficiently and stably identify and classify the network application traffic collected under the general network under the condition that the diversity of the network traffic training samples is insufficient, and identifies the new class of network application traffic data not contained in the training set.

Description

technical field [0001] The invention belongs to the field of network traffic management, relates to the identification and classification technology of encrypted network traffic, and in particular relates to a method and system for identifying and classifying encrypted traffic based on a direct inference graph. Background technique [0002] Encrypted traffic identification and classification technology is one of the main branches of network traffic management technology. This technology establishes identification models for different types of network application traffic by collecting traffic data generated by different network applications, so as to identify and classify the network applications to which the traffic to be measured belongs. With the gradual maturity of symmetric encryption and asymmetric encryption systems, network traffic generally uses standard TLS / SSL encryption technology for data encryption, which makes the data originally transmitted in plaintext opaque...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L67/14
CPCH04L63/1408H04L63/1416H04L67/14Y02D30/50
Inventor 张晓宇李文灏刘峰
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap