| 刘 梦,付海艳*
,褚冰融.基于流的时间相关特征的VPN加密流量识别[J].海南师范大学学报自科版,2023,36(3):249-260 |
| 基于流的时间相关特征的VPN加密流量识别 |
| VPN Encrypted Traffic Identification Based on Flow Time-related Features |
| |
| DOI:10.12051/j.issn.1674-4942.2023.03.002 |
| 中文关键词: 网络安全 加密流量识别 时间相关特征 VPN流量 决策树 随机森林 XGBoost |
| 英文关键词: cyber security encrypted traffic recognition time-related features VPN traffic decision tree random forest XGBoost |
| 基金项目:国家自然科学基金项目(62262019);海南省自然科学基金项目(622RC675,2019CXTD405) |
|
| 摘要点击次数: 662 |
| 全文下载次数: 1349 |
| 中文摘要: |
| 随着网络流量规模和来源的增加,对网络流量监控和分析的挑战也随之增加,尤其是
对加密流量进行识别的问题,该挑战性问题在于如何对加密流量不解密的情况下直接识别加密流
量。因此,针对加密流量识别问题,本文提出了一种基于流的时间相关特征的VPN加密流量识别
方法。通过设置2个实验场景,实现了加密流量与非加密流量的识别,并根据流的类型将加密流量
划分为不同的类别,在识别出加密流量的基础上又实现了应用识别和服务类型的识别。最后在公
开数据集ISCXVPN2016上利用不同的机器学习算法进行了对比实验,实验结果表明:使用较短的
流超时值可以提高识别准确率,在流超时值为15 s时结果最优。上述实验结果也证明了时间相关
特征是表征加密流量和VPN流量的良好分类准则。 |
| 英文摘要: |
| As the scale and sources of network traffic increase, so does the challenge of monitoring and analyzing network
traffic, especially the problem of identifying encrypted traffic, the challenging problem is how to directly identify encrypted
traffic without decrypting encrypted traffic.Therefore, in response to the problem of encrypted flow recognition, this article
proposes a VPN encrypted flow recognition method based on current-based time-based features. By setting up two experi⁃
mental scenarios, the identification of encrypted flow and non-encrypted flow was realized, and the encrypted flow was di⁃
vided into different categories based on the type of flow. On the basis of identifying encrypted flows, the application recogni⁃
tion and service type identification are also realized. Finally, a comparative experiment was carried out on the open data set
ISCXVPN2016 by using different machine learning algorithms. The experimental results show that the recognition accuracy
can be improved by using a shorter stream timeout value, and the optimal result is obtained when the stream timeout value
is 15 s. The above experimental results also prove that the time-related features are a good classification criterion for the
characterization of encrypted traffic and VPN traffic. |
|
查看全文
查看/发表评论 下载PDF阅读器 |
| 关闭 |
