计算机工程与应用 ›› 2021, Vol. 57 ›› Issue (18): 114-121.DOI: 10.3778/j.issn.1002-8331.2005-0409

• 网络、通信与安全 • 上一篇    下一篇

基于特征融合卷积神经网络的端到端加密流量分类

薛文龙,于炯,郭志琦,李梓杨   

  1. 1.新疆大学 软件学院,乌鲁木齐 830008
    2.新疆大学 软件工程技术重点实验室,乌鲁木齐 830008
    3.新疆大学 信息科学与工程学院,乌鲁木齐 830046
  • 出版日期:2021-09-15 发布日期:2021-09-13

End-to-End Encrypted Traffic Classification Based on Feature Fusion Convolutional Neural Network

XUE Wenlong, YU Jiong, GUO Zhiqi, LI Ziyang   

  1. 1.School of Software, Xinjiang University, Urumqi 830008, China
    2.Key Laboratory of Software Engineering Technology, Xinjiang University, Urumqi 830008, China
    3.School of Information Science and Engineering, Xinjiang University, Urumqi 830046, China
  • Online:2021-09-15 Published:2021-09-13

摘要:

针对现有人工神经网络方法在网络加密流量分类应用中结构复杂且计算量大的问题,首次提出了一种基于特征融合的轻量级网络模型Inception-CNN,用于端到端加密流量的分类,在显著提高分类结果准确性的同时,大大降低了网络计算复杂度。利用Inception模块1×1卷积进行降维,减少了计算参数;从不同的感受野中做到不同级别上的特征提取,将多种不同尺寸滤波器卷积的特征进行融合,从而在原始数据中提取到更加丰富的特征自动学习原始输入和预期输出之间的非线性关系;利用池化操作没有参数的特性,防止产生过拟合。选择使用国际公开ISCX VPN-nonVPN数据集作为实验数据,采用softmax作为分类器,实现了对加密流量的准确分类。实验结果表明,该模型分类准确率达到97.3%、精确率达到97.2%、召回率达到97.7%、F1-score达到97.5%,并且对不同类别的加密流量识别效果也更加均衡。

关键词: 人工神经网络, Inception, 端对端, 加密流量分类, 特征融合

Abstract:

Aiming at the problem that the existing artificial neural network method has a complicated structure and a large amount of calculation in the application of network encryption traffic classification, a lightweight network model Inception-CNN based on feature fusion is proposed for the classification of end-to-end encrypted traffic, while significantly improving the accuracy of classification results, greatly reducing the complexity of network calculations. The 1×1 convolution of the Inception module is used to reduce the dimensions, reduce the calculation parameters, and reduce the computational complexity. Then the feature extraction is done at different levels from different receptor fields, and the features of many different size filter convolutions are fused, so that richer features are extracted from the raw data to automatically learn the nonlinear relationship between the raw input and the expected output. The feature of the pooling operation without parameters is used to prevent overfitting. The international publicly available ISCX VPN-nonVPN dataset is selected as experimental data, and softmax is used as a classifier to achieve accurate classification of encrypted traffic. The experimental results show that the classification accuracy rate of the model reaches 97.3%, the precision reaches 97.2%, the recall rate reaches 97.7%, and the F1-score reaches 97.5%, and the recognition effect of different types of encrypted traffic is also more balanced.

Key words: artificial neural network, Inception, end-to-end, encrypted traffic classification, feature fusion