联合胶囊和双向LSTM网络的VPN加密流量识别

doi:10.3778/j.issn.1002-8331.2208-0054

摘要/Abstract

摘要： 为了提高对网络资源的有效管理，加密流量识别已成为网络安全领域的一大挑战，目前研究大多是基于深度学习的方法，但这些方法忽略了网络流量的层次化特征，如固定字符串的位置、不同协议的Bit转换成图像时造成的错位，对此，提出一种联合胶囊网络（capsule network，CapsNet）和双向长短期记忆网络（bidirectional long short-term memory，BiLSTM）的深度神经网络来对加密流量进行识别。该模型分别提取了加密流量的空间位置特征和时序特征，最后使用Softmax分类器实现对加密流量服务的识别，其中，针对CapsNet进行了改进，将原来的1层9×9卷积优化成了4层3×3卷积，并提出一种联合损失函数。该方法在ISCX VPN-non VPN公共数据集上进行了验证，三个分类实验结果表明，该模型的分类准确率、精确率、召回率和F1值均在98%以上，优于最先进的加密流量分类方法。

关键词: 加密流量识别, 深度学习, 层次化特征, 胶囊网络, 双向长短期记忆网络, 联合损失函数

Abstract: In order to improve the effective management of network resources, encrypted traffic identification has become a major challenge in the field of network security. Most of the current research is based on deep learning methods, but these methods ignore the hierarchical characteristics of network traffic, such as the position of fixed strings and the dislocation caused by the Bit conversion of different protocols into images. In this regard, a deep neural network combining capsule network and bidirectional long short-term memory is proposed to identify encrypted traffic. The model extracts the spatial location features and timing features of encrypted traffic respectively. Finally, it uses the Softmax classifier to identify encrypted traffic services. Among them, the CapsNet is improved by optimizing the original 1-layer 9×9 convolution into 4-layer 3×3 convolution, and a joint loss function is proposed. The method is validated on the ISCX VPN-non VPN public dataset, and the results of three classification experiments show that the classification accuracy, precision, recall and F1 value of the model are all above 98%, which is better than the state-of-the-art encryption traffic classification method.

Key words: encrypted traffic identification, deep learning, hierarchical features, capsule network, bidirectional long short-term memory network, joint loss function

杨忠富, 常俊, 许妍, 罗金燕, 吴彭. 联合胶囊和双向LSTM网络的VPN加密流量识别[J]. 计算机工程与应用, 2023, 59(23): 246-253.

YANG Zhongfu, CHANG Jun, XU Yan, LUO Jinyan, WU Peng. VPN Encrypted Traffic Identification for Joint Capsule and Bidirectional LSTM Networks[J]. Computer Engineering and Applications, 2023, 59(23): 246-253.

参考文献

[1] DAINOTTI A，PESCAPE A，CLAFFY K C.Issues and future directions in traffic classification[J].IEEE Network，2012，26（1）：35-40.
[2] CHEN S，XU H，LIU D，et al.A vision of IoT：applications，challenges，and opportunities with China perspective[J].IEEE Internet of Things Journal，2014，1（4）：349-359.
[3] DAHMOUNI H，VATON S，ROSSé D.A Markovian signature-based approach to IP traffic classification[C]//ACM Workshop on Mining Network Data，2007.
[4] SOYSAL M，SCHMIDT E G.Machine learning algorithms for accurate flow-based network traffic classification：evaluation and comparison[J].Performance Evaluation，2010，67（6）：451-467.
[5] MOORE A W，ZUEV D.Internet traffic classification using Bayesian analysis techniques[C]//Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems，2005：50-60.
[6] ALSHAMMARI R，ZINCIR-HEYWOOD A N.Investigating two different approaches for encrypted traffic classification[C]//2008 6th Annual Conference on Privacy，Security and Trust，2008：156-166.
[7] WANG Z.The applications of deep learning on traffic identification[J].BlackHat USA，2015，24（11）：1-10.
[8] DONG C，ZHANG C，LU Z，et al.CETAnalytics：comprehensive effective traffic information analytics for encrypted traffic classification[J].Computer Networks，2020，176：107258.
[9] WANG W，ZHU M，WANG J，et al.End-to-end encrypted traffic classification with one-dimensional convolution neural networks[C]//2017 IEEE International Conference on Intelligence and Security Informatics（ISI），2017：43-48.
[10] ZHANG J，LI F，YE F，et al.Autonomous unknown-application filtering and labeling for DL-based traffic classifier update[C]//IEEE INFOCOM 2020-IEEE Conference on Computer Communications，2020：397-405.
[11] LOTFOLLAHI M，SIAVOSHANI M J，ZADE R S H，et al.Deep packet：a novel approach for encrypted traffic classification using deep learning[J].Soft Computing，2020，24（3）：1999-2012.
[12] VU L，THUY H V，NGUYEN Q U，et al.Time series analysis for encrypted traffic classification：a deep learning approach[C]//2018 18th International Symposium on Communications and Information Technologies（ISCIT），2018：121-126.
[13] ZOU Z，GE J，ZHENG H，et al.Encrypted traffic classification with a convolutional long short-term memory neural network[C]//2018 IEEE 20th International Conference on High Performance Computing and Communications；IEEE 16th International Conference on Smart City；IEEE 4th International Conference on Data Science and Systems（HPCC/SmartCity/DSS），2018：329-334.
[14] LU B，LUKTARHAN N，DING C，et al.ICLSTM：encrypted traffic service identification based on Inception-LSTM neural network[J].Symmetry，2021，13（6）：1080.
[15] HOLLAND J，SCHMITT P，FEAMSTER N，et al.New directions in automated traffic analysis[C]//Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security，2021：3366-3383.
[16] SABOUR S，FROSST N，HINTON G E.Dynamic routing between capsules[C]//Advances in Neural Information Processing Systems，2017.
[17] LASHKARI A H，DRAPER-GIL G，MAMUN M，et al.Characterization of encrypted and VPN traffic using time-related features[C]//International Conference on Information Systems Security and Privacy（ICISSP），2016：407-414.