面向SSL VPN加密流量的识别方法

doi:10.3778/j.issn.1002-8331.2007-0544

摘要/Abstract

摘要： SSL VPN流量常常被一些非法应用利用，来绕过防火墙等安全设施的检测。因此，对SSL VPN加密流量的有效识别对网络信息安全具有重要意义。针对此，提出了一种基于Bit级DPI和深度学习的SSL VPN加密流量识别方法，所提方法分为两个步骤：利用Bit级DPI指纹生成技术识别SSL流量，缩小识别范围；再利用基于注意力机制的改进的CNN网络流量识别模型识别SSL VPN流量。该方法不仅有效解决了传统SSL加密流量指纹识别方法存在的漏识别率较高的问题，同时改进后的深度学习模型能提取网络流量中具有非常显著性的细粒度的特征，从而更加有效地捕捉网络流量中存在的依赖性。实验结果表明，该方法较现有的模型对SSL VPN加密流量的识别效果提高了6%以上。

关键词: SSL VPN, 指纹识别, 深度学习, 注意力机制

Abstract: SSL VPN traffic is often used by some illegal applications using SSL VPN to bypass the detection of security facilities such as firewalls. Therefore, the effective identification of SSL VPN encrypted traffic is of great significance to network information security. In view of this, this paper proposes a SSL VPN encrypted traffic identification method based on bit-level DPI and deep learning. The proposed method is divided into two steps：bit-level DPI fingerprint generation technology to identify SSL traffic and narrow the identification range; an improved CNN network traffic identification model based on attention mechanism to identify SSL VPN traffic. The proposed method not only effectively solves the problem of high rate of missing recognition in the traditional SSL traffic fingerprint identification method, but also the improved deep learning model can extract the very significant fine-grained features in the network traffic, so as to more effectively capture the dependency existing in the network traffic. The experimental results show that the proposed method is more than 6% better than the existing model in the identification of SSL VPN encrypted traffic.

Key words: SSL VPN, signature recognition, deep learning, attention mechanism

王宇航, 姜文刚, 翟江涛, 史正爽. 面向SSL VPN加密流量的识别方法[J]. 计算机工程与应用, 2022, 58(1): 143-151.

WANG Yuhang, JIANG Wengang, ZHAI Jiangtao, SHI Zhengshuang. Traffic Identification Method for SSL VPN Encryption[J]. Computer Engineering and Applications, 2022, 58(1): 143-151.

参考文献

[1] SHEN M，WEI M，ZHU L，et al.Classification of encrypted traffic with second-order Markov chains and application attribute bigrams[J].IEEE Transactions on Information Forensics and Security，2017，12（8）：1830-1843.
[2] 程光，陈玉祥.基于支持向量机的加密流量识别方法[J].东南大学学报（自然科学版），2017，47（4）：655-659.
CHENG G，CHEN Y X.Identification method of encryption traffic based on support vector machine[J].Journal of Southeast University（Natural Science edition），2017，47（4）：655-659.
[3] LOTFOLLAHI M，ZADE R S H，SIAVOSHANI M J，et al.Deep packet：A novel approach for encrypted traffic classification using deep learning[J].arXiv：1709.02656，2017.
[4] 赵博，郭虹，刘勤让，等.基于加权累积和检验的加密流量盲识别算法[J].软件学报，2013，24（6）：1334-1345.
ZHAO B，GUO H，LIU Q R，et al，Protocol independent identification of encrypted traffic based on weighted accumulation and test[J].Journal of Software，2013，24（6）：1334-1345.
[5] BERNAILLE L，TEIXEIRA R.Early recognition of encrypted applications[C]//Proceedings of International Conference on Passive and Active Network Measurement，2007：165-175.
[6] ALSHAMMARI R，ZINCIR-HEYWOOD A N.Generalization of signatures for SSH encrypted traffic identification[C]//Proceedings of Computational Intelligence in Cyber Security Confrrence，2009：167-174.
[7] DRAPER-GIL G，LASHKARI A H，MAMUN M S I，et al.Characterization of encrypted and VPN traffic using time-related features[C]//Proceedings of International Conference on Information Systems Security and Privacy，2016：407-414．
[8] BAGUI S，FANG X，KALAIMANNAN E，et al.Comparison of machine-learning algorithms for classification of VPN network traffic flow using time-related features[J].Journal of Cyber Security Technology，2017，1（2）：108-126.
[9] 王琳，封化民，刘飚，等.基于混合方法的SSL VPN加密流量识别研究[J].计算机应用与软件，2019，36（2）：315-322.
WANG L，FENG H M，LIU J，et al.SSL VPN encrypted traffic identification based on hybrid method[J].Computer Applications and Software，2019，36（2）：315-322.
[10] AFEK Y，BREMLER-BARR A，HARCHOL Y，et al.Making DPI engines resilient to algorithmic complexity attacks[J].IEEE ACM Transactions on Networking，2016，24（6）：3262-3275.
[11] 刘畅.面向特定网络流的深度报文检测技术研究[D].哈尔滨：哈尔滨工程大学，2017.
LIU C.Research on deep message detection technology for specific network flow[D].Harbin：Harbin Engineering University，2017.
[12] 张家颖，杨文军.基于深度学习的网络流量分类识别研究[J].天津理工大学学报，2019，35（6）：35-40.
ZHANG J Y，YANG W J.Research on network traffic classification and recognition based on deep learning[J].Journal of Tianjin University of Technology，2019，35（6）：35-40.
[13] WANG W，ZENG X，YE X，et al.Malware traffic classification using convolution neural ntework for representation learning[C]//Proceedings of the 31st International Conference on Information Networking，2017：712-717.
[14] LASHKARI A H，DRAPER-GIL G，MAMUN M S I，et al.Charac-terization of encrypted and VPN traffic using time-related features[C]//Proceedings of the International Conference on Information Systems Security and Privacy，2016：94-98.
[15] 刘金来.深度学习模型在网络流量分类中的应用研究[D].哈尔滨：哈尔滨理工大学，2018.
LIU J L.Application of deep learning model in network traffic classification[D].Harbin：Harbin University of Science and Technology，2018.
[16] DRAPER-GIL G，LASHKARI A H，MAMUN M S I，et al.Characterization of encrypted and VPN traffic using time-related features[C]//Proceedings of the International Conference on Information Systems Security and Privacy，2016：407-414.
[17] GRIMAUDO L，MELLIA M，BARALIS E，et al.SeleCT：Self-learning classifier for internet traffic[J].IEEE Transactions on Network and Serivce Management，2014，11（2）：144-157.
[18] PEKTA? A，ACARMAN T.Deep learning to detect botnet via network flow summaries[J].Neural Computing and Applications，2019，31（11）：8021-8033.
[19] ORSOLIC I，PEVEC D，SUZNJEVIC M，et al.A machine learning approach to classifying YouTube QoE based on encrypted network traffic[J].Multimedia Tools and Applications，2017，76：22267-22301.
[20] PEKTA? A，ACARMAN T.Identification of application in encrypted traffic by using machine learning[C]//Proceedings of the International Conference on Man-Machine Interactions，2017：545-554.
[21] ACETO G，CIUONZO D，MONTIERI A，et al.MIMETIC：Mobile encrypted traffic classification using multimodal deep learning[J].Computer Networks，2019，165：445-458.
[22] 王伟.基于深度学习的网络流量分类及异常检测方法研究[D].合肥：中国科学技术大学，2018.
WANG W.Research on network traffic classification and anomaly detection method based on deep learning[D].Hefei：University of Science and Technology of China，2018.