Encrypted traffic classification based on packet length distribution of sampling sequence

Chang-xi GAO; Ya-biao WU; Cong WANG

doi:10.11959/j.issn.1000-436x.2015171

您当前的位置：

首页 >

文章列表页 >

Encrypted traffic classification based on packet length distribution of sampling sequence

academic paper | 更新时间：2024-06-05

- Encrypted traffic classification based on packet length distribution of sampling sequence
- Journal on Communications Vol. 36, Issue 9, Pages: 65-75(2015)
- 作者机构：
  
  1. 北京邮电大学博士后流动站，北京 100876
  2. 北京天融信公司企业博士后工作站，北京 100085
- 作者简介：
- 基金信息：
  
  Enterprise Postdoctoral Research Support Program of Zhongguancun Haidian Science Park(2012RC);Beijing Municipal Postdoctoral Research Support Program(2013ZZ-54)
- DOI：10.11959/j.issn.1000-436x.2015171
  CLC： TP393.08
- Online First：2015-09，
  
  Published：25 September 2015
- 稿件说明：
移动端阅览
Chang-xi GAO, Ya-biao WU, Cong WANG. Encrypted traffic classification based on packet length distribution of sampling sequence[J]. Journal on Communications, 2015, 36(9): 65-75.
DOI：

Chang-xi GAO, Ya-biao WU, Cong WANG. Encrypted traffic classification based on packet length distribution of sampling sequence[J]. Journal on Communications, 2015, 36(9): 65-75. DOI： 10.11959/j.issn.1000-436x.2015171.

摘要

基于确定性抽样数据分组序列的位置、方向、分组长度和连续性、有序性等流统计特征和典型的分组长度统计签名，并结合带数据分组位置、方向约束和半流关联动作的提升型DPI，提出了一种基于假设检验的加密流量应用识别统计决策模型，包括分组长度统计签名决策模型和DFI决策模型，并给出了相应的分组长度统计签名匹配算法以及基于DPI和DFI混合方法的加密流量应用识别算法。实验结果表明，该方法能够成功捕获加密应用在流坐标空间中独特的统计流量行为，并同时具有极高的加密识别精确率、召回率、总体准确率和极低的加密识别误报率、总体误报率。

Abstract

A hypothesis testing-based statistical decision model (HTSDM) for application identification of encrypted traf-fic was presented.HTSDM was based on packet length distribution of deterministic sampling sequence at flow level

which was characterized by packet positions

packet directions

packet sizes

packet arrival continuity and packet arrival order.HTSDM boosted deep packet inspection (DPI) by introducing constraints of packet position and direction as well as inter-flow correlation action.A hybrid method of encrypted traffic classification combining DPI and dynamic flow in-spection (DFI) was proposed based on HTSDM.Experiment results show that this method can effectively identify the unique statistical traffic behavior of encrypted application in flow coordinate space

and achieve high precision

recall and overall accuracy while keeping low false positive rate (FPR) and overall FPR.

关键词

Keywords

references

GOMES J V , INÁCIO P R M , PEREIRA M , et al . Detection and classification of peer-to-peer traffic:a survey [J ] . ACM Computing Surveys , 2013 , 45 ( 3 ): 1 - 40 .

MOORE A , ZUEV D , CROGAN M . Discriminators for use in flow-based classification [R ] . Technical Report RR-05-13,ISSN 1470-5559,University of London , 2005 .

HJELMVIK E , JOHN W . Breaking and improving protocol obfusca-tion [R ] . Technical Report No.2010-05,ISSN 1652-926X,Chalmers University of Technology , 2010 .

LU C N , HUANG C Y , LIN Y D , et al . Session level flow classifica-tion by packet size distribution and session grouping [J ] . Computer Networks , 2012 , 56 ( 1 ): 260 - 272 .

BAR-YANAI R , LANGBERG M , PELEG D , RODITTY L . Realtime classification for encrypted traffic [A ] . Proceedings of 9th International Symposium on Experimental Algorithms (SEA 2010) [C ] . 2010 . 373 - 385 .

ALSHAMMARI R , ZINCIR-HEYWOOD A N . Machine learning based encrypted traffic classification:identifying SSH and skype [A ] . Proceedings of the 2009 IEEE Symposium on Computation Intelli-gence in Security and Defense Applications (CISDA 2009) [C ] . Ottawa , 2009 . 1 - 8 .

DUSI M , ESTE A , GRINGOLI F , SALGARELLI L . Using GMM and SVM-based techniques for the classification of SSH-encrypted traffic [A ] . Proceedings of the 44th IEEE International Conference on Com-munication(ICC' 09) [C ] . Dresden , 2009 . 1 - 6 .

NGUYEN T , ARMITAGE G . A survey of techniques for internet traf-fic classification using machine learning [J ] . IEEE Communications Surveys &Tutorials , 2008 , 10 ( 4 ): 56 - 76 .

CROTTI M , GRINGOLI F , SALGARELLI L . Impact of asymmetric routing on statistical traffic classification [A ] . Proceedings of the 7th IEEE Global Communications Conference (GLOBECOMM 2009) [C ] . Honolulu , 2009 . 1 - 8 .

Views

2149

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Encrypted traffic classification method based on parallel traffic graph and graph neural network

Survey of research on encrypted traffic classification based on machine learning

Novel NFA engine construction method of regular expressions

Deep packet inspection oriented high speed packet parsing architecture

Adaptive extraction method of network application signatures

Related Author

An Yishuai

Yu Yihan

FU Yu

Liu Taotao

WANG Kun

LIU Taotao

Yang XIN

Tao WANG

Related Institution

Department of Information Security, Naval University of Engineering

Department of Operational Operations and Planning, Naval University of Engineering

School of Mathematics and Information Engineering, Xinyang Vocational and Technical College

School of Computer and Communication Engineering,Northeastern University at Qinhuangdao

College of Information Science and Engineering,Northeastern University

AI问答

⁰