With the development of encryption technologies and the emergence of private protocols, the identification of encrypted traffic has become an important research area in the field of information security. Based on the research of existing encrypted traffic identification technologies, an encrypted traffic identification algorithm based on DPI (deep packet inspection) and load randomness is proposed in this paper. The proposed algorithm mainly contains three steps. First, the DPI is used to filter and identify network traffic rapidly. Second, for those payload which could not be recognized by the DPI, their information entropies are calculated and the error of π-value is computed by Monte Carlo simulation. Finally, the C4.5 decision tree classifier is input for classification evaluation. The method can not only overcome the limitation that DPI can't fully identify the encrypted traffic and private protocol in the protocol interaction phase, but also solve the mis-distinguish of encrypted traffic and compressed file traffic as employing information entropy independently. Experimental results show that the proposed method is much more effective on encrypted traffic than the existing methods. At the same time, the method is proved to have good robustness.
SUN Zhongjun, ZHAI Jiangtao, DAI Yuewei
. An Encrypted Traffic Identification Method Based on DPI and Load Randomness[J]. Journal of Applied Sciences, 2019
, 37(5)
: 711
-720
.
DOI: 10.3969/j.issn.0255-8297.2019.05.012
[1] Zhang Y, Pan X M, Liu Q Z, et al. APT attacks and defenses[J]. Journal of Tsinghua University, 2017, 57(11):1127-1133.
[2] 陈继磊,祁云嵩. 基于深度学习的入侵检测算法[J]. 江苏科技大学学报(自然科学版). 2017, 31(6):795-800. Chen J L, Qi Y S. Intrusion detection method based on deep learning[J]. Journal of Jiangsu University of Science & Technology, 2017, 31(6):795-800. (in Chinese)
[3] 潘吴斌,程光,郭晓军,等. 网络加密流量识别研究综述及展望[J]. 通信学报, 2016, 37(9):154-167. Pan W B, Cheng G, Guo X J, et al. Review and perspective on encrypted traffic identification research[J]. Journal on Communications, 2016, 37(9):154-167. (in Chinese)
[4] Moore A W, Papagiannaki K. Toward the accurate identification of network applications[C]//International Conference on Passive and Active Network Measurement, 2005:41-54.
[5] Pektas A, Acarman T. Identification of application in encrypted traffic by using Machine learning[C]//International Conference on Man-Machine interactions. Springer, 2017:545-554.
[6] Zhao B, Guo H, Liu Q R, et al. Protocol independent identification of encrypted traffic based on weighted cumulative sum test[J]. Journal of Software, 2013, 24(6):1334-1345.
[7] Shen M, Wei M W, Zhu L H, et al. Classification of encrypted traffic with second-order Markov chains and application attribute bigrams[J]. IEEE Tranlations on Information Forensics and Security, 2017, 12(8):1830-1843.
[8] 陈利,张利,班晓芳,等. 基于信息熵的加密会话检测方法[J]. 计算机科学, 2015, 42(2):142-174. Chen L, Zhang L, Ban X F, et al. Encrypted session detection approach based on information entropy[J]. Computer Science, 2015, 42(2):142-174. (in Chinese)
[9] Afek Y, Bremler-Barr A, Harchol Y, et al. Making DPI engines resilient to algorithmic complexity attacks[J]. IEEE ACM Transactions on Networking, 2016, 24(6):3262-3275.
[10] Huang J W. Development and design of traffic identification system based on DPI[J]. Electronic Design Engineering, 2017, 25(11):14-18.
[11] Bujlow T, Carela-español V, Barlet-Ros P. Independent comparison of popular DPI tools for traffic classification[J]. Computer Networks, 2015, 76:75-89.
[12] 刘畅. 面向特定网络流的深度报文检测技术研究[D]. 哈尔滨:哈尔滨工程大学,2017.
[13] 张玉冲,王松杰,李样. 基于信息熵的数据流加密判断算法[J]. 计算机与数字工程, 2014, 42(4):555-558. Zhang Y C, Wang S J, Li Y. Detection of encrypted data-flow based on entropy[J]. Computer & Digital Engineering, 2014, 42(4):555-558. (in Chinese)
[14] Cheng G, Chnen Y X. Identification method of encrypted traffic based on support vector machine[J]. Journal of Southeast University, 2017, 47(4):655-659.
[15] Nithya R A, Sujatha R. Decision tree classification for traffic congestion detection using data mining[J]. International Journal of Engineering & Techniques, 2018, 4(2):166-173.
[16] 刘从军,郭昌言,陈刚. 基于决策SVM的入侵检测技术研究[J]. 江苏科技大学学报(自然科学版), 2009, 23(5):434-437. Liu C J, Guo C Y, Chen G. Research on intrusion detection technology based on SVM-decision tree[J]. Journal of Jiangsu University of Science & Technology, 2009, 23(5):434-437. (in Chinese)
[17] Huang Y X, Li Y, Qiang B H. Internet traffic classification based on min-max ensemble feature selection[C]//International Joint Conference on Neural Networks, IEEE, 2016:3485-3492.
