基于深度学习的加密流量分类与入侵检测

A framework of Traffic Classification and Malicious Traffic Detection Based on Deep Learning

随着网络技术的飞速发展,各种各样的应用以及网络中的异常流量对网络安全和QoS不断带来巨大的威胁;因此,通过有效的技术手段,管理和控制网络中的各种业务流量,是当前网络运营中面临的主要挑战之一;传统的流量分类以及入侵检测技术依赖于复杂的特征提取甚至用户的隐私信息;由于互联网网络带宽的不断提高以及应用层协议越来越复杂,加密技术的不断发展,以及用户隐私问题越来越受重视等,现有的技术已经很难适应当今网络技术和应用的发展需求;近年来深度学习的广泛应用为流量分类领域提供了新的思路,在此基础上,我们利用卷积神经网络(Convolutional Neural Networks,CNN)、长短时记忆(Long Short Term Memory,LSTM)和堆栈自编码(Stacked Auto Encoder,SAE)三种深度学习算法构建了一个能够对网络特征进行自主选择的流量分类架构,并且无需依赖用户的隐私信息;实验结果表明,该流量分类架构与现有基于传统机器学习的流量分类方法相比,其分类精度和F1_Score分别有13.8%和14.3%的改善,而且对存储资源的需求也大大降低。

With the rapid development of network technology,the number of applications running on the network has increased dramatically in terms of quantity and variety.And the abnormal traffic on the network poses a huge threat to network security and QoS.Hence,managing and controlling various traffic in the network through effective technical measures is an important challenge in current network operations.Previously,traffic classification and intrusion detection require a burdensome analyzing of traffic features and attack-related characteristics by experts,even private information might be required.However,due to the outdated features labeling and privacy protocols,existing approaches may not fit with the characteristics of the changing network environment anymore.In recent years,the extensive application of deep learning has provided new ideas for traffic classification.On this basis,we use Convolutional Neural Networks(CNN),Long Short Term Memory(LSTM)and Stacked Auto Encoder(SAE)to construct a traffic classification architecture that can select the network features autonomously,without relying on the user\s private information.The experimental results show that compared with the existing machine learning-based traffic classification method,the traffic classification architecture has 13.8%and 14.3%improvement in classification accuracy and F1_Score,respectively,and the demand for storage resources is greatly reduced.