摘要
为实现网络流量的有效管控,提出一种基于安全套接层(SSL)协议交互字段与多输入最大化单输出隐马尔可夫模型(HMM)的加密应用并行识别方法.将来自客户端或者服务器的单向数据流SSL协议交互阶段的字段作为HMM模型的观测序列,并对所有待识别的加密应用建立HMM模型形成指纹库.在此基础上,利用前向算法计算未知观测序列被识别为HMM模型的概率,选取概率最大HMM模型所对应的加密应用作为识别结果.实验结果表明,与传统应用识别方法相比,该方法对典型加密应用具有更好的识别效果及鲁棒性.
For the management and control of network traffic,this paper proposes a parallel identification method for encrypted traffic based on the interaction fields of the Secure Socket Layer(SSL)protocol and Hidden Markov Model(HMM)with multiple inputs and a maximal single output.This method uses the fields at the interaction phase of the SSL protocol of the unidirectional data stream from the client or server as the observation sequence of a HMM,and forming a fingerprint database of HMM built for all to-be-identified encrypted applications.On this basis,the forward algorithm is used to calculate the probability of the unknown sequence being identified as HMM,and the application corresponding to the HMM with the highest probability is taken as the identification result.Experimental results show that the method has better identification performance and robustness for typical encrypted applications than traditional application identification methods.
作者
孙中军
翟江涛
SUN Zhongjun;ZHAI Jiangtao(School of Electronics and Information,Jiangsu University of Science and Technology,Zhenjiang,Jiangsu 212003,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2020年第4期151-156,共6页
Computer Engineering
基金
国家自然科学基金(61702235,61472188,61602247,U1636117)
江苏省自然科学基金(BK20150472,BK20160840)。
关键词
网络流量
加密流量
安全套接层协议
隐马尔可夫模型
应用识别
network traffic
encrypted traffic
Secure Socket Layer(SSL)protocol
Hidden Markov Model(HMM)
application identification
