摘要
文中提出了一种混合方法,将指纹识别与机器学习方法相结合,实现了IPSec VPN加密流量的识别。该方法首先基于负载特征从网络流量中筛选出IPSec VPN流量;接着,基于时间相关的流特征,利用随机森林算法建立了IPSec VPN流量分类模型,通过参数优化以及特征选择,整体流量识别的准确率达到了93%。实验结果验证了通过流特征提取的机器学习方法识别IPSec VPN流量的可行性;同时表明了该方法能够有效均衡识别精度与识别速度,达到了高效识别IPSec VPN加密流量的效果。
This paper proposes a hybrid method,which combines fingerprint identification with machine learning method to rea-lize the identification of IPSec VPN encrypted traffic.Firstly,the method selects the IPSec VPN traffic from the network traffic based on the load characteristics.Secondly,based on the time-related flow features,it uses the random forest algorithm to establish the IPSec VPN traffic classification model.Through parameter optimization and feature selection,the overall traffic identification accuracy reaches 93%.The experimental results verify the feasibility of identifying IPSec VPN traffic by machine learning method based on time-related flow features.At the same time,the experimental results show that the proposed method can effectively balance the recognition accuracy and recognition speed,and achieve the effect of efficient identification of IPSec VPN encrypted traffic.
作者
周益旻
刘方正
王勇
ZHOU Yi-min;LIU Fang-zheng;WANG Yong(College of Electromagnetic Countermeasure,National University of Defense Technology,Hefei 230037,China;Anhui Key Laboratory of Cyberspace Security Situation Awareness and Evaluation,Hefei 230037,China)
出处
《计算机科学》
CSCD
北大核心
2021年第4期295-302,共8页
Computer Science
基金
国家自然科学基金(6167454)。
关键词
IPSec
VPN
加密流量识别
随机森林
时间相关流特征
参数优化
IPSec VPN
Encrypted traffic identification
Random forest
Time-related flow features
Parameter optimization