摘要
SSLVPN流量常常被一些非法应用利用,来绕过防火墙等安全设施的检测。因此,对SSLVPN加密流量的有效识别对网络信息安全具有重要意义。针对此,提出了一种基于Bit级DPI和深度学习的SSLVPN加密流量识别方法,所提方法分为两个步骤:利用Bit级DPI指纹生成技术识别SSL流量,缩小识别范围;再利用基于注意力机制的改进的CNN网络流量识别模型识别SSLVPN流量。该方法不仅有效解决了传统SSL加密流量指纹识别方法存在的漏识别率较高的问题,同时改进后的深度学习模型能提取网络流量中具有非常显著性的细粒度的特征,从而更加有效地捕捉网络流量中存在的依赖性。实验结果表明,该方法较现有的模型对SSLVPN加密流量的识别效果提高了6%以上。
SSL VPN traffic is often used by some illegal applications using SSL VPN to bypass the detection of security facilities such as firewalls.Therefore,the effective identification of SSL VPN encrypted traffic is of great significance to network information security.In view of this,this paper proposes a SSL VPN encrypted traffic identification method based on bit-level DPI and deep learning.The proposed method is divided into two steps:bit-level DPI fingerprint generation technology to identify SSL traffic and narrow the identification range;an improved CNN network traffic identification model based on attention mechanism to identify SSL VPN traffic.The proposed method not only effectively solves the problem of high rate of missing recognition in the traditional SSL traffic fingerprint identification method,but also the improved deep learning model can extract the very significant fine-grained features in the network traffic,so as to more effectively capture the dependency existing in the network traffic.The experimental results show that the proposed method is more than 6%better than the existing model in the identification of SSL VPN encrypted traffic.
作者
王宇航
姜文刚
翟江涛
史正爽
WANG Yuhang;JIANG Wengang;ZHAI Jiangtao;SHI Zhengshuang(School of Electronic Information,Jiangsu University of Science and Technology,Zhenjiang,Jiangsu 212003,China;School of Intelligent Networks and Information Systems,Nanjing University of Information Science&Technology,Nanjing 210000,China;School of Informatics,University of Edinburgh,Edinburgh EH89YL,U K)
出处
《计算机工程与应用》
CSCD
北大核心
2022年第1期143-151,共9页
Computer Engineering and Applications
基金
国家自然科学基金(61702235)。
