基于残差网络和循环神经网络混合模型的应用层协议识别方法

Application Layer Protocol Recognition Based on Residual Network and Recurrent Neural Network

针对现有协议识别方法无法有效提取协议数据的时间和空间特征导致协议识别准确率不高的问题,提出了一种基于一维残差网络和循环神经网络的应用层协议识别方法。所构造的协议识别模型由一维预激活残差网络(PreResNet)和双向门控循环神经网络(BiGRU)组成,利用一维PreResNet提取协议数据的空间特征,利用BiGRU提取协议数据的时间特征,在此基础上通过注意力机制提取与协议识别有关的关键特征来提高协议识别的准确率。所提方法首先从网络流量中提取应用层协议数据,对数据进行预处理,从而将其转化为一维向量;然后利用训练数据对分类模型进行训练,得到成熟的协议识别模型;最后用训练好的分类模型识别应用层协议。在公开数据集ISCX2012上进行测试实验,结果表明,所提协议识别模型的总体准确率为96.87%,平均F值为96.81%,高于对比的协议识别模型。

Existing protocol recognition methods cannot effectively extract the temporal and spatial characteristics of protocol data,which leads to low accuracy of protocol recognition.An application layer protocol recognition method based on one dimensional residual network and recurrent neural network is proposed.The proposed model consists of one dimensional preactivated residual network(PreResNet)and bidirectional gated recurrent neural network(BiGRU).The PreResNet is used to extract spatial characteristics of the protocol data,and the BiGRU is used to extract temporal characteristics of the protocol data.The attention mechanism is used to extract the key features related to protocol recognition to improve the accuracy of protocol recognition.The proposed method firstly extracts the application layer protocol data from network traffic,and the data is preprocessed and transformed into one dimensional vectors.Then the classification model is trained with the training data and a mature protocol recognition model is obtained.Finally,the trained classification model is used to identify the application layer protocols.Experimental results on public dataset ISCX2012 show that the proposed protocol recognition model has an overall accuracy of 96.87%and an average F value of 96.81%,which are higher than those of other protocol recognition models.