摘要
IPSec VPN按照应用场景的不同可以分为闭合型网络和开放型网络,闭合型网络常用于定制虚拟专用网,而开放型网络代理是规避网络审计的常用手段,因此,IPSec VPN网络类型的识别分类对于网络监管具有重要意义。根据两种网络类型在业务复杂度上的区别,提出利用加密流量侧信道特征进行IPSec VPN闭合性检测的方法,提取IPSec加密流量帧长序列和隧道内TCP最大分片长度(Maximum Segment Size,MSS)的分布,引入信息熵来度量MSS值的分布情况,将MSS值信息熵和帧长序列的标准差作为特征向量,使用支持向量机和随机森林等机器学习算法进行训练和预测。实验结果表明,使用该分类方法进行闭合性检测的准确率超过了96%,可有效识别用于开放代理的VPN隧道。
IPSec VPN can be divided into closed networks and open networks according to different application scenarios.Closed networks are generally used to customize virtual private networks,and open network proxies are commonly used to avoid network auditing.Therefore,the identification and classification of IPSec VPN network types is of great significance for network supervision.According to the difference in traffic complexity between the two network types,a method for IPSec VPN closure detection using side-channel features of the encrypted traffic is proposed.The distribution of IPSec encrypted traffic frame length sequence and TCP maximum segment size in the tunnel is extracted,and information entropy is introduced to measure the distribution of MSS value.The information entropy of MSS value and the standard deviation of the frame length sequence are used as feature vectors.Machine Learning algorithms such as support vector machine and random forest are used for training and prediction.Experimental results indicate that the accuracy of closure detection using this classification method exceeds 96%and can effectively identify VPN tunnels used for open proxies.
作者
孙云霄
李军
王佰玲
SUN Yunxiao;LI Jun;WANG Bailing(School of Computer Science and Technology,Harbin Institute of Technology(Weihai),Weihai,Shandong 264209,China;Harbin Institute of Technology Research Institute of Cyberspace Security,Harbin 150001,China)
出处
《计算机科学》
CSCD
北大核心
2023年第10期308-314,共7页
Computer Science
基金
国家重点研发计划(2021YFB2012400)
国家自然科学基金(62272129)
中央高校基本科研业务费专项资金(HIT.NSRIF.2020098)。
