基于深度学习的网络基线与加密流量分类技术

Network baseline and encrypted traffic classification technology based on deep learning

随着网络通信技术不断更新以及服务不断扩展增强,再加上不断增加的互联网设备、应用程序以及服务数量等,网络管理愈加复杂和严峻,同时网络安全事件的发生也更加频繁。网络正常状态下的特征分布通常与异常状态下的特征分布存在显著不同,因此通过构建安全流量基线可以发现网络异常。目前的基线模型大多依赖于人工设计规则,漏报率和误报率过高。引入深度学习技术,提出了一种基于LSTM(Long Short-Term Memory)的动态基线构建方法,同时融合了3个维度的流量特征。此外,由于异常访问和攻击通常被敌手进行加密传输,为保证系统安全运行,需要对加密流量进行细粒度分类,筛选出正常访问应用服务流量。因此,提出一种基于深度学习的加密流量分类技术,通过挖掘流量特征深层表征可实现加密流量的细粒度分类。

As network communication technology was continuously updated and services were constantly expanded and strengthened,along with the increasing number of internet devices,applications and services,network management became more complex and challenging.At the same time,the occurrence of network security incidents also became more frequent.The feature distribution under normal network conditions usually differed significantly from that under abnormal conditions,thus constructing a security traffic baseline could detect network anomalies.The baseline models at that time mostly relied on manually designed rules,which had high rates of false negatives and false positives.This paper introduced Deep learning technology was introduced,a dynamic baseline construction method based on LSTM was proposed,which also integrated traffic features from three dimensions.Moreover,because abnormal access and attacks were usually encrypted for transmission by adversaries,to ensure the safe operation of the system,it was necessary to classify encrypted traffic with fine granularity and filter out normal access application service traffic.Therefore,a deep learning-based encrypted traffic classification technology was proposed that could achieve fine-grained classification of encrypted traffic by mining deep representations of traffic features.