期刊文献+
共找到197篇文章
< 1 2 10 >
每页显示 20 50 100
Anomaly Detection in Imbalanced Encrypted Traffic with Few Packet Metadata-Based Feature Extraction
1
作者 Min-Gyu Kim Hwankuk Kim 《Computer Modeling in Engineering & Sciences》 SCIE EI 2024年第10期585-607,共23页
In the IoT(Internet of Things)domain,the increased use of encryption protocols such as SSL/TLS,VPN(Virtual Private Network),and Tor has led to a rise in attacks leveraging encrypted traffic.While research on anomaly d... In the IoT(Internet of Things)domain,the increased use of encryption protocols such as SSL/TLS,VPN(Virtual Private Network),and Tor has led to a rise in attacks leveraging encrypted traffic.While research on anomaly detection using AI(Artificial Intelligence)is actively progressing,the encrypted nature of the data poses challenges for labeling,resulting in data imbalance and biased feature extraction toward specific nodes.This study proposes a reconstruction error-based anomaly detection method using an autoencoder(AE)that utilizes packet metadata excluding specific node information.The proposed method omits biased packet metadata such as IP and Port and trains the detection model using only normal data,leveraging a small amount of packet metadata.This makes it well-suited for direct application in IoT environments due to its low resource consumption.In experiments comparing feature extraction methods for AE-based anomaly detection,we found that using flowbased features significantly improves accuracy,precision,F1 score,and AUC(Area Under the Receiver Operating Characteristic Curve)score compared to packet-based features.Additionally,for flow-based features,the proposed method showed a 30.17%increase in F1 score and improved false positive rates compared to Isolation Forest and OneClassSVM.Furthermore,the proposedmethod demonstrated a 32.43%higherAUCwhen using packet features and a 111.39%higher AUC when using flow features,compared to previously proposed oversampling methods.This study highlights the impact of feature extraction methods on attack detection in imbalanced,encrypted traffic environments and emphasizes that the one-class method using AE is more effective for attack detection and reducing false positives compared to traditional oversampling methods. 展开更多
关键词 One-class anomaly detection feature extraction auto-encoder encrypted traffic CICIoT2023
下载PDF
Combo Packet:An Encryption Traffic Classification Method Based on Contextual Information
2
作者 Yuancong Chai Yuefei Zhu +1 位作者 Wei Lin Ding Li 《Computers, Materials & Continua》 SCIE EI 2024年第4期1223-1243,共21页
With the increasing proportion of encrypted traffic in cyberspace, the classification of encrypted traffic has becomea core key technology in network supervision. In recent years, many different solutions have emerged... With the increasing proportion of encrypted traffic in cyberspace, the classification of encrypted traffic has becomea core key technology in network supervision. In recent years, many different solutions have emerged in this field.Most methods identify and classify traffic by extracting spatiotemporal characteristics of data flows or byte-levelfeatures of packets. However, due to changes in data transmission mediums, such as fiber optics and satellites,temporal features can exhibit significant variations due to changes in communication links and transmissionquality. Additionally, partial spatial features can change due to reasons like data reordering and retransmission.Faced with these challenges, identifying encrypted traffic solely based on packet byte-level features is significantlydifficult. To address this, we propose a universal packet-level encrypted traffic identification method, ComboPacket. This method utilizes convolutional neural networks to extract deep features of the current packet andits contextual information and employs spatial and channel attention mechanisms to select and locate effectivefeatures. Experimental data shows that Combo Packet can effectively distinguish between encrypted traffic servicecategories (e.g., File Transfer Protocol, FTP, and Peer-to-Peer, P2P) and encrypted traffic application categories (e.g.,BitTorrent and Skype). Validated on the ISCX VPN-non VPN dataset, it achieves classification accuracies of 97.0%and 97.1% for service and application categories, respectively. It also provides shorter training times and higherrecognition speeds. The performance and recognition capabilities of Combo Packet are significantly superior tothe existing classification methods mentioned. 展开更多
关键词 encrypted traffic classification packet-level convolutional neural network attention mechanisms
下载PDF
Encrypted Cyberattack Detection System over Encrypted IoT Traffic Based onStatistical Intelligence
3
作者 Il Hwan Ji Ju Hyeon Lee +1 位作者 Seungho Jeon Jung Taek Seo 《Computer Modeling in Engineering & Sciences》 SCIE EI 2024年第11期1519-1549,共31页
In the early days of IoT’s introduction, it was challenging to introduce encryption communication due to the lackof performance of each component, such as computing resources like CPUs and batteries, to encrypt and d... In the early days of IoT’s introduction, it was challenging to introduce encryption communication due to the lackof performance of each component, such as computing resources like CPUs and batteries, to encrypt and decryptdata. Because IoT is applied and utilized in many important fields, a cyberattack on IoT can result in astronomicalfinancial and human casualties. For this reason, the application of encrypted communication to IoT has beenrequired, and the application of encrypted communication to IoT has become possible due to improvements inthe computing performance of IoT devices and the development of lightweight cryptography. The applicationof encrypted communication in IoT has made it possible to use encrypted communication channels to launchcyberattacks. The approach of extracting evidence of an attack based on the primary information of a networkpacket is no longer valid because critical information, such as the payload in a network packet, is encrypted byencrypted communication. For this reason, technology that can detect cyberattacks over encrypted network trafficoccurring in IoT environments is required. Therefore, this research proposes an encrypted cyberattack detectionsystem for the IoT (ECDS-IoT) that derives valid features for cyberattack detection from the cryptographic networktraffic generated in the IoT environment and performs cyberattack detection based on the derived features. ECDSIoT identifies identifiable information from encrypted traffic collected in IoT environments and extracts statisticsbased features through statistical analysis of identifiable information. ECDS-IoT understands information aboutnormal data by learning only statistical features extracted from normal data. ECDS-IoT detects cyberattacks basedonly on the normal data information it has trained. To evaluate the cyberattack detection performance of theproposed ECDS-IoT in this research, ECDS-IoT used CICIoT2023, a dataset containing encrypted traffic generatedby normal and seven categories of cyberattacks in the IoT environment and experimented with cyberattackdetection on encrypted traffic using Autoencoder, RNN, GRU, LSTM, BiLSTM, and AE-LSTM algorithms. Asa result of evaluating the performance of cyberattack detection for encrypted traffic, ECDS-IoT achieved highperformance such as accuracy 0.99739, precision 0.99154, recall 1.0, F1 score 0.99575, and ROC_AUC 0.99822when using the AE-LSTM algorithm. As shown by the cyberattack detection results of ECDS-IoT, it is possibleto detect most cyberattacks through encrypted traffic. By applying ECDS-IoT to IoT, it can effectively detectcyberattacks concealed in encrypted traffic, promoting the efficient operation of IoT and preventing financial andhuman damage caused by cyberattacks. 展开更多
关键词 IoT cybersecurity IoT encrypted traffic IoT cyberattack detection
下载PDF
HGNN-ETC: Higher-Order Graph Neural Network Based on Chronological Relationships for Encrypted Traffic Classification
4
作者 Rongwei Yu Xiya Guo +1 位作者 Peihao Zhang Kaijuan Zhang 《Computers, Materials & Continua》 SCIE EI 2024年第11期2643-2664,共22页
Encrypted traffic plays a crucial role in safeguarding network security and user privacy.However,encrypting malicious traffic can lead to numerous security issues,making the effective classification of encrypted traff... Encrypted traffic plays a crucial role in safeguarding network security and user privacy.However,encrypting malicious traffic can lead to numerous security issues,making the effective classification of encrypted traffic essential.Existing methods for detecting encrypted traffic face two significant challenges.First,relying solely on the original byte information for classification fails to leverage the rich temporal relationships within network traffic.Second,machine learning and convolutional neural network methods lack sufficient network expression capabilities,hindering the full exploration of traffic’s potential characteristics.To address these limitations,this study introduces a traffic classification method that utilizes time relationships and a higher-order graph neural network,termed HGNN-ETC.This approach fully exploits the original byte information and chronological relationships of traffic packets,transforming traffic data into a graph structure to provide the model with more comprehensive context information.HGNN-ETC employs an innovative k-dimensional graph neural network to effectively capture the multi-scale structural features of traffic graphs,enabling more accurate classification.We select the ISCXVPN and the USTC-TK2016 dataset for our experiments.The results show that compared with other state-of-the-art methods,our method can obtain a better classification effect on different datasets,and the accuracy rate is about 97.00%.In addition,by analyzing the impact of varying input specifications on classification performance,we determine the optimal network data truncation strategy and confirm the model’s excellent generalization ability on different datasets. 展开更多
关键词 encrypted network traffic graph neural network traffic classification deep learning
下载PDF
BSTFNet:An Encrypted Malicious Traffic Classification Method Integrating Global Semantic and Spatiotemporal Features
5
作者 Hong Huang Xingxing Zhang +2 位作者 Ye Lu Ze Li Shaohua Zhou 《Computers, Materials & Continua》 SCIE EI 2024年第3期3929-3951,共23页
While encryption technology safeguards the security of network communications,malicious traffic also uses encryption protocols to obscure its malicious behavior.To address the issues of traditional machine learning me... While encryption technology safeguards the security of network communications,malicious traffic also uses encryption protocols to obscure its malicious behavior.To address the issues of traditional machine learning methods relying on expert experience and the insufficient representation capabilities of existing deep learning methods for encrypted malicious traffic,we propose an encrypted malicious traffic classification method that integrates global semantic features with local spatiotemporal features,called BERT-based Spatio-Temporal Features Network(BSTFNet).At the packet-level granularity,the model captures the global semantic features of packets through the attention mechanism of the Bidirectional Encoder Representations from Transformers(BERT)model.At the byte-level granularity,we initially employ the Bidirectional Gated Recurrent Unit(BiGRU)model to extract temporal features from bytes,followed by the utilization of the Text Convolutional Neural Network(TextCNN)model with multi-sized convolution kernels to extract local multi-receptive field spatial features.The fusion of features from both granularities serves as the ultimate multidimensional representation of malicious traffic.Our approach achieves accuracy and F1-score of 99.39%and 99.40%,respectively,on the publicly available USTC-TFC2016 dataset,and effectively reduces sample confusion within the Neris and Virut categories.The experimental results demonstrate that our method has outstanding representation and classification capabilities for encrypted malicious traffic. 展开更多
关键词 encrypted malicious traffic classification bidirectional encoder representations from transformers text convolutional neural network bidirectional gated recurrent unit
下载PDF
GraphCWGAN-GP:A Novel Data Augmenting Approach for Imbalanced Encrypted Traffic Classification 被引量:1
6
作者 Jiangtao Zhai Peng Lin +2 位作者 Yongfu Cui Lilong Xu Ming Liu 《Computer Modeling in Engineering & Sciences》 SCIE EI 2023年第8期2069-2092,共24页
Encrypted traffic classification has become a hot issue in network security research.The class imbalance problem of traffic samples often causes the deterioration of Machine Learning based classifier performance.Altho... Encrypted traffic classification has become a hot issue in network security research.The class imbalance problem of traffic samples often causes the deterioration of Machine Learning based classifier performance.Although the Generative Adversarial Network(GAN)method can generate new samples by learning the feature distribution of the original samples,it is confronted with the problems of unstable training andmode collapse.To this end,a novel data augmenting approach called Graph CWGAN-GP is proposed in this paper.The traffic data is first converted into grayscale images as the input for the proposed model.Then,the minority class data is augmented with our proposed model,which is built by introducing conditional constraints and a new distance metric in typical GAN.Finally,the classical deep learning model is adopted as a classifier to classify datasets augmented by the Condition GAN(CGAN),Wasserstein GAN-Gradient Penalty(WGAN-GP)and Graph CWGAN-GP,respectively.Compared with the state-of-the-art GAN methods,the Graph CWGAN-GP cannot only control the modes of the data to be generated,but also overcome the problem of unstable training and generate more realistic and diverse samples.The experimental results show that the classification precision,recall and F1-Score of theminority class in the balanced dataset augmented in this paper have improved by more than 2.37%,3.39% and 4.57%,respectively. 展开更多
关键词 Generative Adversarial Network imbalanced traffic data data augmenting encrypted traffic classification
下载PDF
MTC: A Multi-Task Model for Encrypted Network Traffic Classification Based on Transformer and 1D-CNN 被引量:1
7
作者 Kaiyue Wang Jian Gao Xinyan Lei 《Intelligent Automation & Soft Computing》 SCIE 2023年第7期619-638,共20页
Traffic characterization(e.g.,chat,video)and application identifi-cation(e.g.,FTP,Facebook)are two of the more crucial jobs in encrypted network traffic classification.These two activities are typically carried out se... Traffic characterization(e.g.,chat,video)and application identifi-cation(e.g.,FTP,Facebook)are two of the more crucial jobs in encrypted network traffic classification.These two activities are typically carried out separately by existing systems using separate models,significantly adding to the difficulty of network administration.Convolutional Neural Network(CNN)and Transformer are deep learning-based approaches for network traf-fic classification.CNN is good at extracting local features while ignoring long-distance information from the network traffic sequence,and Transformer can capture long-distance feature dependencies while ignoring local details.Based on these characteristics,a multi-task learning model that combines Transformer and 1D-CNN for encrypted traffic classification is proposed(MTC).In order to make up for the Transformer’s lack of local detail feature extraction capability and the 1D-CNN’s shortcoming of ignoring long-distance correlation information when processing traffic sequences,the model uses a parallel structure to fuse the features generated by the Transformer block and the 1D-CNN block with each other using a feature fusion block.This structure improved the representation of traffic features by both blocks and allows the model to perform well with both long and short length sequences.The model simultaneously handles multiple tasks,which lowers the cost of training.Experiments reveal that on the ISCX VPN-nonVPN dataset,the model achieves an average F1 score of 98.25%and an average recall of 98.30%for the task of identifying applications,and an average F1 score of 97.94%,and an average recall of 97.54%for the task of traffic characterization.When advanced models on the same dataset are chosen for comparison,the model produces the best results.To prove the generalization,we applied MTC to CICIDS2017 dataset,and our model also achieved good results. 展开更多
关键词 encrypted traffic classification multi-task learning feature fusion TRANSFORMER 1D-CNN
下载PDF
Classified VPN Network Traffic Flow Using Time Related to Artificial Neural Network
8
作者 Saad Abdalla Agaili Mohamed Sefer Kurnaz 《Computers, Materials & Continua》 SCIE EI 2024年第7期819-841,共23页
VPNs are vital for safeguarding communication routes in the continually changing cybersecurity world.However,increasing network attack complexity and variety require increasingly advanced algorithms to recognize and c... VPNs are vital for safeguarding communication routes in the continually changing cybersecurity world.However,increasing network attack complexity and variety require increasingly advanced algorithms to recognize and categorizeVPNnetwork data.We present a novelVPNnetwork traffic flowclassificationmethod utilizing Artificial Neural Networks(ANN).This paper aims to provide a reliable system that can identify a virtual private network(VPN)traffic fromintrusion attempts,data exfiltration,and denial-of-service assaults.We compile a broad dataset of labeled VPN traffic flows from various apps and usage patterns.Next,we create an ANN architecture that can handle encrypted communication and distinguish benign from dangerous actions.To effectively process and categorize encrypted packets,the neural network model has input,hidden,and output layers.We use advanced feature extraction approaches to improve the ANN’s classification accuracy by leveraging network traffic’s statistical and behavioral properties.We also use cutting-edge optimizationmethods to optimize network characteristics and performance.The suggested ANN-based categorization method is extensively tested and analyzed.Results show the model effectively classifies VPN traffic types.We also show that our ANN-based technique outperforms other approaches in precision,recall,and F1-score with 98.79%accuracy.This study improves VPN security and protects against new cyberthreats.Classifying VPNtraffic flows effectively helps enterprises protect sensitive data,maintain network integrity,and respond quickly to security problems.This study advances network security and lays the groundwork for ANN-based cybersecurity solutions. 展开更多
关键词 VPN network traffic flow ANN classification intrusion detection data exfiltration encrypted traffic feature extraction network security
下载PDF
Detecting Encrypted Botnet Traffic Using Spatial-Temporal Correlation 被引量:3
9
作者 Chen Wei Yu Le Yang Geng 《China Communications》 SCIE CSCD 2012年第10期49-59,共11页
In this paper, we to detect encrypted botnet propose a novel method traffic. During the traffic preprocessing stage, the proposed payload extraction method can identify a large amount of encrypted applications traffic... In this paper, we to detect encrypted botnet propose a novel method traffic. During the traffic preprocessing stage, the proposed payload extraction method can identify a large amount of encrypted applications traffic. It can filter out a large amount of non-malicious traffic, greatly in, roving the detection efficiency. A Sequential Probability Ratio Test (SPRT)-based method can find spatialtemporal correlations in suspicious botnet traffic and make an accurate judgment. Experimental resuks show that the false positive and false nega- tive rates can be controlled within a certain range. 展开更多
关键词 BOTNET encrypted traffic spatial-tenmporal correlation
下载PDF
Length matters:Scalable fast encrypted internet traffic service classification based on multiple protocol data unit length sequence with composite deep learning 被引量:2
10
作者 Zihan Chen Guang Cheng +3 位作者 Ziheng Xu Shuyi Guo Yuyang Zhou Yuyu Zhao 《Digital Communications and Networks》 SCIE CSCD 2022年第3期289-302,共14页
As an essential function of encrypted Internet traffic analysis,encrypted traffic service classification can support both coarse-grained network service traffic management and security supervision.However,the traditio... As an essential function of encrypted Internet traffic analysis,encrypted traffic service classification can support both coarse-grained network service traffic management and security supervision.However,the traditional plaintext-based Deep Packet Inspection(DPI)method cannot be applied to such a classification.Moreover,machine learning-based existing methods encounter two problems during feature selection:complex feature overcost processing and Transport Layer Security(TLS)version discrepancy.In this paper,we consider differences between encryption network protocol stacks and propose a composite deep learning-based method in multiprotocol environments using a sliding multiple Protocol Data Unit(multiPDU)length sequence as features by fully utilizing the Markov property in a multiPDU length sequence and maintaining suitability with a TLS-1.3 environment.Control experiments show that both Length-Sensitive(LS)composite deep learning model using a capsule neural network and LS-long short time memory achieve satisfactory effectiveness in F1-score and performance.Owing to faster feature extraction,our method is suitable for actual network environments and superior to state-of-the-art methods. 展开更多
关键词 encrypted internet traffic encrypted traffic service classification Multi PDU length sequence Length sensitive composite deep learning TLS-1.3
下载PDF
Semisupervised Encrypted Traffic Identification Based on Auxiliary Classification Generative Adversarial Network 被引量:1
11
作者 Jiaming Mao Mingming Zhang +5 位作者 Mu Chen Lu Chen Fei Xia Lei Fan ZiXuan Wang Wenbing Zhao 《Computer Systems Science & Engineering》 SCIE EI 2021年第12期373-390,共18页
The rapidly increasing popularity of mobile devices has changed the methods with which people access various network services and increased net-work traffic markedly.Over the past few decades,network traffic identific... The rapidly increasing popularity of mobile devices has changed the methods with which people access various network services and increased net-work traffic markedly.Over the past few decades,network traffic identification has been a research hotspot in the field of network management and security mon-itoring.However,as more network services use encryption technology,network traffic identification faces many challenges.Although classic machine learning methods can solve many problems that cannot be solved by port-and payload-based methods,manually extract features that are frequently updated is time-consuming and labor-intensive.Deep learning has good automatic feature learning capabilities and is an ideal method for network traffic identification,particularly encrypted traffic identification;Existing recognition methods based on deep learning primarily use supervised learning methods and rely on many labeled samples.However,in real scenarios,labeled samples are often difficult to obtain.This paper adjusts the structure of the auxiliary classification generation adversarial network(ACGAN)so that it can use unlabeled samples for training,and use the wasserstein distance instead of the original cross entropy as the loss function to achieve semisupervised learning.Experimental results show that the identification accuracy of ISCX and USTC data sets using the proposed method yields markedly better performance when the number of labeled samples is small compared to that of convolutional neural network(CNN)based classifier. 展开更多
关键词 encrypted traffic recognition deep learning generative adversarial network traffic classification semisupervised learning
下载PDF
Payload Encoding Representation from Transformer for Encrypted Traffic Classification
12
作者 HE Hongye YANG Zhiguo CHEN Xiangning 《ZTE Communications》 2021年第4期90-97,共8页
Traffic identification becomes more important,yet more challenging as related encryption techniques are rapidly developing nowadays.Unlike recent deep learning methods that apply image processing to solve such encrypt... Traffic identification becomes more important,yet more challenging as related encryption techniques are rapidly developing nowadays.Unlike recent deep learning methods that apply image processing to solve such encrypted traffic problems,in this pa⁃per,we propose a method named Payload Encoding Representation from Transformer(PERT)to perform automatic traffic feature extraction using a state-of-the-art dynamic word embedding technique.By implementing traffic classification experiments on a pub⁃lic encrypted traffic data set and our captured Android HTTPS traffic,we prove the pro⁃posed method can achieve an obvious better effectiveness than other compared baselines.To the best of our knowledge,this is the first time the encrypted traffic classification with the dynamic word embedding has been addressed. 展开更多
关键词 traffic identification encrypted traffic classification natural language process⁃ing deep learning dynamic word embedding
下载PDF
Dark-Forest:Analysis on the Behavior of Dark Web Traffic via DeepForest and PSO Algorithm
13
作者 Xin Tong Changlin Zhang +2 位作者 Jingya Wang Zhiyan Zhao Zhuoxian Liu 《Computer Modeling in Engineering & Sciences》 SCIE EI 2023年第4期561-581,共21页
The dark web is a shadow area hidden in the depths of the Internet,which is difficult to access through common search engines.Because of its anonymity,the dark web has gradually become a hotbed for a variety of cyber-... The dark web is a shadow area hidden in the depths of the Internet,which is difficult to access through common search engines.Because of its anonymity,the dark web has gradually become a hotbed for a variety of cyber-crimes.Although some research based on machine learning or deep learning has been shown to be effective in the task of analyzing dark web traffic in recent years,there are still pain points such as low accuracy,insufficient real-time performance,and limited application scenarios.Aiming at the difficulties faced by the existing automated dark web traffic analysis methods,a novel method named Dark-Forest to analyze the behavior of dark web traffic is proposed.In this method,firstly,particle swarm optimization algorithm is used to filter the redundant features of dark web traffic data,which can effectively shorten the training and inference time of the model to meet the realtime requirements of dark web detection task.Then,the selected features of traffic are analyzed and classified using the DeepForest model as a backbone classifier.The comparison experiment with the current mainstream methods shows that Dark-Forest takes into account the advantages of statistical machine learning and deep learning,and achieves an accuracy rate of 87.84%.This method not only outperforms baseline methods such as Random Forest,MLP,CNN,and the original DeepForest in both large-scale and small-scale dataset based learning tasks,but also can detect normal network traffic,tunnel network traffic and anonymous network traffic,which may close the gap between different network traffic analysis tasks.Thus,it has a wider application scenario and higher practical value. 展开更多
关键词 Dark web encrypted traffic deep forest particle swarm optimization
下载PDF
双分支多阶段时空特征融合的加密流量分类方法
14
作者 陶洋 杜黎明 申婷婷 《小型微型计算机系统》 CSCD 北大核心 2024年第6期1489-1495,共7页
针对当前加密流量识别分类研究对时空特征提取不充分以及网络架构引起特征信息损失的情况,该文提出了一种基于双分支多阶段时空特征融合(DBMS-SFF)的加密流量识别分类方法.本方法聚焦于加密流量的“字节-数据包-会话流”层次结构特点,... 针对当前加密流量识别分类研究对时空特征提取不充分以及网络架构引起特征信息损失的情况,该文提出了一种基于双分支多阶段时空特征融合(DBMS-SFF)的加密流量识别分类方法.本方法聚焦于加密流量的“字节-数据包-会话流”层次结构特点,设计两个并行的网络分支进行特征提取,分支一采用门控循环神经网络(GRU)及其变种BiGRU分别提取数据包内部相邻字节、相邻数据包之间的时序特征,并在此基础上利用多头注意力机制赋予关键特征更大的权重.分支二使用异于常规感受野的方式,利用不规则大小卷积核组成的多尺度卷积神经网络(CNN)作用于流的“字节-数据包”两个阶段对空间信息进行表征.在公开数据集上ISCXVPN-nonVPN2016实验表明,本方法的模型总体准确率为97.6%,平均F1得分值97.5%,均显著高于对比的模型. 展开更多
关键词 深度学习 加密流量 门控循环神经网络 分类识别 注意力机制
下载PDF
基于注意力时间卷积网络的加密流量分类
15
作者 金彦亮 陈彦韬 +1 位作者 高塬 周嘉豪 《应用科学学报》 CAS CSCD 北大核心 2024年第4期659-672,共14页
针对目前大多数加密流量分类方法忽略了流量的时序特性和所用模型的效率等问题,提出了一种基于注意力时间卷积网络(attention temporal convolutional network,ATCN)的高效分类方法。该方法首先将流量的内容信息与时序信息共同嵌入模型... 针对目前大多数加密流量分类方法忽略了流量的时序特性和所用模型的效率等问题,提出了一种基于注意力时间卷积网络(attention temporal convolutional network,ATCN)的高效分类方法。该方法首先将流量的内容信息与时序信息共同嵌入模型,增强加密流量的表征;然后利用时间卷积网络并行捕获有效特征以增加训练速度;最后引入注意力机制建立动态特征汇聚,实现模型参数的优化。实验结果表明,该方法在设定的两项分类任务上的性能都优于基准模型,其准确率分别为99.4%和99.8%,且模型参数量最多可降低至基准模型的15%,充分证明了本文方法的先进性。最后,本文在ATCN上引入了一种基于迁移学习的微调方式,为流量分类中零日流量的处理提供了一种新颖的思路。 展开更多
关键词 加密流量分类 时间卷积网络 注意力机制 迁移学习
下载PDF
一种多特征融合的加密流量快速分类方法
16
作者 谭阳红 罗琼辉 钟豪 《湖南大学学报(自然科学版)》 EI CAS CSCD 北大核心 2024年第6期98-107,共10页
网络流量识别是网络管理和安全服务的基础.随着互联网的不断扩展及其复杂性的增加,传统基于规则的识别方法或流行为特征的方法正在面临着巨大挑战.受自然语言处理(Nature Language Processing, NLP)启发,本文提出了一种多特征融合的加... 网络流量识别是网络管理和安全服务的基础.随着互联网的不断扩展及其复杂性的增加,传统基于规则的识别方法或流行为特征的方法正在面临着巨大挑战.受自然语言处理(Nature Language Processing, NLP)启发,本文提出了一种多特征融合的加密流量快速分类方法 .该方法通过融合数据包和字节序列特征来完成网络流的特征表示,采用双元字节编码将所选特征扩展为双字节序列,增加了字节的上下文语义特征;通过与数据包特征处理相适应的池化方法来最大限度保留数据包的特征信息,从而使所提模型具有更强的抗噪能力和更精确的分类能力.本文方法分别在ISCX-2016和一个包含66个热门应用程序的私有数据集(ETD66)上进行验证,并与其他模型展开比较.结果表明:本文所提方法在ISCX-2016及ETD66上的测试精度和性能都明显优于其他流量分类模型,分别取得了98.2%和98.6%的识别准确率,从而证明了所提方法的特征提取能力和强泛化能力. 展开更多
关键词 加密流量识别 自然语言处理 深度学习 文本分类 卷积神经网络
下载PDF
基于并联融合模型的加密流量分类方法
17
作者 崔永俊 郝立鑫 《电子设计工程》 2024年第2期41-45,共5页
网络流量加密的广泛应用给加密流量快速准确分类带来了新的挑战。针对该问题,提出了一种并联融合卷积神经网络与循环神经网络的分类方法,卷积神经网络与循环神经网络分别提取加密流量的空间特征与时序特征,根据时空特征对加密流量进行分... 网络流量加密的广泛应用给加密流量快速准确分类带来了新的挑战。针对该问题,提出了一种并联融合卷积神经网络与循环神经网络的分类方法,卷积神经网络与循环神经网络分别提取加密流量的空间特征与时序特征,根据时空特征对加密流量进行分类,实验表明,该文所提出模型相较于现有的单一模型和串联融合模型在识别准确率上分别提高了14.07%和2.79%,训练效率下降了10%以内,该文所提出模型性能优于现有模型。 展开更多
关键词 加密流量 流量识别 卷积神经网络 门控循环单元
下载PDF
一种基于多模型融合的隐蔽隧道和加密恶意流量检测方法
18
作者 顾国民 陈文浩 黄伟达 《信息网络安全》 CSCD 北大核心 2024年第5期694-708,共15页
高级持续威胁APT攻击为了躲避检测,攻击者往往采用加密恶意流量和隐蔽隧道等策略隐匿恶意行为,从而增加检测的难度。目前大多数检测DNS隐蔽隧道的方法基于统计、频率、数据包等特征,这种方法不能很好地进行实时检测,从而导致数据泄露,因... 高级持续威胁APT攻击为了躲避检测,攻击者往往采用加密恶意流量和隐蔽隧道等策略隐匿恶意行为,从而增加检测的难度。目前大多数检测DNS隐蔽隧道的方法基于统计、频率、数据包等特征,这种方法不能很好地进行实时检测,从而导致数据泄露,因此,需要根据单个DNS请求进行检测而不是对流量进行统计后再检测,才能够实现实时且可靠的检测,当系统判定单个DNS请求为隧道流量,便可做出响应,进而避免数据泄露。而现有的加密恶意检测方法存在无法完整提取流量特征信息、提取特征手段单一、特征利用少等问题。因此,文章提出了基于多模型融合的隐蔽隧道加密恶意流量检测方法。对于DNS隐蔽隧道,文章提出了MLP、1D-CNN、RNN模型融合的检测方法并根据提出的数学模型计算融合结果,该方法能够对隐蔽隧道实时监测,进一步提高检测的整体准确率。对于加密恶意流量,文章提出了1D-CNN、LSTM模型的并行融合的检测方法,并行融合模型能够更加全面地提取特征信息,反应流量数据的全貌,进而提高模型的检测精度。 展开更多
关键词 加密恶意流量检测 DNS隐蔽隧道检测 多模型融合
下载PDF
基于同态加密的分布式加密流量分类隐私保护方法
19
作者 郭晓军 靳玮琨 《西藏科技》 2024年第8期72-80,共9页
随着信息技术的飞速发展,数据量迅速增加,逐渐演变出了分布式存储方式。针对分布式数据存储方式中容易遭受模型训练梯度推理攻击造成梯度泄露,进而引发分布式节点中数据集泄露的问题,提出基于同态加密算法的分布式加密流量分类隐私保护... 随着信息技术的飞速发展,数据量迅速增加,逐渐演变出了分布式存储方式。针对分布式数据存储方式中容易遭受模型训练梯度推理攻击造成梯度泄露,进而引发分布式节点中数据集泄露的问题,提出基于同态加密算法的分布式加密流量分类隐私保护方法(Pa-Fed)。在分布式节点完成训练后,本地模型将参数通过Paillier同态加密传递至中心服务器端。在中心服务器进行参数聚合时,仍然维持参数的密文状态,以确保在传输过程中的隐私性。实验能够较好地保持分类精确率,并且在加密后对分布式节点数据进行梯度推理攻击,有效地验证了分布式节点数据的隐私性。 展开更多
关键词 同态加密 分布式 加密流量分类 隐私保护
下载PDF
单向加密流量的移动应用程序分类技术研究 被引量:1
20
作者 张莉 谭静文 +2 位作者 苘大鹏 韩帅 马书磊 《集成技术》 2024年第5期40-52,共13页
在加密移动应用程序流量分类领域,传统方法均基于双向流量的特征对流量进行分类,但在实际场景中,非对称路由会导致远程网络管理员仅能获得单向流量,使得传统方法分类准确率下降。因此设计了一种仅使用单向流量特征的加密移动应用程序流... 在加密移动应用程序流量分类领域,传统方法均基于双向流量的特征对流量进行分类,但在实际场景中,非对称路由会导致远程网络管理员仅能获得单向流量,使得传统方法分类准确率下降。因此设计了一种仅使用单向流量特征的加密移动应用程序流量分类方法。由于下行流量包含的信息多于上行流量,因此选择对下行流量的有效负载进行分析。同时,由于移动应用程序流量具有时间、空间相关性,因此提出利用双向长短期记忆网络捕获数据流的时序相关性,并利用卷积神经网络学习特征的空间相关性,通过引入注意力层关注重要特征,进一步提高分类准确率。该方法比之前方法的使用范围广,可用于单向流量和双向流量场景,并可通过更少的特征获取更高的准确率。 展开更多
关键词 加密流量 移动应用程序 单向流量 非对称路由
下载PDF
上一页 1 2 10 下一页 到第
使用帮助 返回顶部