GBDT与LR融合模型在加密流量识别中的应用

doi:10.3969/j.issn.1006-2475.2020.03.018

计算机与现代化

GBDT与LR融合模型在加密流量识别中的应用

(华北电力大学(北京)控制与计算机工程学院,北京102206)

收稿日期:2019-08-12 出版日期:2020-03-24 发布日期:2020-03-30
作者简介:王垚(1996-),男,四川南充人，硕士研究生,研究方向:网络信息安全,E-mail: 973933471@qq.com；李为(1967-),女,辽宁沈阳人,教授,硕士,研究方向:智能电网软件技术,电力信息安全；吴克河(1962-),男,江苏镇江人，教授,博士,研究方向:智能电网软件技术,电力信息安全；崔文超(1983-),男,河南南阳人，讲师,博士,研究方向:电力信息安全。
基金资助:
国家电网公司科技项目(521304190004)

Application of Fusion Model of GBDT and LR in Encrypted Traffic Identification

(School of Control and Computer Engineering, North China Electric Power University, Beijing 102206, China)

Received:2019-08-12 Online:2020-03-24 Published:2020-03-30

摘要/Abstract

摘要： 随着网络应用服务类型的多样化以及网络流量加密技术的不断发展，加密流量识别已经成为网络安全领域的一个重大挑战。传统的流量识别技术如深度包检测无法有效地识别加密流量，而基于机器学习理论的加密流量识别技术则表现出很好的效果。因此,本文提出一种融合梯度提升决策树算法(GBDT)与逻辑回归(LR)算法的加密流量分类模型，使用贝叶斯优化(BO)算法进行超参数调整，利用与时间相关的流特征对普通加密流量与VPN加密流量进行识别，实现了整体高于90%的流量识别准确度，与其他常用分类模型相比拥有更好的识别效果。

关键词: 加密流量识别, 梯度提升决策树, 逻辑回归, 流特征, 贝叶斯优化

Abstract: With the diversification of network application service types and the continuous development of traffic encryption technology, encrypted traffic identification has become a major challenge in the field of network security. Traditional traffic identification techniques, such as deep packet inspection, cannot effectively identify encrypted traffic, while the identification technology based on machine learning theory has shown good results. For this, an optimized encrypted traffic classification model based on the fusion of GBDT and LR is proposed, in which Bayesian optimization (BO) algorithm is used for hyperparameter tuning. By using the time-related flow features to identify common encrypted traffic and VPN encrypted traffic, it obtains an overall accuracy more than 90%, which gets better recognition effect than other common classification models.

Key words: encrypted traffic identification, GBDT (Gradient Boosting Decision Tree), LR (Logistic Regression), flow features, Bayesian optimization

中图分类号:

TP393.08

王垚,李为,吴克河,崔文超. GBDT与LR融合模型在加密流量识别中的应用[J]. 计算机与现代化, doi: 10.3969/j.issn.1006-2475.2020.03.018.

WANG Yao, LI Wei, WU Ke-he, CUI Wen-chao. Application of Fusion Model of GBDT and LR in Encrypted Traffic Identification[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2020.03.018.

参考文献

［1］ FAHMIDA Y R. Encryption, Privacy in the Internet Trends Report［EB/OL］.(2019-06-12)［2019-08-01］. https://duo.com/decipher/encryption-privacy-in-the-internet-trends-report.
［2］ KARAGIANNIS T, BROIDO A, FALOUTSOS M, et al. Transport layer identification of P2P traffic［C］// Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement. 2004:121-134.
［3］ TAO L H, LIU G J, LIU W W, et al. Packet signature mining for application identification using an improved Apriori algorithm［C］// IEEE International Conference on Progress in Informatics & Computing. 2015.
［4］ PAXSON V. Growth trends in wide-area TCP connections［J］. IEEE Network, 1994,8(4):8-17.
［5］ PAXSON V.Empirically derived analytic models of wide-area TCP connections［J］. IEEE/ACM Transactions on Networking, 1994,2(4):316-336.
［6］ ESTE A, GRINGOLI F, SALGARELLI L. Support vector machines for TCP traffic classification［J］. Computer Networks, 2009,53(14):2476-2490.
［7］王勇,周慧怡,俸皓,等. 基于深度卷积神经网络的网络流量分类方法［J］. 通信学报, 2018,39(1):14-23.
［8］ KARAGIANNIS T, PAPAGIANNAKI K, FALOUTSOS M. BLINC: Multilevel traffic classification in the dark［C］// Proceedings of ACM SIGCOMM 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. 2005:229-240.
［9］ ERMAN J, ARLITT M F, MAHANTI A. Traffic classification using clustering algorithms［C］// Proceedings of 2006 SIGCOMM Workshop on Mining Network Data. 2006:281-286.
［10］ZANDER S, NGUYEN T, ARMITAGE G. Automated traffic classification and application identification using machine learning［C］// Proceedings of IEEE Conference on Local Computer Networks. 2005:250-257.
［11］CHEESEMAN P, STUTZ J. Bayesian classification(AutoClass): Theory and results［J］. Advances in Knowledge Discovery & Data Mining, 1996,180:153-180.
［12］YANG C H, WANG F, HUANG B X. Internet traffic classification using DBSCAN［C］// WASE International Conference on Information Engineering. 2009,2:163-166.
［13］BERNAILLE L, TEIXEIRA R, AKODKENOU I, et al. Traffic classification on the fly［J］. ACM SIGCOMM Computer Communication Review, 2006,36(2):23-26.
［14］ERMAN J, MAHANTI A, ARLITT M F, et al. Identifying and discriminating between Web and peer-to-peer traffic in the network core［C］// International Conference on World Wide Web. 2007:883-892.
［15］ERMAN J, MAHANTI A, ARLITT M, et al. Semi-supervised network traffic classification［J］. ACM SIGMETRICS Performance Evaluation Review, 2007,35(1):369-370.
［16］LASHKARI A H, DRAPER GIL G D, MAMUN M S I, et al. Characterization of encrypted and VPN traffic using time-related features［C］// International Conference on Information Systems Security and Privacy. 2016:94-98．
［17］周志华. 机器学习［M］. 北京:清华大学出版社, 2016.
［18］FRIEDMAN J H. Greedy function approximation: A gradient boosting machine［J］. The Annals of Statistics, 2001,29(5):1189-1232.
［19］〖JP3〗HE X R, PAN J F, JIN O, et al. Practical lessons from predicting clicks on Ads at Facebook［C］// The 8th InternationalWorkshop on Data Mining for Online Advertising. 2014:1-9.
［20］MOORE A, ZUEV D, CROGAN M, et al. Discriminators for Use in Flow-based Classification［M］. London: Queen Mary and Westfield College Press， 2005.
［21］MCGREGOR A, HALL M, LORIER P, et al. Flow clustering using machine learning techniques［C］// International Workshop on Passive and Active Network Measurement. 2004:205-214.
［22］BERGSTRA J, KOMER B, ELIASMITH C, et al. Hyperopt: A Python library for model selection and hyperparameter optimization［J］. Computational Science & Discovery, 2015,8(1):014008.
［23］BERGSTRA J, BARDENET R, BENGIO Y, et al. Algorithms for hyper-parameter optimization［C］// Proceedings of the 24th International Conference on Neural Information Processing Systems. 2011:2546-2554.

[1]	冀心成, 汪衍凯, 张迎, 许彦杰. 贝叶斯优化梯度提升树的室内日光照度分布预测[J]. 计算机与现代化, 2023, 0(09): 44-50.
[2]	刘付谦, 秦华妮, 赖惠慧. 基于SMOTE和贝叶斯优化的Adj-LightGBM人岗匹配算法[J]. 计算机与现代化, 2023, 0(03): 90-95.
[3]	夏义春, 李汪根, 李豆豆, 葛英奎, 王志格. 结合注意力机制和图神经网络的CTR预估模型[J]. 计算机与现代化, 2023, 0(03): 29-37.
[4]	肖宏宇, 曾文驱, 王淑营. 基于模型特征匹配的BIM模型混合推荐算法[J]. 计算机与现代化, 2022, 0(01): 28-32.
[5]	魏健, 赵红涛, 刘敦楠, 加鹤萍 . 基于集成模型的超短时负荷预测方法[J]. 计算机与现代化, 2021, 0(03): 12-17.
[6]	陈明帅, 吴克河. 基于shell命令的内部攻击检测[J]. 计算机与现代化, 2021, 0(01): 56-60.
[7]	仵海云. 基于MLP和Sobol的注采连通情况判别[J]. 计算机与现代化, 2020, 0(03): 40-.
[8]	黎雨星，梁正友，孙宇. 结合差分演化和逻辑回归的构音障碍自动识别方法[J]. 计算机与现代化, 2019, 0(08): 1-.
[9]	许智彪. 基于代价敏感主动学习算法的2型糖尿病诊断[J]. 计算机与现代化, 2018, 0(06): 84-.
[10]	冯苗1，綦小蓉2，李智1. 基于蚁群路径优化决策树及逻辑回归的慢性肾病进展概率预测模型[J]. 计算机与现代化, 2018, 0(04): 117-.
[11]	耿俊成1，张小斐1，孙玉宝2，吴博1，周强2. 基于Ksupport稀疏逻辑回归的停电敏感度预测[J]. 计算机与现代化, 2018, 0(04): 68-.
[12]	张伟莉1,2,黄廷磊1,梁霄1. 基于半监督协同训练的百科知识库实体对齐[J]. 计算机与现代化, 2017, 0(12): 88-93.
[13]	付全兴,韩立新，杨艺. 基于生活场景的逻辑回归推荐算法[J]. 计算机与现代化, 2016, 0(12): 38-41.

GBDT与LR融合模型在加密流量识别中的应用

Application of Fusion Model of GBDT and LR in Encrypted Traffic Identification

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 13

编辑推荐

Metrics

本文评价