基于深度学习的加密流量分类研究综述

摘要/Abstract

摘要： 近年来，为保护公众隐私，互联网上的很多流量被加密传输，传统的基于深度包检测、机器学习的方法在面对加密流量时，准确率大幅下降。随着深度学习自动学习特征的应用，基于深度学习算法的加密流量识别和分类技术得到了快速发展，本文对这些研究进行综述。首先，简要介绍基于深度学习的加密流量检测应用场景。然后，从数据集的使用和构建、检测模型和检测性能3个方面对已有工作进行总结和评价，其中检测技术重点论述数据的预处理、不平衡数据集的处理、神经网络构建、实时检测等方法。最后，讨论当前研究中出现的问题和未来发展方向和前景，为该领域的研究人员提供一些借鉴。

关键词: 网络空间安全, 加密流量, 分类, 深度学习, 机器学习

Abstract: In recent years, in order to protect the public privacy, a lot of traffic on the Internet is encrypted. The accuracy of traditional deep packet inspection and machine learning methods in the face of encrypted traffic has dropped significantly. With the application of deep learning automatic learning features, the encryption flow identification and classification technology based on deep learning algorithms have been rapidly developed. This article reviews these studies. First, this paper briefly introduces the application scenarios of encrypted traffic detection based on deep learning. Then, it summarizes and evaluates the existing works from three aspects: the use and construction of data sets, the detection model and the detection performance. The detection technology focuses on data preprocessing, unbalanced data set processing, neural network construction, real-time detection, etc. Finally, the problems in current research and future development directions and prospects are discussed, so as to provide some references for researchers in this field.

Key words: cyber security, encrypted traffic, classification, deep learning, machine learning

冷涛, . 基于深度学习的加密流量分类研究综述[J]. 计算机与现代化, 2021, 0(08): 112-120.

LENG Tao , . A Survey of Encrypted Traffic Classification Based on Deep Learning[J]. Computer and Modernization, 2021, 0(08): 112-120.

参考文献［52］

［1］	ROUGHAN M, SEN S, SPATSCHECK O, et al. Class-of-service mapping for QoS: A statistical signature-based approach to IP traffic classification［C］// Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement. 2004:135-148.
［2］	LASHKARI A H, GIL G D, MAMUN M S I, et al. Characterization of Tor traffic using time based features［C］// Proceedings of the 3rd International Conference on Information Systems Security and Privacy. 2017:253-262.
［3］	陈良臣,高曙,刘宝旭,等. 网络加密流量识别研究进展及发展趋势［J］. 信息网络安全, 2019(3):19-25.
［4］	SHAPIRA T, SHAVITT Y. Flowpic: Encrypted Internet traffic classification is as easy as image recognition［C］// IEEE Conference on Computer Communications Workshops. 2019:680-687.
［5］	SIRINAM P, IMANI M, JUAREZ M, et al. Deep fingerprinting: Undermining website fingerprinting defenses with deep learning［C］// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018:1928-1943.
［6］	DE LA CADENA W, MITSEVA A, HILLER J, et al. TrafficSliver: Fighting website fingerprinting attacks with traffic splitting［C］// Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020:1971-1985.
［7］	ABUSNAINA A, JANG R, KHORMALI A, et al. DFD: Adversarial learning-based approach to defend against website fingerprinting［C］// IEEE INFOCOM 2020-IEEE Conference on Computer Communications. 2020:2459-2468.
［8］	SHEN M, LIU Y T, CHEN S Q, et al. Fine-grained webpage fingerprinting using only packet length information of encrypted traffic［J］. IEEE Transactions on Information Forensics and Security, 2021,16:2046-2059.
［9］	SHEN M, ZHANG J P, ZHU L H, et al. Accurate decentralized application identification via encrypted traffic analysis using graph neural networks［J］. IEEE Transactions on Information Forensics and Security, 2021,16:2367-2380.
［10］	VAN EDE T, BORTOLAMEOTTI R, CONTINELLA A, et al. Flowprint: Semi-supervised mobile-app fingerprinting on encrypted network traffic［C］// Network and Distributed System Security Symposium. 2020.
［11］	BAHRAMALI A, HOUMANSADR A, SOLTANI R, et al. Practical traffic analysis attacks on secure messaging applications［C］// Network and Distributed System Security Symposium. 2020.
［12］	ZHANG W, MENG Y, LIU Y G, et al. Homonit: Monitoring smart home apps from encrypted traffic［C］// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018:1074-1088.
［13］	YU J L, LUO B, MA J, et al. You are what you broadcast: Identification of mobile and IoT devices from (public) WiFi［C］// The 29th USENIX Security Symposium. 2020:55-72.
［14］	WAN Y X, XU K, XUE G L, et al. IoTArgos: A multi-layer security monitoring system for Internet-of-Things in smart homes［C］// IEEE Conference on Computer Communications. 2020:874-883.
［15］	GU T B, FANG Z, ABHISHEK A, et al. IoTgaze: IoT security enforcement via wireless context analysis［C］// IEEE Conference on Computer Communications. 2020:884-893.
［16］	SIVAKORN S, JEE K, SUN Y X, et al. Countering malicious processes with process-DNS association［C］// Network and Distributed System Security Symposium. 2019.
［17］	YUAN B G, WANG J F, LIU D, et al. Byte-level malware classification based on markov images and deep learning［J］. Computers & Security, 2020,92:101740.
［18］	LEE I, ROH H, LEE W. Encrypted malware traffic detection using incremental learning［C］// IEEE Conference on Computer Communications Workshops. 2020:1348-1349.
［19］	NIU W N, XIE J, ZHANG X S, et al. HTTP-based APT malware infection detection using URL correlation analysis［J］. Security and Communication Networks, 2021, 2021:Article ID 6653386.
［20］	王伟. 基于深度学习的网络流量分类及异常检测方法研究［D］. 合肥:中国科学技术大学, 2018.
［21］	WANG P, CHEN X J, YE F, et al. A survey of techniques for mobile service encrypted traffic classification using deep learning［J］. IEEE Access, 2019,7:54024-54033.
［22］	TAHAEI H, AFIFI F, ASEMI A, et al. The rise of traffic classification in IoT networks: A survey［J］. Journal of Network and Computer Applications, 2020,154:102538.
［23］	LOPEZ-MARTIN M, CARRO B, SANCHEZ-ESGUEVILLAS A, et al. Network traffic classifier with convolutional and recurrent neural networks for Internet of things［J］. IEEE Access, 2017,5:18042-18050.
［24］	ZHANG J L, LI F H, YE F, et al. Autonomous unknown-application filtering and labeling for DL-based traffic classifier update［C］// IEEE Conference on Computer Communications. 2020:397-405.
［25］	ZHAO L X, CAI L J, YU A M, et al. Prototype-based malware traffic classification with novelty detection［C］// International Conference on Information and Communications Security. 2019:3-17.
［26］	KAMARUDIN M H, MAPLE C, WATSON T. Hybrid feature selection technique for intrusion detection system［J］. International Journal of High Performance Computing and Networking, 2019,13(2):232-240.
［27］	MIMURA M. Adjusting lexical features of actual proxy logs for intrusion detection［J］. Journal of Information Security and Applications, 2020,50:102408.
［28］	WANG P, LI S H, YE F, et al. PacketCGAN: Exploratory study of class imbalance for encrypted traffic classification using CGAN［C］// 2020 IEEE International Conference on Communications (ICC). 2020:1-7.
［29］	VU L, BUI C T, NGUYEN Q U. A deep learning based method for handling imbalanced problem in network traffic classification［C］// Proceedings of the 8th International Symposium on Information and Communication Technology. 2017:333-339.
［30］	REZAEI S, LIU X. How to achieve high classification accuracy with just a few labels: A semi-supervised approach using sampled packets［C］// The 19th Industrial Conference on Data Mining. 2019:28-42.
［31］	DONG C, ZHANG C, LU Z G, et al. CETAnalytics: Comprehensive effective traffic information analytics for encrypted traffic classification［J］. Computer Networks, 2020,176:107258
［32］	REZAEI S, LIU X. Multitask learning for network traffic classification［C］// 2020 29th International Conference on Computer Communications and Networks. 2020:1-9.
［33］	LIU C, HE L T, XIONG G, et al. FS-Net: A flow sequence network for encrypted traffic classification［C］// IEEE Conference on Computer Communications. 2019:1171-1179.
［34］	ILIYASU A S, DENG H F. Semi-supervised encrypted traffic classification with deep convolutional generative adversarial networks［J］. IEEE Access, 2020,8:118-126.
［35］	CUI S S, JIANG B, CAI Z Z, et al. A session-packets based encrypted traffic classification using capsule neural networks［C］// 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems(HPCC/SmartCity/DSS). 2019:429-436.
［36］	WANG Z Y. The applications of deep learning on traffic identification［C］// USA Black Hat Conference. 2015.
［37］	薛文龙,于炯,郭志琦,等. 基于特征融合卷积神经网络的端到端加密流量分类［J/OL］. 计算机工程与应用, 2020:1-10(2020-08-31)［2021-04-01］. https://kns. cnki.net/kcms/detail/detail.aspx?dbcode=CAPJ&dbname=CAPJLAST&-filename=JSGG20200828006&v=UVJbamaWiqNeLlKu75%25mmd2B2OAyy%25mmd2Buvg0UUSmvO5Qw-KCPmtt71xrsu U%25mmd2FDXGUWziwd%25mmd2BSl.
［38］	范聂霏. 基于卷积神经网络的流量分类方法研究［M］. 武汉：华中师范大学, 2020.
［39］	WANG W, SHENG Y Q, WANG J L, et al. HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection［J］. IEEE Access, 2017,6:1792-1806.
［40］	ACETO G, CIUONZO D, MONTIERI A, et al. Mobile encrypted traffic classification using deep learning［C］// IEEE/ACM Network Traffic Measurement and Analysis Conference. 2018:1-8.
［41］	WANG W, ZHU M, WANG J L, et al. End-to-end encrypted traffic classification with one-dimensional convolution neural networks［C］// 2017 IEEE International Conference on Intelligence and Security Informatics. 2017:43-48.
［42］	CHEN Z T, HE K, LI J, et al. Seq2Img: A sequence-to-image based approach towards IP traffic classification using convolutional neural networks［C］// 2017 IEEE International Conference on Big Data. 2017:1271-1276.
［43］	LOTFOLLAHI M, ZADE R S H， SIAVOSHANI M J, et al. Deep packet: A novel approach for encrypted traffic classification using deep learning［J］. Soft Computing, 2020,24(3):1999-2012.
［44］	HOCHST J, BAUMGARTNER L, HOLLICK M, et al. Unsupervised traffic flowclassification using a neural autoencoder［C］// 2017 IEEE 42nd Conference on Local Computer Networks. 2017:523-526.
［45］	DRAPER-GIL G， LASHKARI A H， MAMUN M S I, et al. Characterization of encrypted and VPN traffic using time-related features［C］// Proceedings of the 2nd International Conference on Information Systems Security and Privacy. 2016:407-414.
［46］	LIM H K, KIM J B, HEO J S, et al. Packet-based network traffic classification using deep learning［C］// The 1st International Conference on Artificial Intelligence in Information and Communication. 2019:46-51.
［47］	HASIBI R， SHOKRI M， DEHGHAN M. Augmentation scheme for dealing with imbalanced network traffic classification using deep learning［J］. Arxiv Preprint Arxiv:1901.00204, 2019.
［48］	LI D, ZHU Y F, LIN W. Traffic identification of mobile apps based on variational autoencoder network［C］// 2017 13th International Conference on Computational Intelligence and Security. 2017:287-291.
［49］	ZHANG H P, WU C Q, GAO S, et al. An effective deep learning based scheme for network intrusion detection［C］// 2018 24th International Conference on Pattern Recognition. 2018:682-687.
［50］	AYGUN R C, YAVUZ A G. Network anomaly detection with stochastically improved autoencoder based models［C］// 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing. 2017:193-198.
［51］	ZENG Y, GU H X, WEI W T, et al. Deep-Full-Rang: A deep learning based network enerypted traffic classification and intrusion detection framework［J］. IEEE Access, 2019,7:45182-45190.
［52］	ZOU Z, GE J G, ZHENG H B, et al. Encrypted traffic classification with a convolutional long short-term memory neural network［C］// 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). 2018:329-334.

[1]	李健, 张克亮, 唐亮, 夏榕璟, 任静静. 面向中文命名实体识别任务的数据增强[J]. 计算机与现代化, 2022, 0(04): 1-6.
[2]	陈云翔, 王巍, 宁娟, 陈怡丹, 赵永新, 周庆华. PSWGAN-GP:改进梯度惩罚的生成对抗网络[J]. 计算机与现代化, 2022, 0(04): 21-26.
[3]	梁正友, 耿经邦, 孙宇. 基于改进残差网络的交通标志识别算法[J]. 计算机与现代化, 2022, 0(04): 52-57.
[4]	秦鸣乐, 年梅, 张俊, . 基于深度生成对抗网络的恶意TLS流量识别[J]. 计算机与现代化, 2022, 0(04): 121-126.
[5]	谢辉, 师后勤, 齐宇霄, 陈瑞, 童莹. 基于注意力机制子网络的时空跌倒检测算法[J]. 计算机与现代化, 2022, 0(03): 70-75.
[6]	胡焱, 卓书龙, 司成可. 数据驱动的ADS-B干扰源信号类型识别[J]. 计算机与现代化, 2022, 0(02): 19-25.
[7]	张晓航, 李政, 朱晓明, 张海锋, 赵博宇. 基于RBF神经网络的可信加密流量分类方法[J]. 计算机与现代化, 2022, 0(02): 45-51.
[8]	赵延平, 王芳, 夏杨. 基于支持向量机的短文本分类方法[J]. 计算机与现代化, 2022, 0(02): 92-96.
[9]	冷浩柏, 卢涵宇, 郭彩, 袁咏仪, 杨文雅. 基于改进胶囊神经网络的遥感影像分类[J]. 计算机与现代化, 2022, 0(02): 102-107.
[10]	杨贞, 朱强强, 彭小宝, 殷志坚, 温海桥, 黄春华. 基于深度级联模型工业安全帽检测算法[J]. 计算机与现代化, 2022, 0(01): 91-97.
[11]	韩建, 李林, 曹志民, 段朝辉, 万川, . 基于区域结构特征的城区LiDAR数据快速分类[J]. 计算机与现代化, 2021, 0(12): 48-52.
[12]	陈勋豪, 杨莹, 黄俊茹, 孙玉宝. 基于多尺度融合网络的视频快照压缩感知重建[J]. 计算机与现代化, 2021, 0(12): 58-64.
[13]	仇誉, 韩俊英, 封成智, 陈永卫. 基于卷积神经网络的苹果栽培品种识别[J]. 计算机与现代化, 2021, 0(12): 65-71.
[14]	汪帆, 魏宪, 郭杰龙, 梁培栋. 基于多通道分离整合的多尺度单幅图像去雨算法[J]. 计算机与现代化, 2021, 0(12): 72-78.
[15]	杨欣怡, 侯凌燕, 杨大利, 崔丽艳. 基于SMOTE和RNN的肾移植排斥反应预测[J]. 计算机与现代化, 2021, 0(11): 7-11.