基于深度学习的加密流量分类研究综述

摘要/Abstract

摘要： 近年来，为保护公众隐私，互联网上的很多流量被加密传输，传统的基于深度包检测、机器学习的方法在面对加密流量时，准确率大幅下降。随着深度学习自动学习特征的应用，基于深度学习算法的加密流量识别和分类技术得到了快速发展，本文对这些研究进行综述。首先，简要介绍基于深度学习的加密流量检测应用场景。然后，从数据集的使用和构建、检测模型和检测性能3个方面对已有工作进行总结和评价，其中检测技术重点论述数据的预处理、不平衡数据集的处理、神经网络构建、实时检测等方法。最后，讨论当前研究中出现的问题和未来发展方向和前景，为该领域的研究人员提供一些借鉴。

关键词: 网络空间安全, 加密流量, 分类, 深度学习, 机器学习

Abstract: In recent years, in order to protect the public privacy, a lot of traffic on the Internet is encrypted. The accuracy of traditional deep packet inspection and machine learning methods in the face of encrypted traffic has dropped significantly. With the application of deep learning automatic learning features, the encryption flow identification and classification technology based on deep learning algorithms have been rapidly developed. This article reviews these studies. First, this paper briefly introduces the application scenarios of encrypted traffic detection based on deep learning. Then, it summarizes and evaluates the existing works from three aspects: the use and construction of data sets, the detection model and the detection performance. The detection technology focuses on data preprocessing, unbalanced data set processing, neural network construction, real-time detection, etc. Finally, the problems in current research and future development directions and prospects are discussed, so as to provide some references for researchers in this field.

Key words: cyber security, encrypted traffic, classification, deep learning, machine learning

冷涛, . 基于深度学习的加密流量分类研究综述[J]. 计算机与现代化, 2021, 0(08): 112-120.

LENG Tao , . A Survey of Encrypted Traffic Classification Based on Deep Learning[J]. Computer and Modernization, 2021, 0(08): 112-120.

参考文献

［1］ ROUGHAN M, SEN S, SPATSCHECK O, et al. Class-of-service mapping for QoS: A statistical signature-based approach to IP traffic classification［C］// Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement. 2004:135-148.
［2］ LASHKARI A H, GIL G D, MAMUN M S I, et al. Characterization of Tor traffic using time based features［C］// Proceedings of the 3rd International Conference on Information Systems Security and Privacy. 2017:253-262.
［3］陈良臣,高曙,刘宝旭,等. 网络加密流量识别研究进展及发展趋势［J］. 信息网络安全, 2019(3):19-25.
［4］ SHAPIRA T, SHAVITT Y. Flowpic: Encrypted Internet traffic classification is as easy as image recognition［C］// IEEE Conference on Computer Communications Workshops. 2019:680-687.
［5］ SIRINAM P, IMANI M, JUAREZ M, et al. Deep fingerprinting: Undermining website fingerprinting defenses with deep learning［C］// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018:1928-1943.
［6］ DE LA CADENA W, MITSEVA A, HILLER J, et al. TrafficSliver: Fighting website fingerprinting attacks with traffic splitting［C］// Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020:1971-1985.
［7］ ABUSNAINA A, JANG R, KHORMALI A, et al. DFD: Adversarial learning-based approach to defend against website fingerprinting［C］// IEEE INFOCOM 2020-IEEE Conference on Computer Communications. 2020:2459-2468.
［8］ SHEN M, LIU Y T, CHEN S Q, et al. Fine-grained webpage fingerprinting using only packet length information of encrypted traffic［J］. IEEE Transactions on Information Forensics and Security, 2021,16:2046-2059.
［9］ SHEN M, ZHANG J P, ZHU L H, et al. Accurate decentralized application identification via encrypted traffic analysis using graph neural networks［J］. IEEE Transactions on Information Forensics and Security, 2021,16:2367-2380.
［10］VAN EDE T, BORTOLAMEOTTI R, CONTINELLA A, et al. Flowprint: Semi-supervised mobile-app fingerprinting on encrypted network traffic［C］// Network and Distributed System Security Symposium. 2020.
［11］BAHRAMALI A, HOUMANSADR A, SOLTANI R, et al. Practical traffic analysis attacks on secure messaging applications［C］// Network and Distributed System Security Symposium. 2020.
［12］ZHANG W, MENG Y, LIU Y G, et al. Homonit: Monitoring smart home apps from encrypted traffic［C］// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018:1074-1088.
［13］YU J L, LUO B, MA J, et al. You are what you broadcast: Identification of mobile and IoT devices from (public) WiFi［C］// The 29th USENIX Security Symposium. 2020:55-72.
［14］WAN Y X, XU K, XUE G L, et al. IoTArgos: A multi-layer security monitoring system for Internet-of-Things in smart homes［C］// IEEE Conference on Computer Communications. 2020:874-883.
［15］GU T B, FANG Z, ABHISHEK A, et al. IoTgaze: IoT security enforcement via wireless context analysis［C］// IEEE Conference on Computer Communications. 2020:884-893.
［16］SIVAKORN S, JEE K, SUN Y X, et al. Countering malicious processes with process-DNS association［C］// Network and Distributed System Security Symposium. 2019.
［17］YUAN B G, WANG J F, LIU D, et al. Byte-level malware classification based on markov images and deep learning［J］. Computers & Security, 2020,92:101740.
［18］LEE I, ROH H, LEE W. Encrypted malware traffic detection using incremental learning［C］// IEEE Conference on Computer Communications Workshops. 2020:1348-1349.
［19］NIU W N, XIE J, ZHANG X S, et al. HTTP-based APT malware infection detection using URL correlation analysis［J］. Security and Communication Networks, 2021, 2021:Article ID 6653386.
［20］王伟. 基于深度学习的网络流量分类及异常检测方法研究［D］. 合肥:中国科学技术大学, 2018.
［21］WANG P, CHEN X J, YE F, et al. A survey of techniques for mobile service encrypted traffic classification using deep learning［J］. IEEE Access, 2019,7:54024-54033.
［22］TAHAEI H, AFIFI F, ASEMI A, et al. The rise of traffic classification in IoT networks: A survey［J］. Journal of Network and Computer Applications, 2020,154:102538.
［23］LOPEZ-MARTIN M, CARRO B, SANCHEZ-ESGUEVILLAS A, et al. Network traffic classifier with convolutional and recurrent neural networks for Internet of things［J］. IEEE Access, 2017,5:18042-18050.
［24］ZHANG J L, LI F H, YE F, et al. Autonomous unknown-application filtering and labeling for DL-based traffic classifier update［C］// IEEE Conference on Computer Communications. 2020:397-405.
［25］ZHAO L X, CAI L J, YU A M, et al. Prototype-based malware traffic classification with novelty detection［C］// International Conference on Information and Communications Security. 2019:3-17.
［26］KAMARUDIN M H, MAPLE C, WATSON T. Hybrid feature selection technique for intrusion detection system［J］. International Journal of High Performance Computing and Networking, 2019,13(2):232-240.
［27］MIMURA M. Adjusting lexical features of actual proxy logs for intrusion detection［J］. Journal of Information Security and Applications, 2020,50:102408.
［28］WANG P, LI S H, YE F, et al. PacketCGAN: Exploratory study of class imbalance for encrypted traffic classification using CGAN［C］// 2020 IEEE International Conference on Communications (ICC). 2020:1-7.
［29］VU L, BUI C T, NGUYEN Q U. A deep learning based method for handling imbalanced problem in network traffic classification［C］// Proceedings of the 8th International Symposium on Information and Communication Technology. 2017:333-339.
［30］REZAEI S, LIU X. How to achieve high classification accuracy with just a few labels: A semi-supervised approach using sampled packets［C］// The 19th Industrial Conference on Data Mining. 2019:28-42.
［31］DONG C, ZHANG C, LU Z G, et al. CETAnalytics: Comprehensive effective traffic information analytics for encrypted traffic classification［J］. Computer Networks, 2020,176:107258
［32］REZAEI S, LIU X. Multitask learning for network traffic classification［C］// 2020 29th International Conference on Computer Communications and Networks. 2020:1-9.
［33］LIU C, HE L T, XIONG G, et al. FS-Net: A flow sequence network for encrypted traffic classification［C］// IEEE Conference on Computer Communications. 2019:1171-1179.
［34］ILIYASU A S, DENG H F. Semi-supervised encrypted traffic classification with deep convolutional generative adversarial networks［J］. IEEE Access, 2020,8:118-126.
［35］CUI S S, JIANG B, CAI Z Z, et al. A session-packets based encrypted traffic classification using capsule neural networks［C］// 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems(HPCC/SmartCity/DSS). 2019:429-436.
［36］WANG Z Y. The applications of deep learning on traffic identification［C］// USA Black Hat Conference. 2015.
［37］薛文龙,于炯,郭志琦,等. 基于特征融合卷积神经网络的端到端加密流量分类［J/OL］. 计算机工程与应用, 2020:1-10(2020-08-31)［2021-04-01］. https://kns. cnki.net/kcms/detail/detail.aspx?dbcode=CAPJ&dbname=CAPJLAST&-filename=JSGG20200828006&v=UVJbamaWiqNeLlKu75%25mmd2B2OAyy%25mmd2Buvg0UUSmvO5Qw-KCPmtt71xrsu U%25mmd2FDXGUWziwd%25mmd2BSl.
［38］范聂霏. 基于卷积神经网络的流量分类方法研究［M］. 武汉：华中师范大学, 2020.
［39］WANG W, SHENG Y Q, WANG J L, et al. HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection［J］. IEEE Access, 2017,6:1792-1806.
［40］ACETO G, CIUONZO D, MONTIERI A, et al. Mobile encrypted traffic classification using deep learning［C］// IEEE/ACM Network Traffic Measurement and Analysis Conference. 2018:1-8.
［41］ WANG W, ZHU M, WANG J L, et al. End-to-end encrypted traffic classification with one-dimensional convolution neural networks［C］// 2017 IEEE International Conference on Intelligence and Security Informatics. 2017:43-48.
［42］CHEN Z T, HE K, LI J, et al. Seq2Img: A sequence-to-image based approach towards IP traffic classification using convolutional neural networks［C］// 2017 IEEE International Conference on Big Data. 2017:1271-1276.
［43］LOTFOLLAHI M, ZADE R S H， SIAVOSHANI M J, et al. Deep packet: A novel approach for encrypted traffic classification using deep learning［J］. Soft Computing, 2020,24(3):1999-2012.
［44］HOCHST J, BAUMGARTNER L, HOLLICK M, et al. Unsupervised traffic flowclassification using a neural autoencoder［C］// 2017 IEEE 42nd Conference on Local Computer Networks. 2017:523-526.
［45］DRAPER-GIL G， LASHKARI A H， MAMUN M S I, et al. Characterization of encrypted and VPN traffic using time-related features［C］// Proceedings of the 2nd International Conference on Information Systems Security and Privacy. 2016:407-414.
［46］LIM H K, KIM J B, HEO J S, et al. Packet-based network traffic classification using deep learning［C］// The 1st International Conference on Artificial Intelligence in Information and Communication. 2019:46-51.
［47］HASIBI R， SHOKRI M， DEHGHAN M. Augmentation scheme for dealing with imbalanced network traffic classification using deep learning［J］. Arxiv Preprint Arxiv:1901.00204, 2019.
［48］LI D, ZHU Y F, LIN W. Traffic identification of mobile apps based on variational autoencoder network［C］// 2017 13th International Conference on Computational Intelligence and Security. 2017:287-291.
［49］ZHANG H P, WU C Q, GAO S, et al. An effective deep learning based scheme for network intrusion detection［C］// 2018 24th International Conference on Pattern Recognition. 2018:682-687.
［50］AYGUN R C, YAVUZ A G. Network anomaly detection with stochastically improved autoencoder based models［C］// 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing. 2017:193-198.
［51］ZENG Y, GU H X, WEI W T, et al. Deep-Full-Rang: A deep learning based network enerypted traffic classification and intrusion detection framework［J］. IEEE Access, 2019,7:45182-45190.
［52］ZOU Z, GE J G, ZHENG H B, et al. Encrypted traffic classification with a convolutional long short-term memory neural network［C］// 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). 2018:329-334.

[1]	黄庭培1, 马禄彪1, 李世宝2, 刘建航1. 基于WiFi和原型网络的手势识别方法[J]. 计算机与现代化, 2024, 0(12): 34-39.
[2]	刘宝宝, 杨菁菁, 陶露, 王贺应. 基于注意力的DSMSC的遥感图像场景分类[J]. 计算机与现代化, 2024, 0(12): 72-77.
[3]	龚谊承1, 2, 刘青1, 2. 基于RF-LCE-BiLSTM-Attention-AMSSA模型的京剧二分类[J]. 计算机与现代化, 2024, 0(11): 7-12.
[4]	祁贤, 刘大铭, 常佳鑫. 基于改进自注意力机制的多视图三维重建[J]. 计算机与现代化, 2024, 0(11): 106-112.
[5]	陈凯1, 李宜汀1, 2, 全华凤1 . 基于改进YOLOv8的河道废弃瓶检测方法[J]. 计算机与现代化, 2024, 0(11): 113-120.
[6]	杨骏1, 胡为1, 朱文福2. 基于改进MobileNetV3的视觉SLAM回环检测算法[J]. 计算机与现代化, 2024, 0(10): 21-26.
[7]	王莹莹, 郝潇. 基于Res2Net和递归门控卷积的细粒度图像分类[J]. 计算机与现代化, 2024, 0(10): 74-79.
[8]	史星宇1, 李强2, 庄莉3, 梁懿3, 王秋琳3, 陈锴3, 伍臣周3, 常胜1. 一种面向工业部署的目标检测模型蒸馏技术[J]. 计算机与现代化, 2024, 0(10): 93-99.
[9]	焦一凯1, 2, 朱欣娟1, 2. 公共文化资源标签推荐方法[J]. 计算机与现代化, 2024, 0(10): 107-112.
[10]	周传华1, 2, 任太娇1, 罗岚1, 周昊1. 基于联合熵的非平衡数据边界混合重采样[J]. 计算机与现代化, 2024, 0(09): 95-100.
[11]	张泽1, 张建权2, 3, 周国鹏2, 3. 基于改进YOLOv8s的摄像头模组缺陷检测[J]. 计算机与现代化, 2024, 0(09): 107-113.
[12]	程亚子1, 雷亮1, 2, 陈瀚1, 赵毅然1. 基于转置注意力的多尺度深度融合单目深度估计[J]. 计算机与现代化, 2024, 0(09): 121-126.
[13]	何若男1, 范翔2, 陈益1, 姜羽菲1, 曹辉1. 比例优势逻辑回归优化嗓音障碍指数算法[J]. 计算机与现代化, 2024, 0(08): 1-4.
[14]	程萌, 李浩. 改进YOLOv5s的落叶树鸟巢检测方法[J]. 计算机与现代化, 2024, 0(08): 24-29.
[15]	王梦溪, 李峻. 老年人跌倒检测技术研究综述[J]. 计算机与现代化, 2024, 0(08): 30-36.