基于深度学习的加密流量分类研究综述

摘要/Abstract

摘要： 近年来，为保护公众隐私，互联网上的很多流量被加密传输，传统的基于深度包检测、机器学习的方法在面对加密流量时，准确率大幅下降。随着深度学习自动学习特征的应用，基于深度学习算法的加密流量识别和分类技术得到了快速发展，本文对这些研究进行综述。首先，简要介绍基于深度学习的加密流量检测应用场景。然后，从数据集的使用和构建、检测模型和检测性能3个方面对已有工作进行总结和评价，其中检测技术重点论述数据的预处理、不平衡数据集的处理、神经网络构建、实时检测等方法。最后，讨论当前研究中出现的问题和未来发展方向和前景，为该领域的研究人员提供一些借鉴。

关键词: 网络空间安全, 加密流量, 分类, 深度学习, 机器学习

Abstract: In recent years, in order to protect the public privacy, a lot of traffic on the Internet is encrypted. The accuracy of traditional deep packet inspection and machine learning methods in the face of encrypted traffic has dropped significantly. With the application of deep learning automatic learning features, the encryption flow identification and classification technology based on deep learning algorithms have been rapidly developed. This article reviews these studies. First, this paper briefly introduces the application scenarios of encrypted traffic detection based on deep learning. Then, it summarizes and evaluates the existing works from three aspects: the use and construction of data sets, the detection model and the detection performance. The detection technology focuses on data preprocessing, unbalanced data set processing, neural network construction, real-time detection, etc. Finally, the problems in current research and future development directions and prospects are discussed, so as to provide some references for researchers in this field.

Key words: cyber security, encrypted traffic, classification, deep learning, machine learning

冷涛, . 基于深度学习的加密流量分类研究综述[J]. 计算机与现代化, 2021, 0(08): 112-120.

LENG Tao , . A Survey of Encrypted Traffic Classification Based on Deep Learning[J]. Computer and Modernization, 2021, 0(08): 112-120.

参考文献［52］

［1］	ROUGHAN M, SEN S, SPATSCHECK O, et al. Class-of-service mapping for QoS: A statistical signature-based approach to IP traffic classification［C］// Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement. 2004:135-148.
［2］	LASHKARI A H, GIL G D, MAMUN M S I, et al. Characterization of Tor traffic using time based features［C］// Proceedings of the 3rd International Conference on Information Systems Security and Privacy. 2017:253-262.
［3］	陈良臣,高曙,刘宝旭,等. 网络加密流量识别研究进展及发展趋势［J］. 信息网络安全, 2019(3):19-25.
［4］	SHAPIRA T, SHAVITT Y. Flowpic: Encrypted Internet traffic classification is as easy as image recognition［C］// IEEE Conference on Computer Communications Workshops. 2019:680-687.
［5］	SIRINAM P, IMANI M, JUAREZ M, et al. Deep fingerprinting: Undermining website fingerprinting defenses with deep learning［C］// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018:1928-1943.
［6］	DE LA CADENA W, MITSEVA A, HILLER J, et al. TrafficSliver: Fighting website fingerprinting attacks with traffic splitting［C］// Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020:1971-1985.
［7］	ABUSNAINA A, JANG R, KHORMALI A, et al. DFD: Adversarial learning-based approach to defend against website fingerprinting［C］// IEEE INFOCOM 2020-IEEE Conference on Computer Communications. 2020:2459-2468.
［8］	SHEN M, LIU Y T, CHEN S Q, et al. Fine-grained webpage fingerprinting using only packet length information of encrypted traffic［J］. IEEE Transactions on Information Forensics and Security, 2021,16:2046-2059.
［9］	SHEN M, ZHANG J P, ZHU L H, et al. Accurate decentralized application identification via encrypted traffic analysis using graph neural networks［J］. IEEE Transactions on Information Forensics and Security, 2021,16:2367-2380.
［10］	VAN EDE T, BORTOLAMEOTTI R, CONTINELLA A, et al. Flowprint: Semi-supervised mobile-app fingerprinting on encrypted network traffic［C］// Network and Distributed System Security Symposium. 2020.
［11］	BAHRAMALI A, HOUMANSADR A, SOLTANI R, et al. Practical traffic analysis attacks on secure messaging applications［C］// Network and Distributed System Security Symposium. 2020.
［12］	ZHANG W, MENG Y, LIU Y G, et al. Homonit: Monitoring smart home apps from encrypted traffic［C］// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018:1074-1088.
［13］	YU J L, LUO B, MA J, et al. You are what you broadcast: Identification of mobile and IoT devices from (public) WiFi［C］// The 29th USENIX Security Symposium. 2020:55-72.
［14］	WAN Y X, XU K, XUE G L, et al. IoTArgos: A multi-layer security monitoring system for Internet-of-Things in smart homes［C］// IEEE Conference on Computer Communications. 2020:874-883.
［15］	GU T B, FANG Z, ABHISHEK A, et al. IoTgaze: IoT security enforcement via wireless context analysis［C］// IEEE Conference on Computer Communications. 2020:884-893.
［16］	SIVAKORN S, JEE K, SUN Y X, et al. Countering malicious processes with process-DNS association［C］// Network and Distributed System Security Symposium. 2019.
［17］	YUAN B G, WANG J F, LIU D, et al. Byte-level malware classification based on markov images and deep learning［J］. Computers & Security, 2020,92:101740.
［18］	LEE I, ROH H, LEE W. Encrypted malware traffic detection using incremental learning［C］// IEEE Conference on Computer Communications Workshops. 2020:1348-1349.
［19］	NIU W N, XIE J, ZHANG X S, et al. HTTP-based APT malware infection detection using URL correlation analysis［J］. Security and Communication Networks, 2021, 2021:Article ID 6653386.
［20］	王伟. 基于深度学习的网络流量分类及异常检测方法研究［D］. 合肥:中国科学技术大学, 2018.
［21］	WANG P, CHEN X J, YE F, et al. A survey of techniques for mobile service encrypted traffic classification using deep learning［J］. IEEE Access, 2019,7:54024-54033.
［22］	TAHAEI H, AFIFI F, ASEMI A, et al. The rise of traffic classification in IoT networks: A survey［J］. Journal of Network and Computer Applications, 2020,154:102538.
［23］	LOPEZ-MARTIN M, CARRO B, SANCHEZ-ESGUEVILLAS A, et al. Network traffic classifier with convolutional and recurrent neural networks for Internet of things［J］. IEEE Access, 2017,5:18042-18050.
［24］	ZHANG J L, LI F H, YE F, et al. Autonomous unknown-application filtering and labeling for DL-based traffic classifier update［C］// IEEE Conference on Computer Communications. 2020:397-405.
［25］	ZHAO L X, CAI L J, YU A M, et al. Prototype-based malware traffic classification with novelty detection［C］// International Conference on Information and Communications Security. 2019:3-17.
［26］	KAMARUDIN M H, MAPLE C, WATSON T. Hybrid feature selection technique for intrusion detection system［J］. International Journal of High Performance Computing and Networking, 2019,13(2):232-240.
［27］	MIMURA M. Adjusting lexical features of actual proxy logs for intrusion detection［J］. Journal of Information Security and Applications, 2020,50:102408.
［28］	WANG P, LI S H, YE F, et al. PacketCGAN: Exploratory study of class imbalance for encrypted traffic classification using CGAN［C］// 2020 IEEE International Conference on Communications (ICC). 2020:1-7.
［29］	VU L, BUI C T, NGUYEN Q U. A deep learning based method for handling imbalanced problem in network traffic classification［C］// Proceedings of the 8th International Symposium on Information and Communication Technology. 2017:333-339.
［30］	REZAEI S, LIU X. How to achieve high classification accuracy with just a few labels: A semi-supervised approach using sampled packets［C］// The 19th Industrial Conference on Data Mining. 2019:28-42.
［31］	DONG C, ZHANG C, LU Z G, et al. CETAnalytics: Comprehensive effective traffic information analytics for encrypted traffic classification［J］. Computer Networks, 2020,176:107258
［32］	REZAEI S, LIU X. Multitask learning for network traffic classification［C］// 2020 29th International Conference on Computer Communications and Networks. 2020:1-9.
［33］	LIU C, HE L T, XIONG G, et al. FS-Net: A flow sequence network for encrypted traffic classification［C］// IEEE Conference on Computer Communications. 2019:1171-1179.
［34］	ILIYASU A S, DENG H F. Semi-supervised encrypted traffic classification with deep convolutional generative adversarial networks［J］. IEEE Access, 2020,8:118-126.
［35］	CUI S S, JIANG B, CAI Z Z, et al. A session-packets based encrypted traffic classification using capsule neural networks［C］// 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems(HPCC/SmartCity/DSS). 2019:429-436.
［36］	WANG Z Y. The applications of deep learning on traffic identification［C］// USA Black Hat Conference. 2015.
［37］	薛文龙,于炯,郭志琦,等. 基于特征融合卷积神经网络的端到端加密流量分类［J/OL］. 计算机工程与应用, 2020:1-10(2020-08-31)［2021-04-01］. https://kns. cnki.net/kcms/detail/detail.aspx?dbcode=CAPJ&dbname=CAPJLAST&-filename=JSGG20200828006&v=UVJbamaWiqNeLlKu75%25mmd2B2OAyy%25mmd2Buvg0UUSmvO5Qw-KCPmtt71xrsu U%25mmd2FDXGUWziwd%25mmd2BSl.
［38］	范聂霏. 基于卷积神经网络的流量分类方法研究［M］. 武汉：华中师范大学, 2020.
［39］	WANG W, SHENG Y Q, WANG J L, et al. HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection［J］. IEEE Access, 2017,6:1792-1806.
［40］	ACETO G, CIUONZO D, MONTIERI A, et al. Mobile encrypted traffic classification using deep learning［C］// IEEE/ACM Network Traffic Measurement and Analysis Conference. 2018:1-8.
［41］	WANG W, ZHU M, WANG J L, et al. End-to-end encrypted traffic classification with one-dimensional convolution neural networks［C］// 2017 IEEE International Conference on Intelligence and Security Informatics. 2017:43-48.
［42］	CHEN Z T, HE K, LI J, et al. Seq2Img: A sequence-to-image based approach towards IP traffic classification using convolutional neural networks［C］// 2017 IEEE International Conference on Big Data. 2017:1271-1276.
［43］	LOTFOLLAHI M, ZADE R S H， SIAVOSHANI M J, et al. Deep packet: A novel approach for encrypted traffic classification using deep learning［J］. Soft Computing, 2020,24(3):1999-2012.
［44］	HOCHST J, BAUMGARTNER L, HOLLICK M, et al. Unsupervised traffic flowclassification using a neural autoencoder［C］// 2017 IEEE 42nd Conference on Local Computer Networks. 2017:523-526.
［45］	DRAPER-GIL G， LASHKARI A H， MAMUN M S I, et al. Characterization of encrypted and VPN traffic using time-related features［C］// Proceedings of the 2nd International Conference on Information Systems Security and Privacy. 2016:407-414.
［46］	LIM H K, KIM J B, HEO J S, et al. Packet-based network traffic classification using deep learning［C］// The 1st International Conference on Artificial Intelligence in Information and Communication. 2019:46-51.
［47］	HASIBI R， SHOKRI M， DEHGHAN M. Augmentation scheme for dealing with imbalanced network traffic classification using deep learning［J］. Arxiv Preprint Arxiv:1901.00204, 2019.
［48］	LI D, ZHU Y F, LIN W. Traffic identification of mobile apps based on variational autoencoder network［C］// 2017 13th International Conference on Computational Intelligence and Security. 2017:287-291.
［49］	ZHANG H P, WU C Q, GAO S, et al. An effective deep learning based scheme for network intrusion detection［C］// 2018 24th International Conference on Pattern Recognition. 2018:682-687.
［50］	AYGUN R C, YAVUZ A G. Network anomaly detection with stochastically improved autoencoder based models［C］// 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing. 2017:193-198.
［51］	ZENG Y, GU H X, WEI W T, et al. Deep-Full-Rang: A deep learning based network enerypted traffic classification and intrusion detection framework［J］. IEEE Access, 2019,7:45182-45190.
［52］	ZOU Z, GE J G, ZHENG H B, et al. Encrypted traffic classification with a convolutional long short-term memory neural network［C］// 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). 2018:329-334.

[1]	胡崇佳, 刘金洲, 方立. 基于无监督域适应的室外点云语义分割[J]. 计算机与现代化, 2024, 0(01): 74-79.
[2]	孟娜, 方维维, 路红英. 一种面向微控制器上环境声音分类的DNN压缩方法[J]. 计算机与现代化, 2024, 0(01): 80-86.
[3]	林威. 基于自监督学习和数据回放的新闻推荐模型增量学习方法[J]. 计算机与现代化, 2023, 0(12): 1-6.
[4]	梁天恺, 黄康华, 刘凯航, 兰岚, 曾碧. 基于双向同态加密的深度联邦图片分类方法[J]. 计算机与现代化, 2023, 0(12): 36-40.
[5]	邱凯星, 冯广. 基于双重特征注意力的多标签图像分类模型[J]. 计算机与现代化, 2023, 0(12): 41-47.
[6]	张伯泉, 麦海鹏, 陈嘉敏, 逄锦聚. 基于高灰度值注意力机制的脑白质高信号分割[J]. 计算机与现代化, 2023, 0(12): 67-75.
[7]	唐诗琪, 周瑞平, 谢仕斌, 刘梦赤, 肖文, . 基于栈式降噪编码器的跨语言多标签情感分类[J]. 计算机与现代化, 2023, 0(11): 6-12.
[8]	马泽宇, 叶宁, 徐康, 王甦, 王汝传, . 基于FMCW雷达和ResNeSt-GRU的行为识别方法[J]. 计算机与现代化, 2023, 0(11): 101-107.
[9]	贾潇瑶, . 融合CatBoost和SHAP的乳腺癌预测及特征分析[J]. 计算机与现代化, 2023, 0(10): 32-38.
[10]	李延满, 王必恒, 赵羚焱. 基于轻量化YOLOv5的安全帽检测[J]. 计算机与现代化, 2023, 0(10): 59-64.
[11]	黎世达, 项剑文. 一种提高图像识别模型鲁棒性的弱化强化方法[J]. 计算机与现代化, 2023, 0(10): 70-76.
[12]	沈加炜, 陆一鸣, 陈晓艺, 钱美玲, 陆卫忠, . 基于深度学习的人体行为检测方法研究综述[J]. 计算机与现代化, 2023, 0(09): 1-9.
[13]	吴甜, 刘海华, 童顺延. 基于深度反馈的卷积神经网络的图像分类[J]. 计算机与现代化, 2023, 0(09): 82-86.
[14]	刘禅奕, 黄丹, 薛林雁, 王涛, 朱桃, . 改进EfficientNet网络的COVID-19 X光分类[J]. 计算机与现代化, 2023, 0(09): 94-99.
[15]	马国祥, 杨凌菲, 严传波, 张志豪, 孙彬, 王晓荣. 基于深度DenseNet网络的肝包虫病超声影像诊断方法[J]. 计算机与现代化, 2023, 0(09): 100-104.