基于RBF神经网络的可信加密流量分类方法

摘要/Abstract

摘要： 网络流量分类广泛应用于网络资源分配、流量调度、入侵检测系统等研究领域。随着加密协议的普及和网络流量快速发展，基于深度学习的流量分类器由于其自动提取特征的特性和较高的分类准确性，逐渐受到科研人员的重视，但是面向网络流量分类的可信程度方面却不曾有研究。本文提出一种基于RBF神经网络对加密网络流量进行可信分类的方法。所提算法建立在RBF网络的思想上并采用一种新的损失函数和质心更新方案来进行训练，通过使用梯度惩罚强制检测输入的变化，能够有效地检测分布外的数据。在2个公共的ISCX VPN-nonVPN和USTC-TFC2016流量数据集上，与同类算法相比，所提算法取得了最好的分布外检测结果，在AUROC指标上达到98.55%。实验结果表明所提算法在具有较高分类性能的同时，能够有效地检测出分布外的流量数据，从而提高流量分类的可信性。

关键词: 流量分类, 深度学习, 不确定性估计, 梯度惩罚, 分布外检测

Abstract: Network traffic classification is widely used in research fields such as network resource allocation, traffic scheduling and intrusion detection systems. With the popularization of encryption protocols and the rapid development of network traffic, the traffic classifier based on deep learning has gradually attracted the attention of researchers due to its feature of automatically extracting features and high classification accuracy. But there has been no research on the credibility of network traffic classification. This article proposes a trustworthy deep learning model to classify encrypted network traffic. The proposed algorithm is based on the idea of RBF network and uses a new loss function and centroid update scheme for training. By using gradient penalty to force detection of input changes, it can effectively detect out-of-distribution data. On the two public ISCX VPN-nonVPN and USTC-TFC2016 traffic data sets, the proposed algorithm achieves 98.55% of the AUROC index, and has achieved the best out-of-distribution detection effect compared with similar algorithms. Extensive experimental results show that the proposed algorithm has high classification performance and can effectively detect out-of-distribution traffic data, which improves the credibility of the traffic classification model.

Key words: traffic classification, deep learning, uncertainty estimate, gradient penalty, out-of-distribution detection

张晓航, 李政, 朱晓明, 张海锋, 赵博宇. 基于RBF神经网络的可信加密流量分类方法[J]. 计算机与现代化, 2022, 0(02): 45-51.

ZHANG Xiao-hang, LI Zheng, ZHU Xiao-ming, ZHANG Hai-feng, ZHAO Bo-yu. Trustworthy Encryption Traffic Classification Method Based on RBF Neural Network[J]. Computer and Modernization, 2022, 0(02): 45-51.

参考文献［33］

［1］	BAGUI S, FANG X G, KALAIMANNAN E, et al. Comparison of machine-learning algorithms for classification of VPN network traffic flow using time-related features［J］. Journal of Cyber Security Technology, 2017,1(2):108-126.
［2］	ACETO G, CIUONZO D, MONTIERI A, et al. DISTILLER: Encrypted traffic classification via multimodal multitask deep learning［J］. Journal of Network and Computer Applications, 2021,183-184:102985.
［3］	REZAEI S, LIU X. Deep learning for encrypted traffic classification: An overview ［J］. IEEE Communications Magazine, 2019,57(5):76-81.
［4］	FINSTERBUSCH M, RICHTER C, ROCHA E, et al. A survey of payload-based traffic classification approaches［J］. IEEE Communications Surveys & Tutorials, 2013,16(2):1135-1156.
［5］	PARK J S, YOON S H, KIM M S. Performance improvement of payload signature-based traffic classification system using application traffic temporal locality［C］// 2013 15th Asia-Pacific Network Operations and Management Symposium(APNOMS). 2013:1-6.
［6］	DI MAURO M, LONGO M. Revealing encrypted WebRTC traffic via machine learning tools［C］// 2015 12th International Joint Conference on e-Business and Telecommunications(ICETE). 2015,4:259-266.
［7］	WANG W, ZHU M, WANG J L, et al. End-to-end encrypted traffic classification with one-dimensional convolution neural networks［C］// 2017 IEEE International Conference on Intelligence and Security Informatics(ISI). 2017:43-48.〖HJ0.8mm〗
［8］	BENGIO Y, COURVILLE A, VINCENT P. Representation learning: A review and new perspectives［J］. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2013,35(8):1798-828.
［9］	GOODFELLOW I J, SHLENS J, SZEGEDY C. Explaining and harnessing adversarial examples［J］. arXiv preprint arXiv:1412.6572, 2014.
［10］	NGUYEN A, YOSINSKI J, CLUNE J. Deep neural networks are easily fooled: High confidence predictions for unrecognizable images［C］// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2015:427-436.
［11］	LECUN Y, BOTTOU L, BENGIO Y, et al. Gradient-based learning applied to document recognition［J］. Proceedings of the IEEE, 1998,86(11):2278-2324.
［12］	VAN DEN OORD A, VINYALS O, KAVUKCUOGLU K. Neural discrete representation learning［C］// Proceedings of the 31st International Conference on Neural Information Processing Systems. 2017:6309-6318.
［13］	KUMANO Y, ATA S, NAKAMURA N, et al. Towards real-time processing for application identification of encrypted traffic［C］// 2014 International Conference on Computing, Networking and Communications(ICNC). 2014:136-140.
［14］	COULL S E, DYER K P. Traffic analysis of encrypted messaging services: Apple iMessage and beyond［J］. ACM SIGCOMM Computer Communication Review, 2014,44(5):6-11.
［15］	BAR-YANAI R, LANGBERG M, PELEG D, et al. Realtime classification for encrypted traffic［C］// International Symposium on Experimental Algorithms. 2010:373-385.
［16］	WANG D W, ZHANG L S, YUAN Z L, et al. Characterizing application behaviors for classifying P2P traffic［C］// 2014 International Conference on Computing, Networking and Communications(ICNC). 2014:21-25.
［17］	DRAPER-GIL G, LASHKARI A H, MAMUN M S I, et al. Characterization of encrypted and vpn traffic using time-related［C］// Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP). 2016:407-414.
［18］	CROTTI M, DUSI M, GRINGOLI F, et al. Traffic classification through simple statistical fingerprinting［J］. ACM SIGCOMM Computer Communication Review, 2007,37(1):5-16.
［19］	YAMANSAVASCILAR B, GUVENSAN M A, YAVUZ A G, et al. Application identification via network traffic classification［C］// 2017 International Conference on Computing, Networking and Communications (ICNC). 2017:843-848.
［20］	WANG P, CHEN X J, YE F, et al. A survey of techniques for mobile service encrypted traffic classification using deep learning［J］. IEEE Access, 2019,7:54024-54033.
［21］	WANG Z Y. The applications of deep learning on traffic identification［J］. BlackHat USA, 2015,24(11).
［22］	WANG W, ZHU M, ZENG X W, et al. Malware traffic classification using convolutional neural network for representation learning［C］// 2017 International Conference on Information Networking (ICOIN). 2017:712-717.
［23］	LOPEZ-MARTIN M, CARRO B, SANCHEZ-ESGUEVILLAS A, et al. Network traffic classifier with convolutional and recurrent neural networks for internet of things［J］. IEEE Access, 2017,5:18042-18050.
［24］	LOTFOLLAHI M, SIAVOSHANI M J, ZADE R S H, et al. Deep packet: A novel approach for encrypted traffic classification using deep learning［J］. Soft Computing, 2020,24(3):1999-2012.
［25］	REZAEI S, LIU X. Multitask learning for network traffic classification［C］// 2020 29th International Conference on Computer Communications and Networks(ICCCN). 2020.
［26］	HUANG H, DENG H J, CHEN J, et al. Automatic multi-task learning system for abnormal network traffic detection［J］. International Journal of Emerging Technologies in Learning, 2018,13(4):4-20.
［27］	DRUCKER H, LE CUN Y. Improving generalization performance using double backpropagation［J］. IEEE Transactions on Neural Networks, 1992,3(6):991-997.
［28］	GULRAJANI I, AHMED F, ARJOVSKY M, et al. Improved training of wasserstein GANs［C］// Proceedings of the 31st International Conference on Neural Information Processing. 2017:5769-5779.
［29］	HENDRYCKS D, GIMPEL K. A baseline for detecting misclassified and out-of-distribution examples in neural networks［J］. arXiv preprint arXiv:1610.02136, 2016.
［30］	GAL Y, GHAHRAMANI Z. Dropout as a bayesian approximation: Representing model uncertainty in deep learning［C］// International Conference on Machine Learning. 2016:1050-1059.
［31］	LAKSHMINARAYANAN B, PRITZEL A, BLUNDELL C. Simple and scalable predictive uncertainty estimation using deep ensembles［J］. arXiv preprint arXiv:1612.01474, 2016.
［32］	GARDNER M W, DORLING S R. Artificial neural networks (the multilayer perceptron)—a review of applications in the atmospheric sciences［J］. Atmospheric Environment, 1998,32(14-15):2627-2636.
［33］	KRIZHEVSKY A, SUTSKEVER I, HINTON G E. Imagenet classification with deep convolutional neural networks［C］// International Conference on Neural Information Processing Systems. 2012:1097-1105.

[1]	胡崇佳, 刘金洲, 方立. 基于无监督域适应的室外点云语义分割[J]. 计算机与现代化, 2024, 0(01): 74-79.
[2]	林威. 基于自监督学习和数据回放的新闻推荐模型增量学习方法[J]. 计算机与现代化, 2023, 0(12): 1-6.
[3]	梁天恺, 黄康华, 刘凯航, 兰岚, 曾碧. 基于双向同态加密的深度联邦图片分类方法[J]. 计算机与现代化, 2023, 0(12): 36-40.
[4]	邱凯星, 冯广. 基于双重特征注意力的多标签图像分类模型[J]. 计算机与现代化, 2023, 0(12): 41-47.
[5]	张伯泉, 麦海鹏, 陈嘉敏, 逄锦聚. 基于高灰度值注意力机制的脑白质高信号分割[J]. 计算机与现代化, 2023, 0(12): 67-75.
[6]	马泽宇, 叶宁, 徐康, 王甦, 王汝传, . 基于FMCW雷达和ResNeSt-GRU的行为识别方法[J]. 计算机与现代化, 2023, 0(11): 101-107.
[7]	李延满, 王必恒, 赵羚焱. 基于轻量化YOLOv5的安全帽检测[J]. 计算机与现代化, 2023, 0(10): 59-64.
[8]	黎世达, 项剑文. 一种提高图像识别模型鲁棒性的弱化强化方法[J]. 计算机与现代化, 2023, 0(10): 70-76.
[9]	沈加炜, 陆一鸣, 陈晓艺, 钱美玲, 陆卫忠, . 基于深度学习的人体行为检测方法研究综述[J]. 计算机与现代化, 2023, 0(09): 1-9.
[10]	刘禅奕, 黄丹, 薛林雁, 王涛, 朱桃, . 改进EfficientNet网络的COVID-19 X光分类[J]. 计算机与现代化, 2023, 0(09): 94-99.
[11]	马国祥, 杨凌菲, 严传波, 张志豪, 孙彬, 王晓荣. 基于深度DenseNet网络的肝包虫病超声影像诊断方法[J]. 计算机与现代化, 2023, 0(09): 100-104.
[12]	农皓程, 任德均, 任秋霖, 刘澎笠, 黄德成. 基于改进ConvNeXt的软塑包装表面异常检测算法[J]. 计算机与现代化, 2023, 0(08): 12-17.
[13]	欧阳飞, 吴旭, 向东升. 基于改进YOLOX的垃圾分类检测方法[J]. 计算机与现代化, 2023, 0(08): 68-73.
[14]	胡睿杰, 车逗. 红外小目标检测方法综述[J]. 计算机与现代化, 2023, 0(08): 79-86.
[15]	江蕾, 唐建, 杨超越, 吕婷婷. 基于CWGAN-GP与CNN的轴承故障诊断方法[J]. 计算机与现代化, 2023, 0(07): 1-6.