基于RBF神经网络的可信加密流量分类方法

摘要/Abstract

摘要： 网络流量分类广泛应用于网络资源分配、流量调度、入侵检测系统等研究领域。随着加密协议的普及和网络流量快速发展，基于深度学习的流量分类器由于其自动提取特征的特性和较高的分类准确性，逐渐受到科研人员的重视，但是面向网络流量分类的可信程度方面却不曾有研究。本文提出一种基于RBF神经网络对加密网络流量进行可信分类的方法。所提算法建立在RBF网络的思想上并采用一种新的损失函数和质心更新方案来进行训练，通过使用梯度惩罚强制检测输入的变化，能够有效地检测分布外的数据。在2个公共的ISCX VPN-nonVPN和USTC-TFC2016流量数据集上，与同类算法相比，所提算法取得了最好的分布外检测结果，在AUROC指标上达到98.55%。实验结果表明所提算法在具有较高分类性能的同时，能够有效地检测出分布外的流量数据，从而提高流量分类的可信性。

关键词: 流量分类, 深度学习, 不确定性估计, 梯度惩罚, 分布外检测

Abstract: Network traffic classification is widely used in research fields such as network resource allocation, traffic scheduling and intrusion detection systems. With the popularization of encryption protocols and the rapid development of network traffic, the traffic classifier based on deep learning has gradually attracted the attention of researchers due to its feature of automatically extracting features and high classification accuracy. But there has been no research on the credibility of network traffic classification. This article proposes a trustworthy deep learning model to classify encrypted network traffic. The proposed algorithm is based on the idea of RBF network and uses a new loss function and centroid update scheme for training. By using gradient penalty to force detection of input changes, it can effectively detect out-of-distribution data. On the two public ISCX VPN-nonVPN and USTC-TFC2016 traffic data sets, the proposed algorithm achieves 98.55% of the AUROC index, and has achieved the best out-of-distribution detection effect compared with similar algorithms. Extensive experimental results show that the proposed algorithm has high classification performance and can effectively detect out-of-distribution traffic data, which improves the credibility of the traffic classification model.

Key words: traffic classification, deep learning, uncertainty estimate, gradient penalty, out-of-distribution detection

张晓航, 李政, 朱晓明, 张海锋, 赵博宇. 基于RBF神经网络的可信加密流量分类方法[J]. 计算机与现代化, 2022, 0(02): 45-51.

ZHANG Xiao-hang, LI Zheng, ZHU Xiao-ming, ZHANG Hai-feng, ZHAO Bo-yu. Trustworthy Encryption Traffic Classification Method Based on RBF Neural Network[J]. Computer and Modernization, 2022, 0(02): 45-51.

参考文献

［1］ BAGUI S, FANG X G, KALAIMANNAN E, et al. Comparison of machine-learning algorithms for classification of VPN network traffic flow using time-related features［J］. Journal of Cyber Security Technology, 2017,1(2):108-126.
［2］ ACETO G, CIUONZO D, MONTIERI A, et al. DISTILLER: Encrypted traffic classification via multimodal multitask deep learning［J］. Journal of Network and Computer Applications, 2021,183-184:102985.
［3］ REZAEI S, LIU X. Deep learning for encrypted traffic classification: An overview ［J］. IEEE Communications Magazine, 2019,57(5):76-81.
［4］ FINSTERBUSCH M, RICHTER C, ROCHA E, et al. A survey of payload-based traffic classification approaches［J］. IEEE Communications Surveys & Tutorials, 2013,16(2):1135-1156.
［5］ PARK J S, YOON S H, KIM M S. Performance improvement of payload signature-based traffic classification system using application traffic temporal locality［C］// 2013 15th Asia-Pacific Network Operations and Management Symposium(APNOMS). 2013:1-6.
［6］ DI MAURO M, LONGO M. Revealing encrypted WebRTC traffic via machine learning tools［C］// 2015 12th International Joint Conference on e-Business and Telecommunications(ICETE). 2015,4:259-266.
［7］ WANG W, ZHU M, WANG J L, et al. End-to-end encrypted traffic classification with one-dimensional convolution neural networks［C］// 2017 IEEE International Conference on Intelligence and Security Informatics(ISI). 2017:43-48.〖HJ0.8mm〗
［8］ BENGIO Y, COURVILLE A, VINCENT P. Representation learning: A review and new perspectives［J］. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2013,35(8):1798-828.
［9］ GOODFELLOW I J, SHLENS J, SZEGEDY C. Explaining and harnessing adversarial examples［J］. arXiv preprint arXiv:1412.6572, 2014.
［10］NGUYEN A, YOSINSKI J, CLUNE J. Deep neural networks are easily fooled: High confidence predictions for unrecognizable images［C］// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2015:427-436.
［11］LECUN Y, BOTTOU L, BENGIO Y, et al. Gradient-based learning applied to document recognition［J］. Proceedings of the IEEE, 1998,86(11):2278-2324.
［12］VAN DEN OORD A, VINYALS O, KAVUKCUOGLU K. Neural discrete representation learning［C］// Proceedings of the 31st International Conference on Neural Information Processing Systems. 2017:6309-6318.
［13］KUMANO Y, ATA S, NAKAMURA N, et al. Towards real-time processing for application identification of encrypted traffic［C］// 2014 International Conference on Computing, Networking and Communications(ICNC). 2014:136-140.
［14］COULL S E, DYER K P. Traffic analysis of encrypted messaging services: Apple iMessage and beyond［J］. ACM SIGCOMM Computer Communication Review, 2014,44(5):6-11.
［15］BAR-YANAI R, LANGBERG M, PELEG D, et al. Realtime classification for encrypted traffic［C］// International Symposium on Experimental Algorithms. 2010:373-385.
［16］WANG D W, ZHANG L S, YUAN Z L, et al. Characterizing application behaviors for classifying P2P traffic［C］// 2014 International Conference on Computing, Networking and Communications(ICNC). 2014:21-25.
［17］DRAPER-GIL G, LASHKARI A H, MAMUN M S I, et al. Characterization of encrypted and vpn traffic using time-related［C］// Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP). 2016:407-414.
［18］CROTTI M, DUSI M, GRINGOLI F, et al. Traffic classification through simple statistical fingerprinting［J］. ACM SIGCOMM Computer Communication Review, 2007,37(1):5-16.
［19］YAMANSAVASCILAR B, GUVENSAN M A, YAVUZ A G, et al. Application identification via network traffic classification［C］// 2017 International Conference on Computing, Networking and Communications (ICNC). 2017:843-848.
［20］WANG P, CHEN X J, YE F, et al. A survey of techniques for mobile service encrypted traffic classification using deep learning［J］. IEEE Access, 2019,7:54024-54033.
［21］WANG Z Y. The applications of deep learning on traffic identification［J］. BlackHat USA, 2015,24(11).
［22］WANG W, ZHU M, ZENG X W, et al. Malware traffic classification using convolutional neural network for representation learning［C］// 2017 International Conference on Information Networking (ICOIN). 2017:712-717.
［23］LOPEZ-MARTIN M, CARRO B, SANCHEZ-ESGUEVILLAS A, et al. Network traffic classifier with convolutional and recurrent neural networks for internet of things［J］. IEEE Access, 2017,5:18042-18050.
［24］LOTFOLLAHI M, SIAVOSHANI M J, ZADE R S H, et al. Deep packet: A novel approach for encrypted traffic classification using deep learning［J］. Soft Computing, 2020,24(3):1999-2012.
［25］REZAEI S, LIU X. Multitask learning for network traffic classification［C］// 2020 29th International Conference on Computer Communications and Networks(ICCCN). 2020.
［26］HUANG H, DENG H J, CHEN J, et al. Automatic multi-task learning system for abnormal network traffic detection［J］. International Journal of Emerging Technologies in Learning, 2018,13(4):4-20.
［27］DRUCKER H, LE CUN Y. Improving generalization performance using double backpropagation［J］. IEEE Transactions on Neural Networks, 1992,3(6):991-997.
［28］GULRAJANI I, AHMED F, ARJOVSKY M, et al. Improved training of wasserstein GANs［C］// Proceedings of the 31st International Conference on Neural Information Processing. 2017:5769-5779.
［29］HENDRYCKS D, GIMPEL K. A baseline for detecting misclassified and out-of-distribution examples in neural networks［J］. arXiv preprint arXiv:1610.02136, 2016.
［30］GAL Y, GHAHRAMANI Z. Dropout as a bayesian approximation: Representing model uncertainty in deep learning［C］// International Conference on Machine Learning. 2016:1050-1059.
［31］LAKSHMINARAYANAN B, PRITZEL A, BLUNDELL C. Simple and scalable predictive uncertainty estimation using deep ensembles［J］. arXiv preprint arXiv:1612.01474, 2016.
［32］GARDNER M W, DORLING S R. Artificial neural networks (the multilayer perceptron)—a review of applications in the atmospheric sciences［J］. Atmospheric Environment, 1998,32(14-15):2627-2636.
［33］KRIZHEVSKY A, SUTSKEVER I, HINTON G E. Imagenet classification with deep convolutional neural networks［C］// International Conference on Neural Information Processing Systems. 2012:1097-1105.

[1]	祁贤, 刘大铭, 常佳鑫. 基于改进自注意力机制的多视图三维重建[J]. 计算机与现代化, 2024, 0(11): 106-112.
[2]	陈凯1, 李宜汀1, 2, 全华凤1 . 基于改进YOLOv8的河道废弃瓶检测方法[J]. 计算机与现代化, 2024, 0(11): 113-120.
[3]	杨骏1, 胡为1, 朱文福2. 基于改进MobileNetV3的视觉SLAM回环检测算法[J]. 计算机与现代化, 2024, 0(10): 21-26.
[4]	王莹莹, 郝潇. 基于Res2Net和递归门控卷积的细粒度图像分类[J]. 计算机与现代化, 2024, 0(10): 74-79.
[5]	史星宇1, 李强2, 庄莉3, 梁懿3, 王秋琳3, 陈锴3, 伍臣周3, 常胜1. 一种面向工业部署的目标检测模型蒸馏技术[J]. 计算机与现代化, 2024, 0(10): 93-99.
[6]	张泽1, 张建权2, 3, 周国鹏2, 3. 基于改进YOLOv8s的摄像头模组缺陷检测[J]. 计算机与现代化, 2024, 0(09): 107-113.
[7]	程亚子1, 雷亮1, 2, 陈瀚1, 赵毅然1. 基于转置注意力的多尺度深度融合单目深度估计[J]. 计算机与现代化, 2024, 0(09): 121-126.
[8]	程萌, 李浩. 改进YOLOv5s的落叶树鸟巢检测方法[J]. 计算机与现代化, 2024, 0(08): 24-29.
[9]	王梦溪, 李峻. 老年人跌倒检测技术研究综述[J]. 计算机与现代化, 2024, 0(08): 30-36.
[10]	时现伟1, 范鑫2. 基于轻量化的视频帧场景语义分割方法[J]. 计算机与现代化, 2024, 0(08): 49-53.
[11]	徐新爱, 李钢. 基于DCGAN的课堂表情图像生成方法[J]. 计算机与现代化, 2024, 0(08): 88-91.
[12]	高帅鹏, 王怡凡. 基于图像的群体情绪识别综述[J]. 计算机与现代化, 2024, 0(08): 98-107.
[13]	黄文栋, 王怡凡. 基于模态类别的多模态信息处理与融合综述[J]. 计算机与现代化, 2024, 0(07): 47-62.
[14]	武丽1, 张征浩2, 葛彩成2, 俞俊2. 基于改进SCNN网络的车道线检测算法[J]. 计算机与现代化, 2024, 0(07): 87-92.
[15]	张可1, 艾中良2, 刘忠麟3, 顾平莉1, 刘学林4. 基于多元组匹配损失的司法论辩理解方法[J]. 计算机与现代化, 2024, 0(06): 115-120.