Application of Fusion Model of GBDT and LR in Encrypted Traffic Identification

doi:10.3969/j.issn.1006-2475.2020.03.018

Abstract

Abstract: With the diversification of network application service types and the continuous development of traffic encryption technology, encrypted traffic identification has become a major challenge in the field of network security. Traditional traffic identification techniques, such as deep packet inspection, cannot effectively identify encrypted traffic, while the identification technology based on machine learning theory has shown good results. For this, an optimized encrypted traffic classification model based on the fusion of GBDT and LR is proposed, in which Bayesian optimization (BO) algorithm is used for hyperparameter tuning. By using the time-related flow features to identify common encrypted traffic and VPN encrypted traffic, it obtains an overall accuracy more than 90%, which gets better recognition effect than other common classification models.

Key words: encrypted traffic identification, GBDT (Gradient Boosting Decision Tree), LR (Logistic Regression), flow features, Bayesian optimization

CLC Number:

TP393.08

WANG Yao, LI Wei, WU Ke-he, CUI Wen-chao. Application of Fusion Model of GBDT and LR in Encrypted Traffic Identification[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2020.03.018.

References

［1］ FAHMIDA Y R. Encryption, Privacy in the Internet Trends Report［EB/OL］.(2019-06-12)［2019-08-01］. https://duo.com/decipher/encryption-privacy-in-the-internet-trends-report.
［2］ KARAGIANNIS T, BROIDO A, FALOUTSOS M, et al. Transport layer identification of P2P traffic［C］// Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement. 2004:121-134.
［3］ TAO L H, LIU G J, LIU W W, et al. Packet signature mining for application identification using an improved Apriori algorithm［C］// IEEE International Conference on Progress in Informatics & Computing. 2015.
［4］ PAXSON V. Growth trends in wide-area TCP connections［J］. IEEE Network, 1994,8(4):8-17.
［5］ PAXSON V.Empirically derived analytic models of wide-area TCP connections［J］. IEEE/ACM Transactions on Networking, 1994,2(4):316-336.
［6］ ESTE A, GRINGOLI F, SALGARELLI L. Support vector machines for TCP traffic classification［J］. Computer Networks, 2009,53(14):2476-2490.
［7］王勇,周慧怡,俸皓,等. 基于深度卷积神经网络的网络流量分类方法［J］. 通信学报, 2018,39(1):14-23.
［8］ KARAGIANNIS T, PAPAGIANNAKI K, FALOUTSOS M. BLINC: Multilevel traffic classification in the dark［C］// Proceedings of ACM SIGCOMM 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. 2005:229-240.
［9］ ERMAN J, ARLITT M F, MAHANTI A. Traffic classification using clustering algorithms［C］// Proceedings of 2006 SIGCOMM Workshop on Mining Network Data. 2006:281-286.
［10］ZANDER S, NGUYEN T, ARMITAGE G. Automated traffic classification and application identification using machine learning［C］// Proceedings of IEEE Conference on Local Computer Networks. 2005:250-257.
［11］CHEESEMAN P, STUTZ J. Bayesian classification(AutoClass): Theory and results［J］. Advances in Knowledge Discovery & Data Mining, 1996,180:153-180.
［12］YANG C H, WANG F, HUANG B X. Internet traffic classification using DBSCAN［C］// WASE International Conference on Information Engineering. 2009,2:163-166.
［13］BERNAILLE L, TEIXEIRA R, AKODKENOU I, et al. Traffic classification on the fly［J］. ACM SIGCOMM Computer Communication Review, 2006,36(2):23-26.
［14］ERMAN J, MAHANTI A, ARLITT M F, et al. Identifying and discriminating between Web and peer-to-peer traffic in the network core［C］// International Conference on World Wide Web. 2007:883-892.
［15］ERMAN J, MAHANTI A, ARLITT M, et al. Semi-supervised network traffic classification［J］. ACM SIGMETRICS Performance Evaluation Review, 2007,35(1):369-370.
［16］LASHKARI A H, DRAPER GIL G D, MAMUN M S I, et al. Characterization of encrypted and VPN traffic using time-related features［C］// International Conference on Information Systems Security and Privacy. 2016:94-98．
［17］周志华. 机器学习［M］. 北京:清华大学出版社, 2016.
［18］FRIEDMAN J H. Greedy function approximation: A gradient boosting machine［J］. The Annals of Statistics, 2001,29(5):1189-1232.
［19］〖JP3〗HE X R, PAN J F, JIN O, et al. Practical lessons from predicting clicks on Ads at Facebook［C］// The 8th InternationalWorkshop on Data Mining for Online Advertising. 2014:1-9.
［20］MOORE A, ZUEV D, CROGAN M, et al. Discriminators for Use in Flow-based Classification［M］. London: Queen Mary and Westfield College Press， 2005.
［21］MCGREGOR A, HALL M, LORIER P, et al. Flow clustering using machine learning techniques［C］// International Workshop on Passive and Active Network Measurement. 2004:205-214.
［22］BERGSTRA J, KOMER B, ELIASMITH C, et al. Hyperopt: A Python library for model selection and hyperparameter optimization［J］. Computational Science & Discovery, 2015,8(1):014008.
［23］BERGSTRA J, BARDENET R, BENGIO Y, et al. Algorithms for hyper-parameter optimization［C］// Proceedings of the 24th International Conference on Neural Information Processing Systems. 2011:2546-2554.

[1]	JI Xin-cheng, WANG Yan-kai, ZHANG Ying, XU Yan-jie. Prediction of Bayesian Optimized Gradient Boosting Tree for Interior Natural Illuminance Distribution [J]. Computer and Modernization, 2023, 0(09): 44-50.
[2]	LIU Fu-qian, QIN Hua-ni, LAI Hui-hui. Person-post Matching Adj-LightGBM Algorithm Based on SMOTE and Bayesian Optimization [J]. Computer and Modernization, 2023, 0(03): 90-95.
[3]	XIA Yi-chun, LI Wang-gen, LI Dou-dou, GE Ying-kui, WANG Zhi-ge. CTR Prediction Model Combining Attention Mechanism and Graph Neural Network [J]. Computer and Modernization, 2023, 0(03): 29-37.
[4]	WU Ke-he, ZHANG Ying, CUI Wen-chao, CHENG Rui. A MQTT Abnormal Traffic Detection Method Based on Random Forest Algorithm [J]. Computer and Modernization, 2021, 0(01): 61-64.
[5]	WU Hai-yun. Discrimination of Injection and Production Connection Based on MLP and Sobol [J]. Computer and Modernization, 2020, 0(03): 40-.