Research on Technology of Encrypted Traffic Identification Based on Traffic Features
|School||Harbin Institute of Technology|
|Course||Computer Science and Technology|
|Keywords||Encrypted Traffic Identification Traffic Features Chi-square Test Machine Learning|
With the rapid development of network technology, user privacy is paid moreattention to. Encryption techniques are widely used in various softwares andprotocols. However, there are some people who use encryption techniques to hidetheir malicious actions or illegal operations in order to avoid the firewall detection.Thus distinguishing malicious traffic from the normal traffic is playing an importantrole in maintaining the network security.After further study of the encrypted traffic and traffic features, we propose atraffic identification method based on traffic features. Based on this method, wedesign and build an encrypted traffic identification system based on traffic features.The main contents of the research are shown below.1. The paper analyzes and summarizes the common methods of trafficidentification. We describe the principles and realization of the payload randomnessbased traffic identification, machine learning based traffic identification, payloadbased traffic identification, packet size distribution based traffic identification. In thetraffic identification based on payload randomness, we choose Chi-square Test tocomplete the payload randomness test. In the traffic identification based on machinelearning, we choose C4.5decision tree classification method to build theclassification model.2. On the basis of the above traffic identification research, we propose anefficient encrypted traffic identification method. Our method combines above fourtraffic identification methods, makes full use of each traffic identification method’sadvantages by adding weighted factors. Experiments show that our method is veryefficient. According to our encrypted traffic identification method, we design andrealize a traffic features based encrypted traffic identification system.3. We evaluate the efficiency and performance of the traffic features basedencrypted traffic identification system. During the evaluation process, we alsoevaluate above four traffic identification methods used in the encrypted traffic identification module. All results show that our system is practical and accurate.