Dissertation
Dissertation > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer networks, test , run

Research on Technology of Encrypted Traffic Identification Based on Traffic Features

Author ZhangBo
Tutor YuXiangZhan
School Harbin Institute of Technology
Course Computer Science and Technology
Keywords Encrypted Traffic Identification Traffic Features Chi-square Test Machine Learning
CLC TP393.06
Type Master's thesis
Year 2012
Downloads 52
Quotes 0
Download Dissertation

With the rapid development of network technology, user privacy is paid moreattention to. Encryption techniques are widely used in various softwares andprotocols. However, there are some people who use encryption techniques to hidetheir malicious actions or illegal operations in order to avoid the firewall detection.Thus distinguishing malicious traffic from the normal traffic is playing an importantrole in maintaining the network security.After further study of the encrypted traffic and traffic features, we propose atraffic identification method based on traffic features. Based on this method, wedesign and build an encrypted traffic identification system based on traffic features.The main contents of the research are shown below.1. The paper analyzes and summarizes the common methods of trafficidentification. We describe the principles and realization of the payload randomnessbased traffic identification, machine learning based traffic identification, payloadbased traffic identification, packet size distribution based traffic identification. In thetraffic identification based on payload randomness, we choose Chi-square Test tocomplete the payload randomness test. In the traffic identification based on machinelearning, we choose C4.5decision tree classification method to build theclassification model.2. On the basis of the above traffic identification research, we propose anefficient encrypted traffic identification method. Our method combines above fourtraffic identification methods, makes full use of each traffic identification method’sadvantages by adding weighted factors. Experiments show that our method is veryefficient. According to our encrypted traffic identification method, we design andrealize a traffic features based encrypted traffic identification system.3. We evaluate the efficiency and performance of the traffic features basedencrypted traffic identification system. During the evaluation process, we alsoevaluate above four traffic identification methods used in the encrypted traffic identification module. All results show that our system is practical and accurate.

Related Dissertations
More Dissertations