Encrypted traffic classification based on self-attention
袁子豪 1张洁1
扫码查看
点击上方二维码区域,可以放大扫码查看
作者信息
1. 南京邮电大学 计算机学院,江苏 南京 210023
折叠
摘要
随着人们网络安全意识的提高,加密流量呈爆炸式增长,流量加密在保护用户隐私的同时,也为安全检测带来了新的挑战.针对传统基于机器学习的流量识别方法存在需要手动设计分类特征、分类准确率不高等问题,提出一种基于卷积神经网络与自注意力机制(Convolutional Neural Network and Self Attention,CSA)的加密流量分类方法,依据网络流量的层次结构特性,采用卷积神经网络提取数据包内字节流的空间特征、自注意力机制提取数据包之间的时序特征.在公开数据集ISCX VPN-NonVPN上的实验结果表明,CSA模型的分类准确率达到了 95.0%,相较基准深度模型,准确率和F1 值皆有明显的提升.
Abstract
With the increasing public awareness of cyber-security,the use of encrypted traffic has exploded.Despite its excellent protection for people's privacy,encryption traffic technologies have encountered new challenges in security detection.Existing traffic identification methods based on traditional machine learning usually require manually specified classification features and struggle with classification accuracy.In this paper,first,we analyze the hierarchical structure of network traffic.Second,we employ a convolutional neural network to extract spatial features of byte stream inside packets,and a self-attention mechanism to extract timing characteristics between packets.To this end,we propose a method for encrypted traffic classification called convolutional neural network and self-attention(CSA),which could improve classification accuracy up to 95.0%.Empirical results on the standard public data set ISCX VPN-NonVPN demonstrate that the proposed method can boost the accuracy and F1 value significantly.
维普
万方数据