计算机工程 ›› 2012, Vol. 38 ›› Issue (12): 22-25.doi: 10.3969/j.issn.1000-3428.2012.12.006

• 专栏 • 上一篇    下一篇

基于载荷特征的加密流量快速识别方法

陈 伟 a,b,胡 磊 a,b,杨 龙 a,b   

  1. (南京邮电大学 a. 计算机学院;b. 计算机技术研究所,南京 210046)
  • 收稿日期:2011-08-15 出版日期:2012-06-20 发布日期:2012-06-20
  • 作者简介:陈 伟(1979-),男,副教授、博士,主研方向:网络安全;胡 磊、杨 龙,硕士研究生
  • 基金项目:

    国家自然科学基金资助项目(60873231);江苏省高校自 然科学基金资助项目(08KJB520006)

Fast Identification Method of Encrypted Traffic Based on Payload Signatures

CHEN Wei a,b, HU Lei a,b, YANG Long a,b   

  1. (a. School of Computer Science and Technology; b. Institute of Computer Technology, Nanjing University of Posts and Telecommunications, Nanjing 210046, China)
  • Received:2011-08-15 Online:2012-06-20 Published:2012-06-20

摘要:

针对加密流量难以识别的问题,提出一种快速的网络流量识别方法。该方法无需对数据包载荷进行深入分析,使用256维向量描述数据包负载中256个ASCII字节发生的频率,根据载荷特征量化后的均值和方差进行数据特征提取,采用决策树算法对加密流量进行分类识别。实验结果表明,该方法可以对常见的加密网络流量进行准确识别,并能检测部分恶意攻击产生的流量。

关键词: 流量识别, 数据包载荷, 加密流量, 分类, 决策树, 方差

Abstract:

To solve the difficulty of identifying encrypted traffic, this paper proposes a fast network traffic identification method, which applies traffic payload signatures extraction instead of the deep analysis of full-payload data. This method uses 256-dimensional vector to describe the frequency of the packet payload 256 ASCII bytes occur. It extracts payload signatures based on the mean and variance of the quantitative traffic payload. Then it classifies the network traffic into different applications by using a decision tree model. Experimental results show the proposed method can accurately classify the common encrypted network traffic and detect traffic from some malicious attacks.

Key words: traffic identification, packet payload, encrypted traffic, classification, decision tree, variance

中图分类号: