摘要： 提出一种高斯混合模型的ESP流量应用层协议识别技术，采用同步采集和流量模拟2种方式构造ESP数据集，建立HTTP、FTP、SMTP和TELNET 4种协议的ESP流量高斯混合模型，并对该模型进行测试，结果表明，高斯混合模型对ESP流量具有较好的协议识别能力，可利用ESP流量的网络层特征识别其应用层协议。

关键词: IP安全, ESP流量, 高斯混合模型, 流量分析, 协议识别

Abstract: This paper proposes a GMM-based application-layer protocol identification technique of ESP traffic. It uses two means to construct the ESP traffic data sets, one is synchronous collection, another is traffic simulation, And builds and tests the GMMs of HTTP, FTP, SMTP and TELNET on the data sets. Result shows GMM is applicable to identify the application-layer protocol of the ESP traffic, and the network-layer characteristics of the ESP traffic leak enough information to identify other application-layer protocol.

Key words: IPSec, ESP traffic, Gaussian Mixture Model(GMM), traffic analysis, protocol identification

中图分类号: 

• TP393