Encrypted Traffic Classification Method Based on Multi-Layer Bidirectional SRU and Attention Model

doi:10.19678/j.issn.1000-3428.0063626

Abstract

Abstract: The encrypted traffic classification method based on traditional Recurrent Neural Network(RNN) typically have poor parallelism and low efficiency.To quickly and accurately classify encrypted traffic, a classification method for encrypted traffic based on a Multi-Layer Bidirectional Simple Recurrent Unit and Attention(MLBSRU-A) model is proposed.Feature learning and classification are unified into an end-to-end model, and the highly parallel sequence modeling ability of the SRU model is used to improve the overall operation efficiency.To improve the classification accuracy of the MLBSRU-A model, multi-layer bidirectional SRU networks are stacked to automatically extract features from the original traffic, and an attention mechanism is introduced to provide different weights to features to improve discrimination between important features.Experiments show that the MLBSRU-A model has a higher classification accuracy and running efficiency on the public dataset ISCX VPN-nonVPN.Compared with the BGRUA model, the fine-grained classification accuracy of MLBSRU-A improved by 4.34%, and the training time reduced by 55.38%.On the USTC-TFC 2016 dataset, the detection accuracy of the MLBSRU-A model for unknown encrypted malicious traffic is 99.50%, and the fine-grained classification accuracy is 98.84%.The proposed model can detect unknown encrypted malicious traffic with high precision and perform fine-grained classification of encrypted malicious traffic.

Key words: encrypted traffic classification, encrypted malicious traffic detection, Simple Recurrent Unit(SRU), attention mechanism, Recurrent Neural Network(RNN)

摘要： 基于传统循环神经网络的加密流量分类方法普遍存在并行性较差、模型运行效率较低等问题。为实现加密流量的快速准确分类，提出一种基于多层双向简单循环单元（SRU）与注意力（MLBSRU-A）模型的加密流量分类方法。将特征学习和分类统一到一个端到端模型中，利用SRU模型高度并行化的序列建模能力来提高整体运行效率。为了提升MLBSRU-A模型的分类精度，堆叠多层双向SRU网络使其自动地从原始流量中提取特征，并引入注意力机制为特征赋予不同的权重，从而提高重要特征之间的区分度。实验结果表明，在公开数据集ISCX VPN-nonVPN上，MLBSRU-A模型具有较高的分类精度和运行效率，与BGRUA模型相比，MLBSRU-A的细粒度分类准确率提高4.34%，训练时间减少55.38%，在USTC-TFC 2016数据集上，MLBSRU-A模型对未知加密恶意流量的检测准确率达到99.50%，细粒度分类准确率为98.84%，其兼具对未知加密恶意流量的高精度检测能力以及对加密恶意流量的细粒度分类能力。

关键词: 加密流量分类, 加密恶意流量检测, 简单循环单元, 注意力机制, 循环神经网络

CLC Number:

TP393

ZHANG Surong, BU Youjun, CHEN Bo, SUN Chongxin, WANG Han, HU Xianjun. Encrypted Traffic Classification Method Based on Multi-Layer Bidirectional SRU and Attention Model[J]. Computer Engineering, 2022, 48(11): 127-136.

张稣荣, 卜佑军, 陈博, 孙重鑫, 王涵, 胡先君. 基于多层双向SRU与注意力模型的加密流量分类方法[J]. 计算机工程, 2022, 48(11): 127-136.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0063626

http://www.ecice06.com/EN/Y2022/V48/I11/127

Figures/Tables 15

References

[1] SALMAN O, ELHAJJ I H, KAYSSI A, et al.A review on machine learning-based approaches for Internet traffic classification[J].Annals of Telecommunications, 2020, 75(11/12):673-710.
[2] BARAC white paper[EB/OL].[2021-11-05].http://barac.io/white_paper_encrypted_traffic/.
[3] NING J T, POH G S, LOH J C, et al.PrivDPI:privacy-preserving encrypted traffic inspection with reusable obfuscated rules[C]//Proceedings of 2019 ACM SIGSAC Conference on Computer and Communications Security.New York, USA:ACM Press, 2019:1657-1670.
[4] ABBASI M, SHAHRAKI A, TAHERKORDI A.Deep learning for Network Traffic Monitoring and Analysis (NTMA):a survey[J].Computer Communications, 2021, 170:19-41.
[5] REZAEI S, LIU X.Deep learning for encrypted traffic classification:an overview[J].IEEE Communications Magazine, 2019, 57(5):76-81.
[6] WANG W, ZHU M, WANG J L, et al.End-to-end encrypted traffic classification with one-dimensional convolution neural networks[C]//Proceedings of 2017 IEEE International Conference on Intelligence and Security Informatics.Washington D.C., USA:IEEE Press, 2017:43-48.
[7] LEI T, ZHANG Y, WANG S I, et al.Simple recurrent units for highly parallelizable recurrence[EB/OL].[2021-11-05].https://arxiv.org/abs/1709.02755.
[8] DE LUCIA M J, COTTON C.Detection of encrypted malicious network traffic using machine learning[C]//Proceedings of 2019 IEEE Military Communications Conference.Washington D.C., USA:IEEE Press, 2019:1-6.
[9] BHATIA M, SHARMA V, SINGH P, et al.Multi-level P2P traffic classification using heuristic and statistical-based techniques:a hybrid approach[J].Symmetry, 2020, 12(12):2117.
[10] MA C C, DU X H, CAO L F.Improved KNN algorithm for fine-grained classification of encrypted network flow[J].Electronics, 2020, 9(2):324.
[11] LOTFOLLAHI M, JAFARI SIAVOSHANI M, SHIRALI HOSSEIN ZADE R, et al.Deep packet:a novel approach for encrypted traffic classification using deep learning[J].Soft Computing, 2020, 24(3):1999-2012.
[12] SHAPIRA T, SHAVITT Y.FlowPic:a generic representation for encrypted traffic classification and applications identification[J].IEEE Transactions on Network and Service Management, 2021, 18(2):1218-1232.
[13] 程华, 谢金鑫, 陈立皇.基于CNN的加密C&C通信流量识别方法[J].计算机工程, 2019, 45(8):31-34, 41. CHENG H, XIE J X, CHEN L H.CNN-based encrypted C&C communication traffic identification method[J].Computer Engineering, 2019, 45(8):31-34, 41.(in Chinese)
[14] MANDIC D P, CHAMBERS J A.Recurrent neural networks for prediction[M].Chichester, UK:John Wiley & Sons Ltd., 2001.
[15] ZOU Z, GE J G, ZHENG H B, et al.Encrypted traffic classification with a convolutional long short-term memory neural network[C]//Proceedings of 2018 IEEE International Conference on High Performance Computing and Commu-nications.Washington D.C., USA:IEEE Press, 2018:329-334.
[16] LOPEZ-MARTIN M, CARRO B, SANCHEZ-ESGUEVILLAS A, et al.Network traffic classifier with convolutional and recurrent neural networks for Internet of Things[J].IEEE Access, 2017, 5:18042-18050.
[17] LIN K D, XU X L, GAO H H.TSCRNN:a novel classification scheme of encrypted traffic based on flow spatiotemporal features for efficient management of IIoT[J].Computer Networks, 2021, 190:107974.
[18] HU X Y, GU C X, WEI F S.CLD-net:a network combining CNN and LSTM for Internet encrypted traffic classification[J].Security and Communication Networks, 2021, 15:1-15.
[19] CHO K, VAN MERRIENBOER B, GULCEHRE C, et al.Learning phrase representations using RNN encoder-decoder for statistical machine translation[C]//Proceedings of 2014 Conference on Empirical Methods in Natural Language Processing.Washington D.C., USA:IEEE Press, 2014:123-126.
[20] LIU C, HE L T, XIONG G, et al.FS-net:a flow sequence network for encrypted traffic classification[C]//Proceedings of IEEE Conference on Computer Communications.Washington D.C., USA:IEEE Press, 2019:1171-1179.
[21] LIU X, YOU J L, WU Y L, et al.Attention-based bidirectional GRU networks for efficient HTTPS traffic classification[J].Information Sciences, 2020, 541:297-315.
[22] DONG C, ZHANG C, LU Z G, et al.CETAnalytics:comprehensive effective traffic information analytics for encrypted traffic classification[J].Computer Networks, 2020, 176:107258.
[23] 蒋彤彤, 尹魏昕, 蔡冰, 等.基于层次时空特征与多头注意力的恶意加密流量识别[J].计算机工程, 2021, 47(7):101-108. JIANG T T, YIN W X, CAI B, et al.Encrypted malicious traffic identification based on hierarchical spatiotemporal feature and multi-head attention[J].Computer Engineering, 2021, 47(7):101-108.(in Chinese)
[24] HOCHREITER S, SCHMIDHUBER J.Long short-term memory[J].Neural Computation, 1997, 9(8):1735-1780.
[25] SHANG W, SOHN K, ALMEIDA D, et al.Understanding and improving convolutional neural networks via concatenated rectified linear units[EB/OL].[2021-11-05].http://proceedings.mlr.press/v48/shang16.pdf.
[26] BAHDANAU D, CHO K, BENGIO Y.Neural machine translation by jointly learning to align and translate[EB/OL].[2021-11-05].https://arxiv.org/pdf/1409.0473v7.pdf.
[27] ISCX UNB.VPN-nonVPN dataset[EB/OL].[2021-11-05].http://www.unb.ca/cic/research/datasets/vpn.html.
[28] WANG W, ZHU M, ZENG X W, et al.Malware traffic classification using convolutional neural network for representation learning[C]//Proceedings of 2017 International Conference on Information Networking.Washington D.C., USA:IEEE Press, 2017:15-22.
[29] YAO H P, LIU C, ZHANG P Y, et al.Identification of encrypted traffic through attention mechanism based long short term memory[J].IEEE Transactions on Big Data, 2022, 8(1):241-252.

Please choose a citation manager

Content to export