Identification and classification technology for new V2Ray-like en-crypted proxy protocol disguised variant traffic

doi:10.19678/j.issn.1000-3428.0253298

Abstract

Abstract: While novel mainstream domestic V2Ray-type encrypted proxy protocols protect user privacy, covert channels are provided for cybercrime. Accurate identification of such traffic has become a new research hotspot in cyberspace governance. To evade regulation, these protocols often employ traffic variant techniques, making them more camouflaged and difficult for existing methods to detect effectively. To address this issue, an encrypted proxy traffic detection model is proposed, AG-CTNet, based on dynamic fusion of multimodal features, to identify V2Ray-type encrypted proxy traffic employing various camouflage strategies. To address the scarcity of existing public datasets, an encrypted proxy traffic sample library is constructed through independent data collection and introduce data augmentation strategies to improve model robustness. For the traffic variant camouflage problem, a parallel fusion architecture of 2D-CNN and Transformer is adopted, innovatively introducing cross-modal attention and dynamic gating mechanisms to achieve adaptive fusion of multimodal features. Experimental results show that the model in this paper achieves an accuracy of 98.62% and a precision of 98.41% for identifying V2Ray-type encrypted proxy traffic, effectively improving the accuracy of traffic identification.

摘要： 新型国内主流V2Ray类加密代理协议在保护用户个人隐私的同时也为网络犯罪活动提供了隐蔽通道，准确识别此类流量已成为网络空间治理的研究新热点。为躲避监管，此类协议通常采用流量变种技术，伪装性更强，现有方法难以有效检测。针对这一问题，提出一种基于多模态特征动态融合的加密代理流量检测模型AG-CTNet，用于识别采用多种伪装策略的V2Ray类加密代理流量。针对现有公开数据集稀缺问题，通过自主采集数据，构造加密代理流量样本库，同时引入数据增强策略，提升模型鲁棒性；针对流量变种伪装问题，采用2D-CNN与Transformer并行融合架构，创新性地引入跨模态注意力和动态门控机制，实现多模态特征自适应融合。实验结果表明，本文模型对于V2Ray类加密代理流量识别的准确率和精确率分别达到98.62%、98.41%，有效提升了流量识别的准确性。

Wu Wenxin, Xu Guotian, Zhu Guangrui. Identification and classification technology for new V2Ray-like en-crypted proxy protocol disguised variant traffic[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.0253298.

武雯欣, 徐国天, 朱广锐. 面向新型V2Ray类加密代理协议伪装变种流量的识别分类技术[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.0253298.

/ Recommend / Download Citations

URL: https://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0253298

References

[1] Choi J, Abuhamad M, Abusnaina A, et al. Under-standing the proxy ecosystem: A comparative analysis of residential and open proxies on the internet[J]. IEEE Access, 2020, 8: 111368-111380.
[2] Xue D, Kallitsis M, Houmansadr A, Ensafi R. Fingerprinting obfuscated proxy traffic with encapsulated TLS handshakes[C]//USENIX Security Symposium. USENIX Association, 2024: 2689–2706.
[3] 李海龙,崔治安,沈燮阳.网络流量特征的异常分析与检测方法综述[J].信息网络安全,2025,25(02):194-214. Li H L, Cui Z A, Shen X Y. A review of anomaly analysis and detection methods for network traffic characteristics [J]. Information Network Security, 2025, 25(02):194-214.
[4] Bagui, S., Fang, X., Kalaimannan, E., Bagui, S. C., & Sheehan, J. (2017). Comparison of ma-chine-learning algorithms for classification of VPN network traffic flow using time-related fea-tures. Journal of Cyber Security Technology, 1(2), 108–126.https://doi.org/10.1080/23742917.2017.1321891
[5] Y Li, F. Wang and S. Chen, "VPN Traffic Identification Based on Tunneling Protocol Characteristics," 2022 IEEE 5th International Conference on Computer and Communication Engineering Technology (CCET), Beijing, China,2022, pp. 150-156, DOI: 10.1109/CCET55412.2022.9906397.
[6] Wei Wang, Ming Zhu, Xuewen Zeng, Xiaozhou Ye and Yiqiang Sheng, "Malware traffic classifi-cation using convolutional neural network for representation learning," 2017 International Con-ference on Information Networking (ICOIN), Da Nang, Vietnam, 2017, pp. 712-717, DOI: 10.1109/ICOIN.2017.7899588.
[7] Gil G D, Lashkari A H, Mamun M, et al. Charac-terization of encrypted and VPN traffic using time-related features[C]//Proceedings of the 2nd international conference on information systems security and privacy (ICISSP 2016). Setúbal, Portugal: SciTePress, 2016: 407-414.
[8] Zliang N, Wu T, Zhang Y, et al. Shadowsocks traffic identification based on convolutional neural network[C]//2020 International Conference on Information Science and Education (ICISE-IE). IEEE, 2020: 480-485.
[9] Zhang Y, Zhao S, Zhang J, et al. STNN: A novel TLS/SSL encrypted traffic classification system based on stereo transform neural network[C]//2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS). IEEE, 2019: 907-910.
[10] Zhou Y, Shi H, Zhao Y, et al. Encrypted network traffic identification based on 2d-cnn model[C]//2021 22nd Asia-Pacific Network Operations and Management Symposium (APNOMS). IEEE, 2021: 238-241.
[11] Xue D, Stanley R, Kumar P, et al. The Discrimi-native Power of Cross-layer RTTs in Finger-printing Proxy Traffic[J]. 2025.
[12] Wu M, Sippe J, Sivakumar D, et al. How the Great Firewall of China detects and blocks fully encrypted traffic[C]//32nd USENIX Security Symposium (USENIX Security 23). 2023: 2653-2670.
[13] Lv L, Zhou P. TrojanProbe: Fingerprinting Trojan tunnel implementations by actively probing crafted HTTP requests[J]. Computers & Security, 2025, 148: 104147.
[14] Meraki C. Signal-to-noise ratio (SNR) and wireless signal strength[EB/OL].(2019)
[15] Federal Communications Commission. Measuring fixed broadband - Eleventh report [R/OL].Washington, DC: FCC, 2021[2024-12-23]. https://www.fcc.gov/reports-research/reports/measuring-broadband-america/measuring-fixed-broadband-eleventh-report.
[16] Habibi Lashkari A, Kaur G, Rahali A. Didarknet: A contemporary approach to detect and charac-terize the darknet traffic using deep image learn-ing[C]. Proceedings of the 10th International Conference on Communication and Network Se-curity (ICCNS). 2020. 1-13.
[17] Ma X, Shi M, An B, et al. Context-aware website fingerprinting over encrypted proxies [C]. Pro-ceedings of IEEE International Conference on Zhang J, Zhao H, Feng Y, et al. NetST: Network Encrypted Traffic Classification Based on Swin Transformer[J]. Computers, Materials & Continua, 2025, 84(3).Computer Communications (IN FOCOM). IEEE, 2021. 1-10.
[18] Le D Q, Jeong T, Roman H E, et al. Traffic dis-persion graph based anomalydetection [C]. In Proceedings of the Second Symposium on Infor-mation and Communi-cation Technology. 2011: 36–41
[19] 柴源聪,李玎.一维卷积神经网络和Transformer在加密流量分类上的应用[J].信息工程大学学报,2024,25(06):732-738. Chai Y C, Li D. Application of one-dimensional convolutional neural network and Transformer in encrypted traffic classification[J]. Journal of Information Engineering University, 2024, 25(06):732-738.
[20] 唐舒烨,程光,蒋泊淼,等.基于分段熵分布的VPN加密流量检测与识别方法[J].网络空间安全,2020,11(08):23-27+33. Tang S Y, Cheng G, Jiang B M, et al. VPN en-crypted traffic detection and identification method based on segmented entropy distribution [J]. Cyberspace Security, 2020, 11(08):23-27+33.
[21] 刘贺,张文波.一种基于ViT改进的轻量化恶意流量识别方法[J].小型微型计算机系统,2024,45(02):388-395.DOI:10.20009/j.cnki.21-1106/TP.2022-0758. Liu H, Zhang W B. A lightweight malicious traffic identification method based on ViT improvement [J]. Microcomputer & Its Applications, 2024, 45(02):388-395.DOI:10.20009/j.cnki.21-1106/TP.2022-0758.
[22] 蒋邦明,潘成胜,孔志翔.基于图神经网络的强对抗流量分类方法[J].计算机应用与软件,2025,42(08):153-159+187. Jiang B M, Pan C S, Kong Z X. A strong adver-sarial traffic classification method based on graph neural network [J]. Computer Applications and Software, 2025, 42(08):153-159+187.
[23] LU B, LUKTARHAN N, DING C, et al. ICLSTM: Encrypted traffic service identification based on Inception-LSTM neural network[J].SYMMETRY-BASEL, 2021, 13(6): 1080.
[24] WANG L, HU W, LIU J, et al. Encrypted traffic classification based on fusion of vision trans-former and temporal features[J].Journal of China Universities of Posts and Telecommunications, 2023, 30(2): 73-82.
[25] WANG C, ZHANG W, HAO H, et al. Network traffic classification model based on spa-tio-temporal feature extraction[J]. Electronics, 2024, 13(7): 1236.
[26] Cui J, Bai L, Li G, et al. Semi-2DCAE: a semi-supervision 2D-CNN AutoEncoder model for feature representation and classification of encrypted traffic[J]. PeerJ Computer Science, 2023, 9: e1635.
[27] Park J T, Shin C Y, Baek U J, et al. Fast and ac-curate multi-task learning for encrypted network traffic classification[J]. Applied Sciences, 2024, 14(7): 3073.
[28] Zhang J, Zhao H, Feng Y, et al. NetST: Network Encrypted Traffic Classification Based on Swin Transformer[J]. Computers, Materials & Continua, 2025, 84(3).
[29] Xu,Y.; Cao, J.; Song, K.; Xiang, Q.; Cheng, G. FastTraffic: A Lightweight Method for Encrypted Traffic Fast Classification. Comput. Netw. 2023, 235, 109965.
[30] Shin, C.-Y.; Park, J.-T.; Baek, U.-J.; Kim, M.-S. A Feasible and Explainable Network Traffic Classifier Utilizing DistilBERT. IEEE Access 2023, 11, 70216–70237.
[31] Zhao, R.; Zhan, M.; Deng, X.; Wang, Y.; Wang, Y.; Gui, G.; Xue, Z. Yet Another Traffic Classifier: A Masked Autoencoder Based Traffic Transformer with Multi-Level Flow Representation. Proc. AAAI Conf. Artif. Intell. 2023, 37, 5420–5427.
[32] Shi Z, Luktarhan N, Song Y, et al. BFCN: A novel classification method of encrypted traffic based on BERT and CNN[J]. Electronics, 2023, 12(3): 516.

Please choose a citation manager

Content to export