加密
计算机科学
数据挖掘
隐马尔可夫模型
块(置换群论)
马尔可夫链
特征(语言学)
交通分类
钥匙(锁)
特征提取
异常检测
网络数据包
深包检验
模式识别(心理学)
人工智能
机器学习
计算机网络
计算机安全
数学
哲学
语言学
几何学
作者
Chang Liu,Zigang Cao,Gang Xiong,Gaopeng Gou,Siu‐Ming Yiu,Longtao He
标识
DOI:10.1109/iwqos.2018.8624124
摘要
With the explosion of network applications, network anomaly detection and security management face a big challenge, of which the first and a fundamental step is traffic classification. However, for the sake of user privacy, encrypted communication protocols, e.g. the SSL/TLS protocol, are extensively used, which results in the ineffectiveness of traditional rule-based classification methods. Existing methods cannot have a satisfactory accuracy of encrypted traffic classification because of insufficient distinguishable characteristics. In this paper, we propose the Multi-attribute Markov Probability Fingerprints (MaMPF), for encrypted traffic classification. The key idea behind MaMPF is to consider multi-attributes, which includes a critical feature, namely “length block sequence” that captures the time-series packet lengths effectively using power-law distributions and relative occurrence probabilities of all considered applications. Based on the message type and length block sequences, Markov models are trained and the probabilities of all the applications are concatenated as the fingerprints for classification. MaMPF achieves 96.4% TPR and 0.2% FPR performance on a real-world dataset from campus network (including 950,000+ encrypted traffic flows and covering 18 applications), and outperforms the state-of-the-art methods.
科研通智能强力驱动
Strongly Powered by AbleSci AI