Encrypted traffic identification scheme based on sliding window and randomness features
With the development of information technology, network security has increasingly become a focal point for users and organizations, and encrypted data transmission has gradually become mainstream. This trend has driven the proportion of encrypted traffic on the Internet to rise continuously. However...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2024-08-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024056 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841530425687670784 |
|---|---|
| author | LIU Jiachi KUANG Boyu SU Mang XU Yaqian FU Anmin |
| author_facet | LIU Jiachi KUANG Boyu SU Mang XU Yaqian FU Anmin |
| author_sort | LIU Jiachi |
| collection | DOAJ |
| description | With the development of information technology, network security has increasingly become a focal point for users and organizations, and encrypted data transmission has gradually become mainstream. This trend has driven the proportion of encrypted traffic on the Internet to rise continuously. However, data encryption, while ensuring privacy and security, has also become a means for illegal content to evade network supervision. To achieve the detection and analysis of encrypted traffic, it has become necessary to efficiently identify encrypted traffic. However, the presence of compressed traffic has significantly interfered with the identification of encrypted traffic. To address this issue, an encrypted traffic identification scheme based on sliding windows and randomness features was designed to efficiently and accurately identify encrypted traffic. Specifically, the scheme involved sampling the payloads of data packets in sessions using a sliding window mechanism to obtain data block sequences that reflect the information patterns of the original traffic. For each data block, randomness measurement algorithms were utilized to extract sample features and construct randomness features for the original payload. Additionally, a decision tree model based on the CART algorithm was designed, which significantly improved the accuracy of identifying encrypted and compressed traffic and greatly reduced the false negative rate for encrypted traffic identification. A balanced dataset was constructed by randomly sampling data from several authoritative websites, and experiments demonstrated the feasibility and efficiency of the proposed scheme. |
| format | Article |
| id | doaj-art-1a49871379954901b33887eb25055653 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2024-08-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-1a49871379954901b33887eb250556532025-01-15T03:04:11ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2024-08-01109810870108182Encrypted traffic identification scheme based on sliding window and randomness featuresLIU JiachiKUANG BoyuSU MangXU YaqianFU AnminWith the development of information technology, network security has increasingly become a focal point for users and organizations, and encrypted data transmission has gradually become mainstream. This trend has driven the proportion of encrypted traffic on the Internet to rise continuously. However, data encryption, while ensuring privacy and security, has also become a means for illegal content to evade network supervision. To achieve the detection and analysis of encrypted traffic, it has become necessary to efficiently identify encrypted traffic. However, the presence of compressed traffic has significantly interfered with the identification of encrypted traffic. To address this issue, an encrypted traffic identification scheme based on sliding windows and randomness features was designed to efficiently and accurately identify encrypted traffic. Specifically, the scheme involved sampling the payloads of data packets in sessions using a sliding window mechanism to obtain data block sequences that reflect the information patterns of the original traffic. For each data block, randomness measurement algorithms were utilized to extract sample features and construct randomness features for the original payload. Additionally, a decision tree model based on the CART algorithm was designed, which significantly improved the accuracy of identifying encrypted and compressed traffic and greatly reduced the false negative rate for encrypted traffic identification. A balanced dataset was constructed by randomly sampling data from several authoritative websites, and experiments demonstrated the feasibility and efficiency of the proposed scheme.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024056encrypted trafficcompressed trafficrandom featuresliding sampling |
| spellingShingle | LIU Jiachi KUANG Boyu SU Mang XU Yaqian FU Anmin Encrypted traffic identification scheme based on sliding window and randomness features 网络与信息安全学报 encrypted traffic compressed traffic random feature sliding sampling |
| title | Encrypted traffic identification scheme based on sliding window and randomness features |
| title_full | Encrypted traffic identification scheme based on sliding window and randomness features |
| title_fullStr | Encrypted traffic identification scheme based on sliding window and randomness features |
| title_full_unstemmed | Encrypted traffic identification scheme based on sliding window and randomness features |
| title_short | Encrypted traffic identification scheme based on sliding window and randomness features |
| title_sort | encrypted traffic identification scheme based on sliding window and randomness features |
| topic | encrypted traffic compressed traffic random feature sliding sampling |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024056 |
| work_keys_str_mv | AT liujiachi encryptedtrafficidentificationschemebasedonslidingwindowandrandomnessfeatures AT kuangboyu encryptedtrafficidentificationschemebasedonslidingwindowandrandomnessfeatures AT sumang encryptedtrafficidentificationschemebasedonslidingwindowandrandomnessfeatures AT xuyaqian encryptedtrafficidentificationschemebasedonslidingwindowandrandomnessfeatures AT fuanmin encryptedtrafficidentificationschemebasedonslidingwindowandrandomnessfeatures |