面向SSL VPN加密流量的识别方法

SSL VPN流量常常被一些非法应用利用，来绕过防火墙等安全设施的检测。因此，对SSL VPN加密流量的有效识别对网络信息安全具有重要意义。针对此，提出了一种基于Bit级DPI和深度学习的SSL VPN加密流量识别方法，所提方法分为两个步骤：利用Bit级DPI指纹生成技术识别SSL流量，缩小识别范围；再利用基于注意力机制的改进的CNN网络流量识别模型识别SSL VPN流量。该方法不仅有效解决了传统SSL加密流量指纹识别方法存在的漏识别率较高的问题，同时改进后的深度学习模型能提取网络流量中具有非常显著性的细粒度的特征，从而更加有效地捕捉网络流量中存在的依赖性。实验结果表明，该方法较现有的模型对SSL VPN加密流量的识别效果提高了6%以上。

Traffic Identification Method for SSL VPN Encryption

SSL VPN traffic is often used by some illegal applications using SSL VPN to bypass the detection of security facilities such as firewalls. Therefore, the effective identification of SSL VPN encrypted traffic is of great significance to network information security. In view of this, this paper proposes a SSL VPN encrypted traffic identification method based on bit-level DPI and deep learning. The proposed method is divided into two steps：bit-level DPI fingerprint generation technology to identify SSL traffic and narrow the identification range; an improved CNN network traffic identification model based on attention mechanism to identify SSL VPN traffic. The proposed method not only effectively solves the problem of high rate of missing recognition in the traditional SSL traffic fingerprint identification method, but also the improved deep learning model can extract the very significant fine-grained features in the network traffic, so as to more effectively capture the dependency existing in the network traffic. The experimental results show that the proposed method is more than 6% better than the existing model in the identification of SSL VPN encrypted traffic.