| 基于载荷特征的加密流量快速识别方法 |
| |
| 引用本文: | 陈伟,胡磊,杨龙.基于载荷特征的加密流量快速识别方法[J].计算机工程,2012,38(12):22-25. |
| |
| 作者姓名: | 陈伟 胡磊 杨龙 |
| |
| 作者单位: | 南京邮电大学计算机学院,南京210046;计算机技术研究所,南京210046 |
| |
| 基金项目: | 国家自然科学基金资助项目,江苏省高校自然科学基金资助项目 |
| |
| 摘 要: | 针对加密流量难以识别的问题,提出一种快速的网络流量识别方法。该方法无需对数据包载荷进行深入分析,使用256维向量描述数据包负载中256个ASCII字节发生的频率,根据载荷特征量化后的均值和方差进行数据特征提取,采用决策树算法对加密流量进行分类识别。实验结果表明,该方法可以对常见的加密网络流量进行准确识别,并能检测部分恶意攻击产生的流量。
|
| 关 键 词: | 流量识别 数据包载荷 加密流量 分类 决策树 方差 |
| 收稿时间: | 2011-08-15 |
Fast Identification Method of Encrypted Traffic Based on Payload Signatures |
| |
| CHEN Wei
,
HU Lei
,
YANG Long.Fast Identification Method of Encrypted Traffic Based on Payload Signatures[J].Computer Engineering,2012,38(12):22-25. |
| |
| Authors: | CHEN Wei HU Lei YANG Long |
| |
| Affiliation: | a,b(a.School of Computer Science and Technology;b.Institute of Computer Technology,Nanjing University of Posts and Telecommunications,Nanjing 210046,China) |
| |
| Abstract: | To solve the difficulty of identifying encrypted traffic,this paper proposes a fast network traffic identification method,which applies traffic payload signatures extraction instead of the deep analysis of full-payload data.This method uses 256-dimensional vector to describe the frequency of the packet payload 256 ASCII bytes occur.It extracts payload signatures based on the mean and variance of the quantitative traffic payload.Then it classifies the network traffic into different applications by using a decision tree model.Experimental results show the proposed method can accurately classify the common encrypted network traffic and detect traffic from some malicious attacks. |
| |
| Keywords: | traffic identification packet payload encrypted traffic classification decision tree variance |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
