Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for classifying encrypted traffic and server, and computer readable storage medium

A traffic classification and computer program technology, applied in the field of computer networks, can solve problems such as the limitation of message types, and achieve the effects of reducing sparsity, saving memory overhead, and expanding differences

Active Publication Date: 2018-11-06
INST OF INFORMATION ENG CAS
View PDF8 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the types of message types are too limited, and only using the message type sequence to construct the Markov matrix is ​​not enough to distinguish the emerging mass applications

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for classifying encrypted traffic and server, and computer readable storage medium
  • Method for classifying encrypted traffic and server, and computer readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0034] Example 1 Combining Logistic Regression Classifier to Classify 5 Applications

[0035] Classify encrypted traffic by Markov probabilistic fingerprints based on multidimensional attributes. From July 20, 2017, the traffic on a certain campus network was captured to passively mark the traffic of 5 software such as alicdn, JD, and onenote (a total of 19w+ streams, 119w+ data packets) as the labeled training data set. The application traffic extracts the message type sequence and packet length sequence. Then count the number of fields that appear in the message type to a total of 99, and encode the 99 different messagetype fields from 1 to 99 in sequence to form a message type encoded file. The number of representative lengths for each application covering 90% of the traffic is 320, respectively. 66, 141, 150 and 8. Use the message type encoding file to encode all message type sequences to form a message type Markov transition matrix corresponding to each application. Si...

example 2

[0036] Example 2 Combined with Random Forest Classifier to Classify 5 Applications

[0037] Classify encrypted traffic by Markov probabilistic fingerprints based on multidimensional attributes. From July 20, 2017, the traffic on a certain campus network was captured to passively mark the traffic of 5 software such as alicdn, JD, and onenote (a total of 19w+ streams, 119w+ data packets) as the labeled training data set. The application traffic extracts the message type sequence and packet length sequence. Then count the number of fields that appear in the message type to a total of 99, and encode the 99 different messagetype fields from 1 to 99 in sequence to form a message type encoded file (that is, encode the different message type fields that appear in sequence to generate a message type encoded file ), the number of representative lengths corresponding to 90% of traffic covered by each application is 320, 66, 141, 150 and 8 respectively. Use the message type encoding fil...

example 3

[0038] Example 3 Combining Random Forest Classifier to Classify 10 Applications

[0039] Classify encrypted traffic by Markov probabilistic fingerprints based on multidimensional attributes. From July 20, 2017, the traffic on a certain campus network was captured to passively mark the traffic of 10 applications such as github, QQ and baidu (a total of 35w+ streams, 241w+ data packets) as the marked training data set. The application traffic extracts the message type sequence and packet length sequence. Then count the number of fields that appear in the message type to a total of 117, encode the 117 different messagetype fields from 1 to 117 in sequence to form a message type encoding file, and obtain the corresponding representative length set. Use the message type encoding file to encode all message type sequences to form a message type Markov transition matrix corresponding to each application. Similarly, the original length sequence is transformed into a representative le...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for classifying encrypted traffic and a server, and a computer readable storage medium. The method comprises a training phase and a classification phase, wherein the training phase comprises: obtaining and labeling the encrypted traffic of encrypted applications to obtain a training set; respectively extracting, from the training set, message type sequences of eachencrypted application and converting the sequences into corresponding coding sequences, and calculating the representative length sequence of the applications according to the packet length sequencesof the applications; constructing the Message type Markov transition matrix by using the coding sequences of each application, and constructing the length Markov transition matrix according to the representative length sequence; inputting the coding sequence and the representative length sequence respectively into corresponding transfer matrixes, to generate fingerprints corresponding to the encrypted traffic of the applications; and inputting each fingerprint into the classification model for training to obtain a classification model; and the classification phase comprises: for the data stream to be classified, inputting the fingerprint of the data stream into the trained classification model for classification.

Description

technical field [0001] The invention relates to an encrypted flow classification method based on multi-dimensional attribute Markov probability fingerprints, a server and a computer-readable storage medium, and belongs to the technical field of computer networks. Background technique [0002] With the continuous development of information technology and network communication, the scale of network traffic has increased dramatically. In order to better ensure the online security of legitimate users, massive network traffic data needs to be processed and analyzed reasonably, which undoubtedly brings huge challenges to network management and anomaly detection. Network traffic classification is crucial as the first step in network traffic analysis and detection, and thus has attracted extensive attention from academia and industry. [0003] At present, network traffic classification methods are mainly divided into three categories: 1) traffic classification methods based on port...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/145H04L63/0428H04L63/1408H04L63/1425H04L63/1441
Inventor 李镇曹自刚熊刚刘畅
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com