Research On Protocol Independent Online Identification Of Encrypted Traffic

Encrypted traffic identification plays important role in user rights protection and networksecurity guarantee. The research on protocol independent encrypted traffic identification isperformed, satisfying requirements of National High-Tech Research and Development Programof China (863program)--Highly Trustworthy Network Application Supervision System.Starting with protocol independent identification, the randomness character is focused on and theidea of implement protocol independent identification based on randomness estimation isinducted. Non-randomness characters concealing in network data are discovered. And theresearch on randomness estimating algorithm that suitable for network data is performed. Then anovel network encrypted traffic identification algorithm is proposed. An online identificationsystem of network encrypted traffic is designed finally.First, aimed at the systematic research on protocol independently online identification ofencrypted traffic, traditional encrypted traffic methods are concluded and analyzed. And the ideaof identification based on randomness estimation is inducted. Research on the non-randomnesscharacters which concealing in network data are implemented. Randomness test methods used intesting pseudorandom number generators are used in new scenario of estimating datarandomness. And estimation indexes are established. Results show that the cumulative test whichfocuses on data uniformity has the best performance, and the linear complexity and discre teFourier test which focus on the implicit periodicity in data have the worst performance. Thedifferent structure of encrypted data and unencrypted data leads to the performance difference.This chapter provides a theoretical and experimental basis for random estimate algorithm design.Second, aimed at estimating randomness on network data, a data adaptive randomnessestimation algorithm DARE (Data Adaptive Randomness Estimation) was proposed. Whilenetwork data receiving, estimating values are output online. And with the amount of dataincreased, estimation performance is raised dynamically. The performance was compared withentropy estimation algorithm. The results show that DARE has low space cost and high degreesof distinction. This chapter establishes the foundation of high accuracy identification algorithmdesign.Third, aimed at encrypted traffic recognizing, a novel algorithm SW-DARE (slide windowDARE) was proposed. The algorithm makes multiple judges through the same data flow, andcomprehensive output identification results. SW-DARE has the advantages of protocolindependent and high accuracy. SW-DARE provides an effective tool for protocol independentlyidentification of network encrypted traffic.Finally, in view of the high performance processing requirements on high rate of backbonelinks, an online identification system MFDI (Multi-channel Feedback Data-degressionIdentification) was designed. The system can synthesizes multiple identification algorithms, andmake the best use of low overhead and high identification rate of various algorithms. Low cost, high performance identification is realized. System capacity can be strengthened while thefunction can be upgraded smoothly. This system can also be applied to the traffic identificationof other applications with other identification components.