An Encrypted Traffic Detection Scheme Based On Group Key Agreement

In order to meet the needs of users for privacy protection and network security,more and more information is transmitted using encryption.Although encrypted communication protects information security,it also hides abnormal traffic to avoid traditional network traffic detection.Therefore,how to efficiently detect encrypted traffic has become an urgent problem to be solved.In recent years,some methods based on deep packet inspection have attracted the attention of the academic community.They introduced cryptography technology on the basis of deep packet inspection technology to match the information tokens and rules generated by encrypted traffic,so as to realize the Encrypted traffic inspection while protecting user privacy.However,the setting protocol and encryption algorithm of the above scheme have produced a lot of consumption.Based on this problem,this paper does the following work.Aiming at the problem that the traditional deep packet inspection scheme consumes huge space and time in the group communication model.It cannot be directly applied to network group communication.This paper proposes an encrypted traffic detection scheme based on a group key agreement.The scheme uses a dynamic group key agreement protocol to replace the original key agreement protocol.On the one hand,the scheme can perform deep packet inspection on encrypted traffic in the group mode of the widely used sensor network protocol.And on the other hand,it reduces the power consumption caused by encryption.The scheme improves the deep data packet inspection technology on the basis of cryptography,and can directly detect the information token without decrypting the transmitted message,so as to find malicious traffic and ensure the security of network communication.Aiming at the problem that the above scheme rules can only be added statically,causing large computing consumption and the problem of rule leakage caused by the migration of services to third-party clouds.This paper proposes another encrypted traffic detection scheme based on a group key agreement that can freely add rules.The dynamic addition of rules no longer requires the participation of the client.Instead,the agent uses a middlebox to execute the rule addition locally.The scheme simplifies the processing of rules and reduces the computational cost of the client.At the same time,the scheme replaces the original encryption algorithm with a new encryption method to ensure that the rules are protected from guessing attacks.In addition,this paper conducts a detailed security analysis and theoretical efficiency analysis of the proposed scheme and uses relevant data to conduct experimental simulations.The results show that the proposed scheme can provide more efficient encrypted traffic detection on the basis of security.