Research On Real-Time Classification Of Encrypted Traffic And Its Implementation On Big Data Platform

Network traffic classification is of great significance to network quality service assurance,network supervision,and network operation and maintenance.In order to solve user privacy and network security issues,the Internet uses encrypted traffic,which makes traditional network traffic classification methods such as port number and deep packet inspection ineffective.Existing encrypted traffic classification technologies are mainly based on machine learning and deep learning.However,in deep learning research,there are problems:the feature dimension of extracting encrypted traffic is single,and the original information will be lost due to traffic trimming and padding,resulting in poor application classification accuracy;At the same time,in the fine-grained encrypted webpage classification,there is a problem that the webpage classification accuracy is not high because the webpages of the same website are encrypted in the same way.The main results of this thesis are as follows:Aiming at the problems of single feature dimension and loss of original information in encrypted traffic application service classification,this thesis proposes a multi-dimensional feature information encryption traffic application service classification scheme.Based on a deep learning framework,the method uses convolution,long short-term memory,and multilayer perceptron neural networks to extract spatial features,temporal features between packets,and statistical features of the overall structure of encrypted traffic from raw traffic in parallel.Generate multidimensional feature information from three-dimensional features,and classify encrypted traffic application services based on the multi-dimensional feature information.The overall detection F1 score of this scheme is 95%,which is about 2%improvement compared to the method of Lotfollahi et al.in 2020.Aiming at the difficulty of classifying different webpage traffic due to the same encryption method on the same website,this thesis proposes a fine-grained encrypted webpage traffic classification scheme.Abstract the web page loading process by analyzing the behavior of the client and server in the interaction process.This thesis proposes the accumulation flow length sequence to extract the timing features and uses the TF-IDF algorithm to extract crucial length features to highlight the differences in layout and elements of different web pages,to better classify web page traffic.The F1 score of this method for webpage classification is 92.7%,which is about 1%higher than the model proposed by Shen et al.Based on the above scheme,this thesis designs and implements a real-time encrypted traffic classification system based on big data.The system supports encrypted traffic application service classification as well as fine-grained HTTPS web page classification.The thesis builds a real-time transmission data bus through Kafka and combines SparkStreaming to process encrypted traffic in a streaming manner,which not only ensures the reliability of the system but also improves the real-time classification capability of the system.