Research And Implementation Of Encrypted Traffic Intrusion Detection Method Based On Machine Learning

In today’s society,information and communication technology is developing rapidly.When people enjoy the convenience brought by Internet services,they are not aware that their own private information is facing a threat.With the gradual maturity and popularization of encryption technology,more and more malicious attacks also use encryption technology to avoid the review of traditional traffic detection systems.Therefore,the accurate identification of encrypted traffic has become a research hotspot in the international community.To solve this problem,this thesis proposes an encrypted traffic identification method.The main contributions are as follows:(1)In view of the interference information of the original traffic,this paper proposes an operation flow of the original traffic preprocessing,which first needs to remove the information that may cause the model over fitting or is irrelevant to the identification task,such as IP address,MAC address,etc.,and then uniformly process the length of the original traffic packet to a format that can be received by the convolutional neural network.(2)Aiming at the cumbersome steps of manually extracting traffic features and low recognition accuracy,this thesis proposes an encrypted traffic detection method based on pruning convolution neural network technology.This method does not need to extract features manually or rely on experts.It can automatically extract advanced features through convolution neural network,and then transfer the features to xgboost classifier for classification.In the encrypted traffic identification section,the pruning and deconvolution technology is used to identify the high degree of traffic,which only affects those parts of the network.The experimental results on the public data set iscxvpn2016 verify the reliable performance of the method:the accuracy rate is 94%,increased by 5%,the recall rate is 93%,increased by 4%,and the F1 value is 93%,increased by 4%.(3)Based on the above methods,this thesis designs and implements a set of encrypted traffic intrusion detection system.The system is divided into five parts:traffic collection,data processing,model detection,data visualization and traffic blocking.These modules are reasonably explained and introduced.Finally,the encrypted traffic intrusion detection system is implemented by using Apache echarts,Python and tcpkill,which meets the expected requirements.