Research On Characterization And Classification Of Network Nuisance Behavior In Encrypted Traffic

With the development of encrypted communication technology and the increasing attention on privacy protection,the proportion of encrypted traffic in network is getting higher and higher,and the era of full encryption is coming.However,in the same time,some illegal individuals and organizations also use encryption technology to bypass detection,which brings challenges to cyberspace security governance.As the main carrier of network communication,network traffic has always been the focus in the field of network malicious behavior detection.With the process of network attack and defense,traditional traffic detection technology is no longer applicable when facing encrypted traffic.With the development of machine learning,both academia and industry are integrating machine learning into the field of encrypted traffic detection.Traditional machine learning algorithms rely on a relatively complete feature expert library to achieve high accuracy,but too many features will affect The detection effect has an impact.Meanwhile,although the deep learning model can achieve better classification results through self-learning of sample features,it cannot describe the encrypted traffic characteristics in a fine-grained manner due to its own inexplicability.Therefore,it is necessary to study the fine-grained feature representation of encrypted traffic and design a high-accuracy and high-efficiency detection model.The research contents of this paper are as follows:(1)This paper proposes a data stream-level encrypted network public nuisance traffic detection model,firstly,from the data stream-level perspective,analyzing different network behavior features from the session-level and byte-distribution level,constructing feature representations of encrypted traffic generated by network public nuisance behavior from the data stream level,and then proposing a deep neural network-based clustering model,which learns association between samples through clustering algorithms to enhance sample similarity,thus improving the accuracy and efficiency of the encrypted traffic detection model;(2)This paper proposes a communication protocol-level network public harm traffic detection model,firstly,based on the encryption protocol TLS,analyzing the feature representation of encrypted traffic at the protocol level from the perspective of message state sequence during communication,converting the traffic classification task into a graph classification task by transforming the traffic data into Markov Graph and constructing a graph convolutional neural network-based encrypted traffic detection model,and enhancing the accuracy and efficiency of the model through feature extraction and feature transformation operations;(3)This paper designs and implements an automated and high-accuracy encrypted network pollution traffic detection system.By simulating network pollution behavior capture data in a virtual environment as dataset,the effects of the proposed models are tested by conducting experiments on the private dataset.Besides,by introducing the open-source dataset,we made experiment on the generalization of the proposed model.Finally,the popular encrypted traffic classification model based on Native Bayes,Decision Tree,Random Forest,and LSTM and the like are chosed as baseline.Through comparative experiments,the performance of the model proposed in the paper is verified.