Design And Implementation Of VPN Traffic Classification System Based On Deep Learning

In recent years,network traffic classification has become a hot research topic,which is widely used in network security,network management at el.As people become more privacy-conscious,more and more applications are using encrypted communications.The encryption protocol encapsulates the original traffic,hides the content of the original packet.And the encryption will further group and randomize the payload of the traffic,thus bringing great difficulties and challenges to the classification.This paper proposes a traffic classification method based on packet block image,which is used to classify VPN traffic encrypted by TLS.Based on this method,an encrypted traffic classification system was designed and implemented.For double encrypted traffic by VPN and TLS,this paper first proposes a method to express the interactive behavior characteristics of traffic,called packet block.Each packet block is the statistical information of a group of consecutive packets in the same direction.This expression can better reflect the changes of upstream and downstream traffic generated by protocol interaction,and effectively improve the problem that the packet size characteristics of different traffic after being encapsulated by multi-layer encryption are too simple and prone to feature collision.After that,the packet block feature of encrypted traffic is extracted and used to construct images,which will be sent to convolutional neural network to complete the classification of encrypted VPN traffic.This method has achieved good results in both traffic classification and application identification of encrypted VPN traffic.On the captured OpenVPN dataset and public ISCX-Tor dataset,the accuracy of traffic classification experiments is 97.20%and 93.31%respectively,and the accuracy of application identification experiments is 90.96%and 99.25%respectively,which is higher than the state-of-the-art method.Based on the above methods,this paper designs and implements an encrypted traffic classification system.The system is mainly aimed at network management and network security supervision,and has network traffic capture,analysis and identification functions.In addition,the system also supports user management of classification models.Users can upload datasets to retrain classification models,in order to adapt to different network environments.The system has passed complete tests,and the results show that it can complete all of the preset functions.It can be seen that the encrypted traffic classification system designed in this paper has good flexibility,reliability and stability.