Encrypted Traffic Protocol Identification Based on Temporal and Spatial Features

Abstract

Cryptographic technology is the foundation and key to securing cyberspace, but there are still widespread cases of non-compliance and incorrectness in cryptographic applications, especially commercial cryptographic applications, etc. Detecting the compliance of encryption protocol cipher suites is an important part of carrying out cryptographic evaluation. Aiming at the difficult problems such as insufficient and insignificant extraction of encrypted traffic protocol features and poor effect of encrypted traffic protocol identification model, the concept of network traffic temporal relationship is invoked to comprehensively extract and learn the encrypted traffic protocol temporal features and control the redundant feature weights to highlight the key features in order to improve the identification accuracy. Through comparative experiments, we analyze the influence of temporal and spatial features on recognition effect, fuse spatio-temporal features of traffic, and propose a Transformer and Attention_CNN (TAC) fusion model of encrypted traffic protocol recognition to solve the problem of low accuracy of single feature recognition. The experimental results show that the proposed scheme can effectively distinguish various network protocols and accomplish the purpose of verifying the compliance of cipher suites in encryption protocols.