Behavior-Based Method for Real-Time Identification of Encrypted Proxy Traffic

2021 13th International Conference on Communication Software and Networks (ICCSN) Pub Date : 2021-06-04 DOI:10.1109/ICCSN52437.2021.9463594

Ping Luo, Fei Wang, Shuhui Chen, Zhenxing Li

{"title":"Behavior-Based Method for Real-Time Identification of Encrypted Proxy Traffic","authors":"Ping Luo, Fei Wang, Shuhui Chen, Zhenxing Li","doi":"10.1109/ICCSN52437.2021.9463594","DOIUrl":null,"url":null,"abstract":"Encrypted proxy is often used to hide malicious behavior or criminal activity on the Internet. Therefore, identifying encrypted proxy traffic is essential for network management and communication security. Existing researches usually use statistical features to profile network flows, which only have limited effects on encrypted proxy traffic, and are not suitable for real-time identification. In this paper, a novel behavior-based approach for encrypted proxy traffic detection is proposed. Two unique behavior features, IP proxy and data encryption behaviors, which are highly related to the activity of accessing network through encrypted proxies, are defined as learning features. Machine learning techniques are adopted for encrypted proxy traffic identification. The experiments on a real V2Ray traffic dataset demonstrate that the behavior-based method can identify encrypted proxy traffic with high accuracy, up to 99.86%. Besides, the method can timely seek out target flows, as all those behavior features can be obtained in the first packet.","PeriodicalId":263568,"journal":{"name":"2021 13th International Conference on Communication Software and Networks (ICCSN)","volume":"64 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 13th International Conference on Communication Software and Networks (ICCSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCSN52437.2021.9463594","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Encrypted proxy is often used to hide malicious behavior or criminal activity on the Internet. Therefore, identifying encrypted proxy traffic is essential for network management and communication security. Existing researches usually use statistical features to profile network flows, which only have limited effects on encrypted proxy traffic, and are not suitable for real-time identification. In this paper, a novel behavior-based approach for encrypted proxy traffic detection is proposed. Two unique behavior features, IP proxy and data encryption behaviors, which are highly related to the activity of accessing network through encrypted proxies, are defined as learning features. Machine learning techniques are adopted for encrypted proxy traffic identification. The experiments on a real V2Ray traffic dataset demonstrate that the behavior-based method can identify encrypted proxy traffic with high accuracy, up to 99.86%. Besides, the method can timely seek out target flows, as all those behavior features can be obtained in the first packet.

查看原文本刊更多论文

基于行为的加密代理流量实时识别方法

加密代理通常用于隐藏互联网上的恶意行为或犯罪活动。因此，识别加密的代理流量对于网络管理和通信安全至关重要。现有研究通常使用统计特征来描述网络流量，对加密代理流量的影响有限，不适合实时识别。本文提出了一种基于行为的加密代理流量检测方法。将IP代理和数据加密行为这两个独特的行为特征定义为学习特征，这两个行为特征与通过加密代理访问网络的活动高度相关。采用机器学习技术对加密代理流量进行识别。在真实V2Ray流量数据集上的实验表明，基于行为的方法可以识别加密代理流量，准确率高达99.86%。此外，该方法可以在第一个数据包中获得所有的行为特征，从而可以及时地寻找目标流。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 13th International Conference on Communication Software and Networks (ICCSN)

自引率

0.00%

发文量