Adaptive Encrypted Traffic Characterization via Deep Representation Learning

2022 Intermountain Engineering, Technology and Computing (IETC) Pub Date : 2022-05-01 DOI:10.1109/ietc54973.2022.9796734

Jonathan Wintrode, D. Detienne

{"title":"Adaptive Encrypted Traffic Characterization via Deep Representation Learning","authors":"Jonathan Wintrode, D. Detienne","doi":"10.1109/ietc54973.2022.9796734","DOIUrl":null,"url":null,"abstract":"Near ubiquitous encryption poses a challenge for security and quality of service (QoS) applications that rely on deep packet inspection (DPI) techniques for categorizing traffic types or threats. However, recent work has shown that machine learning (ML) on temporal flow statistics as well as convolutional neural network (CNN) methods applied to raw packets are able to classify network traffic even in the face of encryption. Unfortunately, many such methods often lack the ability to generalize to new categories, a critical requirement in our constantly evolving networks. Building on previous approaches we apply CNN models to the characterization task within a deep representation learning framework. The network acts as a feature extractor which is input to a lightweight support vector machine (SVM) classifier for the final output. By training the networks with an angular softmax loss in addition to the typical crossentropy loss, we can improve on the state of the art in terms of both classification accuracy and detection error. Furthermore we demonstrate that learned features provide the ability to label traffic categories not seen in neural network training.","PeriodicalId":251518,"journal":{"name":"2022 Intermountain Engineering, Technology and Computing (IETC)","volume":"2009 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 Intermountain Engineering, Technology and Computing (IETC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ietc54973.2022.9796734","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Near ubiquitous encryption poses a challenge for security and quality of service (QoS) applications that rely on deep packet inspection (DPI) techniques for categorizing traffic types or threats. However, recent work has shown that machine learning (ML) on temporal flow statistics as well as convolutional neural network (CNN) methods applied to raw packets are able to classify network traffic even in the face of encryption. Unfortunately, many such methods often lack the ability to generalize to new categories, a critical requirement in our constantly evolving networks. Building on previous approaches we apply CNN models to the characterization task within a deep representation learning framework. The network acts as a feature extractor which is input to a lightweight support vector machine (SVM) classifier for the final output. By training the networks with an angular softmax loss in addition to the typical crossentropy loss, we can improve on the state of the art in terms of both classification accuracy and detection error. Furthermore we demonstrate that learned features provide the ability to label traffic categories not seen in neural network training.

查看原文本刊更多论文

基于深度表示学习的自适应加密流量表征

对于依赖深度包检测(DPI)技术对流量类型或威胁进行分类的安全和服务质量(QoS)应用程序来说，几乎无处不在的加密提出了挑战。然而，最近的研究表明，机器学习(ML)对时间流量统计以及卷积神经网络(CNN)方法应用于原始数据包，即使面对加密也能够对网络流量进行分类。不幸的是，许多这样的方法往往缺乏泛化到新类别的能力，这是我们不断发展的网络的关键要求。在之前方法的基础上，我们将CNN模型应用于深度表示学习框架内的表征任务。该网络作为特征提取器，将其输入到轻量级支持向量机(SVM)分类器中以获得最终输出。除了典型的交叉熵损失外，通过训练带有角度softmax损失的网络，我们可以在分类精度和检测误差方面提高目前的水平。此外，我们证明了学习到的特征提供了标记神经网络训练中未见的流量类别的能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 Intermountain Engineering, Technology and Computing (IETC)

自引率

0.00%

发文量