A Method of Detecting the Abnormal Encrypted Traffic Based on Machine Learning and Behavior Characteristics

Proceedings of the 2019 9th International Conference on Communication and Network Security Pub Date : 2019-11-15 DOI:10.1145/3371676.3371705

Bin Kong, Zhangpu Liu, Guangmin Zhou, Xiaoyan Yu

{"title":"A Method of Detecting the Abnormal Encrypted Traffic Based on Machine Learning and Behavior Characteristics","authors":"Bin Kong, Zhangpu Liu, Guangmin Zhou, Xiaoyan Yu","doi":"10.1145/3371676.3371705","DOIUrl":null,"url":null,"abstract":"Classification of network traffic using port-based or deep packet-based analysis is becoming increasingly difficult with many peer-to-peer(P2P) applications using dynamic port numbers, especially in massive data streams. In view of the problem that traditional method cannot be self-learning and self-evolving in dynamic networks, this paper proposed an abnormally encrypted traffic detection method based on machine learning and behavior characteristics, this approach can not only identify unknown abnormal traffic, but eliminate specific feature extraction in advance, which can effectively improve the accuracy of the abnormal encrypted traffic detection system. In this paper, we processed the network traffic data with using a machine learning approach combined behavior characteristics of applications, the experimental results show that in the complex network, the abnormal encrypted data stream detection method based on machine learning and behavior characteristics has higher recognition accuracy and can more effectively solve the problem of abnormally encrypted traffic identification.","PeriodicalId":352443,"journal":{"name":"Proceedings of the 2019 9th International Conference on Communication and Network Security","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2019 9th International Conference on Communication and Network Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3371676.3371705","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Classification of network traffic using port-based or deep packet-based analysis is becoming increasingly difficult with many peer-to-peer(P2P) applications using dynamic port numbers, especially in massive data streams. In view of the problem that traditional method cannot be self-learning and self-evolving in dynamic networks, this paper proposed an abnormally encrypted traffic detection method based on machine learning and behavior characteristics, this approach can not only identify unknown abnormal traffic, but eliminate specific feature extraction in advance, which can effectively improve the accuracy of the abnormal encrypted traffic detection system. In this paper, we processed the network traffic data with using a machine learning approach combined behavior characteristics of applications, the experimental results show that in the complex network, the abnormal encrypted data stream detection method based on machine learning and behavior characteristics has higher recognition accuracy and can more effectively solve the problem of abnormally encrypted traffic identification.

查看原文本刊更多论文

基于机器学习和行为特征的异常加密流量检测方法

随着许多点对点(P2P)应用程序使用动态端口号，特别是在海量数据流中，使用基于端口或基于深度包的分析对网络流量进行分类变得越来越困难。针对传统方法在动态网络中无法自学习自进化的问题，本文提出了一种基于机器学习和行为特征的异常加密流量检测方法，该方法不仅可以识别未知的异常流量，而且可以提前消除特定特征提取，可以有效提高异常加密流量检测系统的准确率。本文利用机器学习方法结合应用行为特征对网络流量数据进行处理，实验结果表明，在复杂网络中，基于机器学习和行为特征的异常加密数据流检测方法具有更高的识别精度，能够更有效地解决异常加密流量识别问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2019 9th International Conference on Communication and Network Security

自引率

0.00%

发文量