A graph representation framework for encrypted network traffic classification

IF 4.8 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Zulu Okonkwo, Ernest Foo, Zhe Hou, Qinyi Li, Zahra Jadidi
{"title":"A graph representation framework for encrypted network traffic classification","authors":"Zulu Okonkwo,&nbsp;Ernest Foo,&nbsp;Zhe Hou,&nbsp;Qinyi Li,&nbsp;Zahra Jadidi","doi":"10.1016/j.cose.2024.104134","DOIUrl":null,"url":null,"abstract":"<div><div>Network Traffic Classification (NTC) is crucial for ensuring internet security, but encryption presents significant challenges to this task. While Machine Learning (ML) and Deep Learning (DL) methods have shown promise, issues such as limited representativeness leading to sub-optimal generalizations and performance remain prevalent. These problems become more pronounced with advanced obfuscation, network security, and privacy technologies, indicating a need for improved model robustness. To address these issues, we focus on <em>feature extraction</em> and <em>representation</em> in NTC by leveraging the expressive power of graphs to represent network traffic at various granularity levels. By modeling network traffic as interconnected graphs, we can analyze both flow-level and packet-level data. Our graph representation method for encrypted NTC effectively preserves crucial information despite encryption and obfuscation. We enhance the robustness of our approach by using cosine similarity to exploit correlations between encrypted network flows and packets, defining relationships between abstract entities. This graph structure enables the creation of structural embeddings that accurately define network traffic across different encryption levels. Our end-to-end process demonstrates significant improvements where traditional NTC methods struggle, such as in Tor classification, which employs anonymization to further obfuscate traffic. Our packet-level classification approach consistently outperforms existing methods, achieving accuracies exceeding 96%.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104134"},"PeriodicalIF":4.8000,"publicationDate":"2024-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824004395","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Network Traffic Classification (NTC) is crucial for ensuring internet security, but encryption presents significant challenges to this task. While Machine Learning (ML) and Deep Learning (DL) methods have shown promise, issues such as limited representativeness leading to sub-optimal generalizations and performance remain prevalent. These problems become more pronounced with advanced obfuscation, network security, and privacy technologies, indicating a need for improved model robustness. To address these issues, we focus on feature extraction and representation in NTC by leveraging the expressive power of graphs to represent network traffic at various granularity levels. By modeling network traffic as interconnected graphs, we can analyze both flow-level and packet-level data. Our graph representation method for encrypted NTC effectively preserves crucial information despite encryption and obfuscation. We enhance the robustness of our approach by using cosine similarity to exploit correlations between encrypted network flows and packets, defining relationships between abstract entities. This graph structure enables the creation of structural embeddings that accurately define network traffic across different encryption levels. Our end-to-end process demonstrates significant improvements where traditional NTC methods struggle, such as in Tor classification, which employs anonymization to further obfuscate traffic. Our packet-level classification approach consistently outperforms existing methods, achieving accuracies exceeding 96%.
加密网络流量分类的图表示框架
网络流量分类(NTC)对于确保互联网安全至关重要,但加密给这项任务带来了巨大挑战。虽然机器学习(ML)和深度学习(DL)方法已显示出良好的前景,但诸如代表性有限导致概括和性能未达到最佳等问题仍然普遍存在。随着先进的混淆、网络安全和隐私技术的发展,这些问题变得更加突出,这表明需要提高模型的鲁棒性。为了解决这些问题,我们利用图的表现力来表示不同粒度水平的网络流量,重点关注 NTC 中的特征提取和表示。通过将网络流量建模为相互连接的图,我们可以分析流量级和数据包级数据。尽管进行了加密和混淆,我们用于加密 NTC 的图表示方法仍能有效保留关键信息。我们利用余弦相似性来利用加密网络流和数据包之间的相关性,定义抽象实体之间的关系,从而增强了我们方法的鲁棒性。这种图结构能够创建结构嵌入,准确定义不同加密级别的网络流量。我们的端到端流程在传统 NTC 方法难以解决的问题上取得了显著改进,例如在 Tor 分类中,该方法采用匿名化来进一步混淆流量。我们的数据包级分类方法始终优于现有方法,准确率超过 96%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Computers & Security
Computers & Security 工程技术-计算机:信息系统
CiteScore
12.40
自引率
7.10%
发文量
365
审稿时长
10.7 months
期刊介绍: Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信