基于N-gram熵和累积和检验的加密流量识别

Proceedings of the 13th International Conference on Future Internet Technologies Pub Date : 2018-06-20 DOI:10.1145/3226052.3226057

Guang Cheng, Ying Hu

{"title":"基于N-gram熵和累积和检验的加密流量识别","authors":"Guang Cheng, Ying Hu","doi":"10.1145/3226052.3226057","DOIUrl":null,"url":null,"abstract":"Since existing methods using entropy are less effective in characterizing encrypted traffic, this paper proposes an encrypted traffic identification method based on n-gram entropy and cumulative sum. This method analyzes the entropy characteristics of n-gram entropy for text, picture, compressed file, and encrypted traffic in the network. Furthermore, an analysis of cumulative sum is performed to better distinguish compressed file traffic and encrypted traffic. The experiments show that our propsed method reaches high accuracy for encrypted traffic identification and performs well in distinguishing compressed file traffic and encrypted traffic.","PeriodicalId":409980,"journal":{"name":"Proceedings of the 13th International Conference on Future Internet Technologies","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2018-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Encrypted Traffic Identification Based on N-gram Entropy and Cumulative Sum Test\",\"authors\":\"Guang Cheng, Ying Hu\",\"doi\":\"10.1145/3226052.3226057\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Since existing methods using entropy are less effective in characterizing encrypted traffic, this paper proposes an encrypted traffic identification method based on n-gram entropy and cumulative sum. This method analyzes the entropy characteristics of n-gram entropy for text, picture, compressed file, and encrypted traffic in the network. Furthermore, an analysis of cumulative sum is performed to better distinguish compressed file traffic and encrypted traffic. The experiments show that our propsed method reaches high accuracy for encrypted traffic identification and performs well in distinguishing compressed file traffic and encrypted traffic.\",\"PeriodicalId\":409980,\"journal\":{\"name\":\"Proceedings of the 13th International Conference on Future Internet Technologies\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 13th International Conference on Future Internet Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3226052.3226057\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 13th International Conference on Future Internet Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3226052.3226057","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

针对现有的基于熵的加密流量特征识别方法效果较差的问题，本文提出了一种基于n-gram熵和累积和的加密流量识别方法。该方法分析了网络中文本、图片、压缩文件和加密流量的n-gram熵的熵特征。此外，还进行了累积和分析，以便更好地区分压缩文件流量和加密流量。实验表明，该方法对加密流量的识别准确率较高，对压缩文件流量和加密流量的区分效果良好。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Encrypted Traffic Identification Based on N-gram Entropy and Cumulative Sum Test

Since existing methods using entropy are less effective in characterizing encrypted traffic, this paper proposes an encrypted traffic identification method based on n-gram entropy and cumulative sum. This method analyzes the entropy characteristics of n-gram entropy for text, picture, compressed file, and encrypted traffic in the network. Furthermore, an analysis of cumulative sum is performed to better distinguish compressed file traffic and encrypted traffic. The experiments show that our propsed method reaches high accuracy for encrypted traffic identification and performs well in distinguishing compressed file traffic and encrypted traffic.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 13th International Conference on Future Internet Technologies

自引率

0.00%

发文量