计算机工程与设计
計算機工程與設計
계산궤공정여설계
COMPUTER ENGINEERING AND DESIGN
2010年
2期
278-282
,共5页
业务流分类%加密流量%机器自学习%早期识别%互熵
業務流分類%加密流量%機器自學習%早期識彆%互熵
업무류분류%가밀류량%궤기자학습%조기식별%호적
traffic classification%encrypted traffic%machine learning%early recognition%mutual entropy
为精确高效地识别加密类业务流,给出了一种基于机器自学习的互联网加密业务流早期识别方法.该方法利用加密前后变化不明显的流量统计特征结合机器自学习方法进行识别.首先基于特征与业务类型的互熵来遴选出最优特征用于分类;然后利用所选特征给出了加密业务流总体识别模型,并对模型中的自学习阶段及识别阶段进行了创新,仅选取最能反映协议特点的每条业务流的前几个数据包进行早期识别,达到了对加密业务流高效识别的效果;最后对识别方法进行了性能分析和实验,实验结果表明,基于所选取的最优特征,仅利用每务流前5个数据包即可得到90%以上的流识别精确度.
為精確高效地識彆加密類業務流,給齣瞭一種基于機器自學習的互聯網加密業務流早期識彆方法.該方法利用加密前後變化不明顯的流量統計特徵結閤機器自學習方法進行識彆.首先基于特徵與業務類型的互熵來遴選齣最優特徵用于分類;然後利用所選特徵給齣瞭加密業務流總體識彆模型,併對模型中的自學習階段及識彆階段進行瞭創新,僅選取最能反映協議特點的每條業務流的前幾箇數據包進行早期識彆,達到瞭對加密業務流高效識彆的效果;最後對識彆方法進行瞭性能分析和實驗,實驗結果錶明,基于所選取的最優特徵,僅利用每務流前5箇數據包即可得到90%以上的流識彆精確度.
위정학고효지식별가밀류업무류,급출료일충기우궤기자학습적호련망가밀업무류조기식별방법.해방법이용가밀전후변화불명현적류량통계특정결합궤기자학습방법진행식별.수선기우특정여업무류형적호적래린선출최우특정용우분류;연후이용소선특정급출료가밀업무류총체식별모형,병대모형중적자학습계단급식별계단진행료창신,부선취최능반영협의특점적매조업무류적전궤개수거포진행조기식별,체도료대가밀업무류고효식별적효과;최후대식별방법진행료성능분석화실험,실험결과표명,기우소선취적최우특정,부이용매무류전5개수거포즉가득도90%이상적류식별정학도.
To classify the encrypted traffic accurately and efficiently, an early recognition method of encrypted traffic based on machine learning is given. It relies on the efficient flow statistic characteristics, which are changeless after encryption. Firstly, the statistic cha-racteristics are chosen based on the mutual entropy between traffic types and the characteristics. Then the overall module of the classifi-cation system is given, along with the learning phase and the classification phase. We use only the first few packets to classification the traffic to reduce the time and space resumption, as well as to classify the traffic in the beginning of the flow session. At last, the performance of the system is analyzed both synthetically and using real-world traffic traces, the result show that more than 90% of the accuracy is obtained by using the first 5 packets of a flow.
