软件学报
軟件學報
연건학보
JOURNAL OF SOFTWARE
2013年
6期
1334-1345
,共12页
赵博%郭虹%刘勤让%邬江兴
趙博%郭虹%劉勤讓%鄔江興
조박%곽홍%류근양%오강흥
流量分类%加密流量识别%累积和检验
流量分類%加密流量識彆%纍積和檢驗
류량분류%가밀류량식별%루적화검험
traffic classification%encrypted traffic identification%cumulative sum test
针对加密流量的在线普适识别问题,提出一种基于加权累积和检验的时延自适应加密流量盲识别算法。利用加密数据的随机性特点,对网络报文逐一实施累积和检验,根据报文长度将结果进行加权综合。无需解密操作,也无需匹配特定内容,实现了对加密流量的普适识别。可动态调整报文的检测数量,以达到时延和准确率的统一,实现在线识别。仿真结果显示,对公开和未公开的加密协议流量,识别率均可达到90%以上。
針對加密流量的在線普適識彆問題,提齣一種基于加權纍積和檢驗的時延自適應加密流量盲識彆算法。利用加密數據的隨機性特點,對網絡報文逐一實施纍積和檢驗,根據報文長度將結果進行加權綜閤。無需解密操作,也無需匹配特定內容,實現瞭對加密流量的普適識彆。可動態調整報文的檢測數量,以達到時延和準確率的統一,實現在線識彆。倣真結果顯示,對公開和未公開的加密協議流量,識彆率均可達到90%以上。
침대가밀류량적재선보괄식별문제,제출일충기우가권루적화검험적시연자괄응가밀류량맹식별산법。이용가밀수거적수궤성특점,대망락보문축일실시루적화검험,근거보문장도장결과진행가권종합。무수해밀조작,야무수필배특정내용,실현료대가밀류량적보괄식별。가동태조정보문적검측수량,이체도시연화준학솔적통일,실현재선식별。방진결과현시,대공개화미공개적가밀협의류량,식별솔균가체도90%이상。
A protocol independent identification algorithm is proposed to identify encrypted traffic from both public and private encryption protocols. The randomness of the packet is evaluated by a cumulative test. In addition, results are weighted conflated. A test is performed when every new packet arrived rather than after all packets have received, so that time consumed computation is avoided. The quantity of packets may vary dynamically according to delay and accuracy requirement. Experiments results show that the algorithm achieves accuracy above 90%for SSL and private encryption protocol traffic.
