基于路径签名表征学习的加密流量检测

doi:10.6040/j.issn.1671-9352.9.2025.002

摘要/Abstract

摘要： 针对加密流量间交互行为特征的提取存在不足等问题,提出了一种基于路径签名表征学习的加密流量检测方法(path signature feature representation learning, PSFREL),利用路径签名来表征流量间隐藏的、不受加密影响的交互行为特征,使用自动编码器提取字段级局部特征,并使用结合通道注意力机制的残差网络 Cam-resnet 提取流量全局特征,形成多粒度流量特征后进行加密流量检测。在ISCX VPN-nonVPN等4个加密流量数据集上的评测结果显示,PSFREL的平均F1达到 94.91%。

关键词: 加密流量, 路径签名, 特征工程, 残差网络

Abstract: Aiming at the problems of insufficient extraction of interactive behavioral features between encrypted flows, a PSFREL(Path Signature Feature Representation Learning)based encrypted flow detection method is proposed.Signature feature representation learning(PSFREL), which uses path signatures to characterize the hidden, unaffected by encryption interactions between traffic flows, uses an autoencoder to extract local features at the field level, and uses the residual network Cam-resnet, which combines the attention mechanism of the channel, to extract the global features of the traffic flow, forming a multi-granularity flow features for encrypted traffic detection. Comprehensive benchmarking across four encrypted network flow datasets(e.g., ISCX VPN-nonVPN)showcases the PSFREL frameworks capability to attain a 94.91% mean F1-Score.

Key words: encrypted traffic, path signatures, feature engineering, residual network

中图分类号:

TP309

闫雷鸣,周吉,张欢,陈先意. 基于路径签名表征学习的加密流量检测[J]. 《山东大学学报(理学版)》, 2026, 61(3): 1-10.

参考文献

[1] 侯剑,鲁辉,刘方爱,等. 加密恶意流量检测及对抗综述[J]. 软件学报,2024,35(1):333-355. HOU Jian, LU Hui, LIU Fangai, et al. A review of encrypted malicious traffic detection and countermeasure[J]. Journal of Software, 2024, 35(1):333-355.
[2] 陈子涵,程光,徐子恒,等. 互联网加密流量检测、分类与识别研究综述[J]. 计算机学报,2023,46(5):1060-1085. CHEN CHENG Zihan, XU Guang, XU Ziheng, et al. A review of research on detection, classification and recognition of encrypted traffic on the internet[J]. Journal of Computing, 2023, 46(5):1060-1085.
[3] LONG G, ZHANG Z X. Deep encrypted traffic detection: an anomaly detection framework for encryption traffic based on parallel automatic feature extraction[J]. Computational Intelligence and Neuroscience, 2023, 2023:3316642.
[4] LOTFOLLAHI M, JAFARI S M, SHIRALI H Z R, et al. Deep packet: a novel approach for encrypted traffic classification using deep learning[J]. Soft Computing, 2020, 24(3):1999-2012.
[5] AGRAWAL S, SOHI B S. Feature optimization and performance evaluation of machine learning algorithms for identification of P2P traffic[J]. Journal of Advances in Information Technology, 2012, 3(2):107-114.
[6] WANG Z H, THING V L L. Feature mining for encrypted malicious traffic detection with deep learning and other machine learning algorithms[J]. Computers & Security, 2023, 128:103143.
[7] ZHAO J J, LI Q, HONG Y P, et al. MetaRockETC: adaptive encrypted traffic classification in complex network environments via time series analysis and meta-learning[J]. IEEE Transactions on Network and Service Management, 2024, 21(2):2460-2476.
[8] CHEN C, QU L F, AMIRPOUR H, et al. On the security of selectively encrypted HEVC video bitstreams[J]. ACM Transactions on Multimedia Computing, Communications, and Applications, 2024, 20(9):1-27.
[9] WANG Z H, WANG J R, LIU Y, et al. Privacy-preserving attribute-based access control scheme with intrusion detection and policy hiding for data sharing in VANET[J]. IEEE Internet of Things Journal, 2024, 11(13):23348-23369.
[10] 谷勇浩,徐昊,张晓青. 基于多粒度表征学习的加密恶意流量检测[J]. 计算机学报,2023,46(9):1888-1899. GU Yonghao, XU Hao, ZHANG Xiaoqing. Encrypted malicious traffic detection based on multi-granularity representation learning[J]. Journal of Computing, 2023, 46(9):1888-1899.
[11] XU S J, GENG G G, JIN X B, et al. Seeing traffic paths: encrypted traffic classification with path signature features[J]. IEEE Transactions on Information Forensics and Security, 2022, 17:2166-2181.
[12] CHEVYREV I, KORMILITZIN A. A primer on the signature method in machine learning[EB/OL]. https://arxiv.org/abs/1603.03788
[13] WANG Y, ZHANG L, CHEN H. High-frequency trading anomaly detection via signature-transformer[J]. IEEE Transactions on Financial Informatics, 2023, 19(4):1234-1245.
[14] LI H, WANG Q, LIU Z. Reinforcement learning optimized path signatures for motion rehabilitation assessment[J]. ACM Transactions on Health Informatics, 2023, 10(3):1-18.
[15] GUO S, ZHOU T, LI H. Dynamic gene regulatory network modeling via path signature-GNN[J]. Bioinformatics, 2024, 40(1):1-10.
[16] ZHAO Z M, LI Z X, JIANG J L, et al. ERNN: error-resilient RNN for encrypted traffic detection towards network-induced phenomena[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 99:1-18.
[17] WANG Q L, WU B G, ZHU P F, et al. ECA-net: efficient channel attention for deep convolutional neural networks[C] //2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR). Seattle: IEEE, 2020:11534-11542.
[18] 麻文刚,张亚东,郭进. 基于LSTM与改进残差网络优化的异常流量检测方法[J]. 通信学报,2021,42(5):23-40. MA Wengang, ZHANG Yadong, GUO Jin. Anomalous traffic detection method based on LSTM with improved residual network optimization[J]. Journal of Communications, 2021, 42(5):23-40.
[19] ZHANG S H, MA L F, LIU H J. Encryption-decryption-based event-triggered consensus control for nonlinear MASs under DoS attacks[J]. International Journal of Robust and Nonlinear Control, 2024, 34(1):132-146.
[20] WANG M N, ZHENG K F, LUO D, et al. An encrypted traffic classification framework based on convolutional neural networks and stacked autoencoders[C] //2020 IEEE 6th International Conference on Computer and Communications(ICCC).Chengdu: IEEE, 2020:634-641.
[21] WANG Z H, THING V L L. Feature mining for encrypted malicious traffic detection with deep learning and other machine learning algorithms[J]. Computers & Security, 2023, 128:103143.
[22] CUI S S, JIANG B, CAI Z Z, et al. A session-packets-based encrypted traffic classification using capsule neural networks[C] //2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems(HPCC/SmartCity/DSS). Zhangjiajie: IEEE, 2019.

相关文章 15

[1]	李飞序,严飞,程斌林,张立强. 面向LPWAN的受限设备协议漏洞自动化检测框架[J]. 《山东大学学报(理学版)》, 2023, 58(9): 39-50.
[2]	赵博,秦静,刘晋璐. 支持通配符和模糊搜索的加密方案[J]. 《山东大学学报(理学版)》, 2023, 58(9): 28-38.
[3]	吕娇,张茜,秦静. 时间可控的指定测试者可搜索代理重加密方案[J]. 《山东大学学报(理学版)》, 2023, 58(9): 16-27.
[4]	成秀珍,吕卫锋,徐明辉,潘润宇,于东晓,王晨旭,禹勇,肖雪. 元计算: 零信任下的新型计算范式[J]. 《山东大学学报(理学版)》, 2023, 58(9): 1-15.
[5]	巫朝霞,王弋. 基于Paillier同态的异质频谱安全拍卖算法[J]. 《山东大学学报(理学版)》, 2021, 56(3): 23-27.
[6]	张超,梁英,方浩汕. 支持隐私保护的社交网络信息推荐方法[J]. 《山东大学学报(理学版)》, 2020, 55(3): 9-18.
[7]	李颖,胡俊. 基于分布式消息驱动的分层可信密码服务框架[J]. 《山东大学学报(理学版)》, 2020, 55(3): 19-27.
[8]	胡俊,刁子朋. vTCM:一种基于物理可信计算环境虚拟化的虚拟可信密码模块[J]. 《山东大学学报(理学版)》, 2019, 54(7): 77-88.
[9]	屈娟,冯玉明,李艳平,李丽. 可证明的基于扩展混沌映射的匿名多服务器身份认证协议[J]. 《山东大学学报(理学版)》, 2019, 54(5): 44-51.
[10]	许佳,蒋鹏. 视觉和物体显著性检测方法[J]. 《山东大学学报(理学版)》, 2019, 54(3): 28-37.
[11]	吴福生,张焕国,倪明涛,王俊. 基于密码协议实现的行为安全分析模型[J]. 《山东大学学报(理学版)》, 2019, 54(3): 18-27.
[12]	谢小杰,梁英,董祥祥. 社交网络用户敏感属性迭代识别方法[J]. 《山东大学学报(理学版)》, 2019, 54(3): 10-17, 27.
[13]	常天天,陈兴蜀,罗永刚,兰晓. 面向Hive的基于安全域的数据隔离保护框架[J]. 《山东大学学报(理学版)》, 2019, 54(3): 1-9.
[14]	毋泽南,田立勤,王志刚. 一种结合滑动窗口和推荐信任的用户行为信任评估[J]. 《山东大学学报(理学版)》, 2019, 54(1): 53-59.
[15]	杜瑶瑶,潘平,令狐金花. 基于信息距离的信息系统等级保护评价方法[J]. 《山东大学学报(理学版)》, 2019, 54(1): 47-52.

多维度评价

Viewed

Full text

Abstract

Cited

Shared

Discussed