Accurate classification of network traffic is the research basis for tasks such as network management, service quality optimization, abnormal traffic detection, etc. Aiming at the problems of incomplete feature extraction of existing methods, a VPN encrypted traffic identification model based on improved residual network is proposed. The model takes the conversation composed of bidirectional flows as the analysis object, first uses the multi-layer convolutional network to extract the spatial structure features of the conversation, then introduces the improved residual unit to increase the width of the backbone network, and uses 1x1 and 3x3 different sizes of convolution kernels on the same level to obtain different scale feature information, and improve the model’s feature representation ability. Finally, the extracted features are expanded into one-dimensional vectors and Softmax funciton is used to classify the encrypted traffic. The Experimental results on public VPN-non VPN dataset show that the proposed model performs better than traditional identification methods, and compared with the well-known methods, the accuracy, precision and recall metrics are improved by 3.32%, 2.65% and 3.79%, respectively.
KEYWORDS: Network security, Internet of things, Mathematical optimization, Statistical analysis, Information security, Feature extraction, Floods, Education and training, Deep learning, Analytical research
With the rise and development of Internet of Things (IoT) technology, more and more devices access the network. However, most of them usually ignore the security issues, the crisis such as large-scale DDoS attacks caused by IoT botnet becomes more and more severe. It is significant to study the behavior of botnet and the detection technology. In order to improve the detection performance of IoT botnet, we analyze the behavior of botnet based on the traffic in IoT environment and propose a detection approach based on hierarchical clustering. Firstly, we capture the network traffic as .pcap files and aggregate packets into data flows based on five-tuple, then extract the basic statistics features by using a time window. Secondly, we analyze the typical features of IoT botnet during waiting period and malicious active period and optimize them by hierarchical clustering. Finally, XGBoost algorithm is used to classify the botnet. To demonstrate the effectiveness of the proposed approach, we trained KNN, Decision Tree, Random Forest models over the same datasets to detect IoT botnet and compared their performance with our approach. The experimental results prove our method can efficiently detect botnet as compared to other trained models.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.