东南大学学报(自然科学版)2017,Vol.47Issue(4):655-659,5.DOI:10.3969/j.issn.1001-0505.2017.04.005
基于支持向量机的加密流量识别方法
Identification method of encrypted traffic based on support vector machine
摘要
Abstract
The existing methods of encrypted traffic classification are difficult to effectively distinguish encrypted traffic and compressed file traffic.Through analyzing the encrypted traffic, txt traffic, doc traffic, jpg traffic,and compressed file traffic, it is found that the methods based on information entropy can effectively separate the low entropy traffic and the high entropy traffic.However, this method cannot distinguish non-encrypted compressed file traffic with byte randomness and full flow pseudo randomness.Therefore, the relative entropy feature vector {h0,h1,h2,h3} is employed to distinguish the low entropy traffic and the high entropy traffic,and the Monte Carlo simulation method is used to estimate the error of π value, perror, which can be used to distinguish the local random traffic and the whole random traffic.Finally, a support vector machine (SVM)-based identification method (SVM-ID) for encrypted traffic and non encrypted traffic is proposed.And, the SVM-ID method uses the feature space ΦSVM={h0,h1,h2,h3,perror} as the input.The SVM-ID method is compared with the relative entropy method.The experimental results show that the proposed method can not only identify the encrypted traffic well, but also distinguish the encrypted traffic and the non-encrypted compressed file traffic.关键词
加密流量识别/相对熵/蒙特卡洛仿真/支持向量机Key words
encrypted traffic identification/relative entropy/Monte Carlo simulation/support vector machine分类
信息技术与安全科学引用本文复制引用
程光,陈玉祥..基于支持向量机的加密流量识别方法[J].东南大学学报(自然科学版),2017,47(4):655-659,5.基金项目
国家高技术研究发展计划(863计划)资助项目(2015AA015603)、国家自然科学基金资助项目(61602114)、中兴通讯研究基金资助项目、软件新技术与产业化协同创新中心资助项目. (863计划)
