一种多特征融合的加密流量快速分类方法OA北大核心CSTPCD

Network traffic recognition is the foundation of network management and security services.With the continuous expansion and increasing complexity of the Internet,traditional rule-based recognition methods or based on flow behavior characteristics are facing great challenges.Inspired by natural language processing(NLP),this paper proposes a fast classification method for encrypted traffic based on multi-feature fusion.The method completes the feature representation of network flows by combining the packet characteristics of data packets and byte sequences,expands the selected features into a double-byte sequence using binary byte encoding,and adds contextual semantic features of the bytes.By using pooling methods that are suitable for packet feature processing,the proposed model can preserve the feature information of packets to the greatest extent possible,thereby enhancing its noise resistance and more accurate classification ability.The method is validated on the Information Security Center of Excellence-2016(ISCX-2016)and a private dataset containing Encrypted Traffic Datasets for 66 popular applications(ETD66).The results show that the proposed method has significantly better accuracy and performance than other models in ISCX-2016 and ETD66,achieving accuracy of 98.2%and 98.6%,respectively,and thus proving the strong feature extraction ability and the model generalization ability.