引用本文
  • 崔苏苏,刘宝旭,董聪,姜波,卢志刚,张辰.加密流量识别技术综述[J].信息安全学报,已采用    [点击复制]
  • CUI Susu,LIU Baoxu,DONG Cong,JIANG Bo,LU Zhigang,ZHANG Chen.Overview of Encrypted Traffic Identification Technology[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 6215次   下载 738  
加密流量识别技术综述
崔苏苏, 刘宝旭, 董聪, 姜波, 卢志刚, 张辰
0
(中国科学院信息工程研究所)
摘要:
流量识别技术作为网络防护和管理的关键手段, 可帮助网络管理员及时阻止恶意行为的传播和进行网络资源的优化。当前, 随着数据安全意识的增强,网络服务和应用普遍采用加密协议来保障通信内容的安全。虽然该方法可以有效增强数据的保密性, 但同时也给网络管理带来新的挑战。通信内容在经过加密算法的变化后, 载荷不再具有明显的字符特征, 因此传统的流量识别方法无法对加密流量进行有效识别。为此, 研究人员针对加密流量识别技术进行了大量研究。本文首先对流量识别的基础概念进行了介绍, 包括识别对象和主流加密协议的调研;然后根据不同的场景需求, 基于协议栈由底向上的角度对当前需求较为迫切的加密任务进行了梳理;其次通过对当前现有的加密流量识别方法进行归纳比较, 从基于深度包检测、基于传统机器学习、基于深度学习三个方面对加密流量识别方法进行综述;基于多维信息融合以及深度学习强大学习能力的优势, 多模式混合方法有望在未来成为加密流量识别方法的突破性技术;最后, 本文基于当前研究进展对加密流量识别技术的未来发展方向进行研究展望。
关键词:  加密流量识别  加密协议  统计特征  机器学习  深度学习
DOI:10.19363/J.cnki.cn10-1380/tn.2023.08.18
投稿时间:2021-03-03修订日期:2021-04-20
基金项目:国家重点研发计划, CCF-绿盟科技“鲲鹏”基金, 中国科学院战略性先导C 类, 中国科学院青年创新促进会, 国家自然科学青年基金
Overview of Encrypted Traffic Identification Technology
CUI Susu, LIU Baoxu, DONG Cong, JIANG Bo, LU Zhigang, ZHANG Chen
(IIE CAS)
Abstract:
As a key component of network protection and management, traffic identification technology can offer network admin-istrators the ability to stop the spread of malicious behavior and optimize network resources in a timely manner. Cur-rently, with the increasing awareness of data security, network services and applications commonly adopt encryption protocols to secure communication contents. Although this method can effectively enhance the confidentiality of data, it also brings new challenges to network management. After the change of encryption algorithm, the payload no longer has obvious character features, so the traditional traffic identification methods cannot effectively identify the encrypted traf-fic. For this reason, researchers have conducted a lot of research on encrypted traffic identification techniques. In this paper, we firstly introduce the basic concept of traffic identification, including the research of identification objects and mainstream encryption protocols; then we sort out the current urgent encryption tasks based on the bottom-up perspec-tive of the protocol stack according to different scenarios. Secondly, we summarize and compare the current existing encrypted traffic identification methods, and compare the encrypted traffic identification methods based on deep packet inspection, traditional machine learning, and deep learning. Based on the advantages of multi-dimensional information fusion and the powerful learning ability of deep learning, the multi-modal hybrid method is expected to be a break-through technology for encrypted traffic recognition in the future. Finally, we provides an outlook on the future devel-opment direction of encrypted traffic identification technology based on the current research progress.
Key words:  encrypted traffic identification, encryption protocols, statistical features, machine learning, deep learning