基于卷积神经网络的应用层协议识别方法

doi:10.11772/j.issn.1001-9081.2019060977

计算机应用 ›› 2019, Vol. 39 ›› Issue (12): 3615-3621.DOI: 10.11772/j.issn.1001-9081.2019060977

基于卷积神经网络的应用层协议识别方法

冯文博¹, 洪征¹, 吴礼发², 李毅豪¹, 林培鸿¹

1. 中国人民解放军陆军工程大学指挥控制工程学院, 南京 210007;
2. 南京邮电大学计算机学院, 南京 210023

收稿日期:2019-06-12 修回日期:2019-09-03 出版日期:2019-12-10 发布日期:2019-10-08
作者简介:冯文博(1994-),男,河南周口人,硕士研究生,主要研究方向:网络协议识别、机器学习;洪征(1979-),男,江苏南京人,副教授,博士,主要研究方向:网络安全、协议逆向工程;吴礼发(1968-),男,湖北黄石人,教授,博士,CCF会员,主要研究方向:网络安全、网络管理;李毅豪(1996-),男,湖南长沙人,硕士研究生,主要研究方向:协议逆向工程;林培鸿(1996-),男,福建漳州人,硕士研究生,主要研究方向:协议逆向工程。
基金资助:
国家重点研发计划项目（2017YFB0802900）；南京邮电大学高层次人才启动基金资助项目（NY219004）。

Application protocol recognition method based on convolutional neural network

FENG Wenbo¹, HONG Zheng¹, WU Lifa², LI Yihao¹, LIN Peihong¹

1. College of Command and Control Engineering, Army Engineering University of PLA, Nanjing Jiangsu 210007, China;
2. College of Computer Science and Technology, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210023, China

Received:2019-06-12 Revised:2019-09-03 Online:2019-12-10 Published:2019-10-08
Contact: 洪征
Supported by:
This work is partially supported by the National Key Research and Development Program of China (2017YFB0802900), the Startup Foundation for Advanced Talents of Nanjing University of Posts and Telecommunications (NY219004).

摘要/Abstract

摘要： 针对传统网络协议识别方法中人工提取特征困难以及识别准确率低等问题，提出了一种基于卷积神经网络（CNN）的应用层协议识别方法。首先，基于完整的传输控制协议（TCP）连接或用户数据报协议（UDP）交互划分原始网络数据，从中提取出网络流；其次，通过数据预处理将网络流转化为二维矩阵，便于CNN的分析处理；然后，利用训练样本集合训练CNN模型，自动化提取出网络协议特征；最终，基于训练成熟的CNN模型进行应用层网络协议的识别。实验结果表明，所提方法的总体协议识别准确率约为99.70%，能有效实现应用层协议的识别。

关键词: 应用层协议, 网络流, 协议识别, 特征工程, 卷积神经网络

Abstract: To solve the problems in traditional network protocol recognition methods, such as difficulty of manual feature extraction and low recognition accuracy, an application protocol recognition method based on Convolutional Neural Network (CNN) was proposed. Firstly, the raw network data was divided according to Transmission Control Protocol (TCP) connection or User Datagram Protocol (UDP) interaction, and the network flow was extracted. Secondly, the network flow was converted into a two-dimensional matrix through data prepocessing to facilitate the CNN analysis. Then, a CNN model was trained using the training set to extract protocol features automatically. Finally, the trained CNN model was used to recognize the application network protocols. The experimental results show that, the overall recognition accuracy of the proposed method is about 99.70%, which can effectively recognize the application protocols.

Key words: application protocol, network flow, protocol recognition, feature engineering, Convolutional Neural Network (CNN)

中图分类号:

TP393.0

冯文博, 洪征, 吴礼发, 李毅豪, 林培鸿. 基于卷积神经网络的应用层协议识别方法[J]. 计算机应用, 2019, 39(12): 3615-3621.

FENG Wenbo, HONG Zheng, WU Lifa, LI Yihao, LIN Peihong. Application protocol recognition method based on convolutional neural network[J]. Journal of Computer Applications, 2019, 39(12): 3615-3621.

参考文献

[1] 陈亮,龚俭,徐选.应用层协议识别算法综述[J].计算机科学,2007,34(7):73-75.(CHEN L, GONG J, XU X. A survey of application-level protocol identification algorithm[J]. Computer Science, 2007, 34(7):73-75.)
[2] 王一鹏,云晓春,张永铮,等.基于主动学习和SVM方法的网络协议识别技术[J].通信学报,2013(10):135-142.(WANG Y P, YUN X C, ZHANG Y Z, et al. Network protocol identification based on active learning and SVM algorithm[J]. Journal on Communications, 2013, 34(10):135-142.)
[3] 邹腾宽,汪钰颖,吴承荣.网络背景流量的分类与识别研究综述[J].计算机应用,2019,39(3):802-811.(ZOU T K, WANG Y Y, WU C R. Review of network background traffic classification and identification[J]. Journal of Computer Applications, 2019, 39(3):802-811.)
[4] JOE T, ELIOT L, ALLISON M, et al. Service name and transport protocol port number registry[EB/OL].[2019-09-23]. https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml.
[5] 张蕾,崔勇,刘静,等.机器学习在网络空间安全研究中的应用[J].计算机学报,2018,41(9):1943-1975.(ZHANG L, CUI Y, LIU J, et al. Application of machine learning in cyberspace security research[J]. Chinese Journal of Computers, 2018, 41(9):1943-1975.)
[6] 余凯,贾磊,陈雨强,等.深度学习的昨天、今天和明天[J].计算机研究与发展,2013,50(9):1799-1804.(YU K, JIA L, CHEN Y Q, et al. Deep learning:yesterday, today, and tomorrow[J]. Journal of Computer Research and Development, 2013, 50(9):1799-1804.)
[7] BENGIO Y. Learning deep architectures for AI[M]//Foundations and Trends in Machine Learning. Hanover, MA:Now Publishers Inc., 2009, 2(1):1-127.
[8] LECUN Y, BENGIO Y, HINTON G. Deep learning[J]. Nature, 2015, 521(7553):436-444.
[9] CYBENKO G. Approximation by superpositions of a sigmoidal function[J]. Mathematics of Control, Signals, and Systems, 1989, 2(4):303-314.
[10] 周飞燕,金林鹏,董军.卷积神经网络研究综述[J].计算机学报,2017,40(6):1229-1251.(ZHOU F Y, JIN L P, DONG J. Review of convolutional neural network[J]. Chinese Journal of Computers, 2017, 40(6):1229-1251.)
[11] WANG Z. The applications of deep learning on traffic identification[EB/OL].[2019-04-14]. https://www.blackhat.com/docs/us-15/materials/us-15-Wang-The-Applications-Of-Deep-Learning-On-Traffic-Identification-wp.pdf.
[12] JAIN A V. Network traffic identification with convolutional neural networks[C]//Proceedings of the IEEE 16th International Conference on Dependable, Autonomic and Secure Computing, 16th International Conference on Pervasive Intelligence and Computing, 4th International Conference on Big Data Intelligence and Computing and Cyber Science and Technology Congress. Piscataway:IEEE, 2018:1001-1007.
[13] WANG W, ZHU M, ZENG X, et al. Malware traffic classification using convolutional neural network for representation learning[C]//Proceedings of the 2017 International Conference on Information Networking. Piscataway:IEEE, 2017:712-717.
[14] MA R, QIN S. Identification of unknown protocol traffic based on deep learning[C]//Proceedings of the 3rd IEEE International Conference on Computer and Communications. Piscataway:IEEE, 2017:1195-1198.
[15] 陈雪娇,王攀,俞家辉.基于卷积神经网络的加密流量识别方法[J].南京邮电大学学报(自然科学版),2018,38(6):36-41.(CHEN X J, WANG P, YU J H. CNN based encrypted traffic identification method[J]. Journal of Nanjing University of Posts and Telecommunications (Natural Science Edition), 2018, 38(6):36-41)
[16] 叶松.基于现代网络的深度学习应用协议识别技术研究与实现[J].软件导刊,2018,17(10):194-199.(YE S. Research and implementation of deep learning application protocol recognition technology based on modern network[J]. Software Guide, 2018, 17(10):194-199.)
[17] REN J, WANG Z. A novel deep learning method for application identification in wireless network[J]. China Communications, 2018, 15(10):73-83.
[18] 熊刚,孟姣,曹自刚,等.网络流量分类研究进展与展望[J].集成技术,2012,1(1):32-42.(XIONG G, MENG J, CAO Z G, et al. Research progress and prospects of network traffic classification[J]. Journal of Integration Technology, 2012, 1(1):32-42.)
[19] BARAKAT C, THIRAN P, IANNACCONE G, et al. Modeling Internet backbone traffic at the flow level[J]. IEEE Transactions on Signal Processing, 2003, 51(8):2111-2124.
[20] 张凤荔,周洪川,张俊娇,等.基于改进凝聚层次聚类的协议分类算法[J].计算机工程与科学,2017,39(4):796-803.(ZHANG F L, ZHOU H C, ZHANG J J, et al. A protocol classification algorithm based on improved AGENS[J]. Computer Engineering and Science, 2017, 39(4):796-803.)
[21] 冯文博,洪征,吴礼发,等.网络协议识别技术综述[J].计算机应用,2019,39(12):3604-3614.(FENG W B, HONG Z, WU L F, et al. Review of network protocol recognition techniques[J]. Journal of Computer Applications, 2019, 39(12):3604-3614.)
[22] 李芳馨,刘嘉勇.网络数据流还原重组技术研究[J].通信技术,2011,44(7):113-114,117.(LI F X, LIU J Y. Study on reverting and restructuring of network data stream[J]. Communications Technology, 2011, 44(7):113-114, 117.)
[23] HARRIS D, HARRIS S. Digital Design and Computer Architecture:2nd Edition[M]. San Francisco, CA:Morgan Kaufmann, 2012:129-133.
[24] CELIK Z B, WALLS R J, MCDANIEL P, et al. Malware traffic detection using tamper resistant features[C]//Proceedings of the 2015 IEEE Military Communications Conference. Piscataway:IEEE, 2015:330-335.
[25] LIPPMANN R, CUNNINGHAM R K, FRIED D J, et al. Results of the DARPA 1998 offline intrusion detection evaluation[EB/OL].[2019-04-14]. https://www.researchgate.net/publication/221427437_Results_of_the_DARPA_1998_Offline_Intrusion_Detection_Evaluation.
[26] CHOLLET F. Keras:deep learning for humans[EB/OL].[2019-04-14]. https://github.com/fchollet/keras.
[27] ABADI M, AGARWAL A, BARHAM P, et al. TensorFlow:large-scale machine learning on heterogeneous distributed system[EB/OL].[2019-04-14]. https://arxiv.org/pdf/1603.04467.pdf.
[28] 王勇,周慧怡,俸皓,等.基于深度卷积神经网络的网络流量分类方法[J].通信学报,2018,39(1):14-23.(WANG Y, ZHOU H Y, FENG H, et al. Network traffic classification method basing on CNN[J]. Journal on Communications, 2018, 39(1):14-23.)

基于卷积神经网络的应用层协议识别方法

Application protocol recognition method based on convolutional neural network

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	宋中山, 梁家锐, 郑禄, 刘振宇, 帖军. 基于双向门控尺度特征融合的遥感场景分类[J]. 计算机应用, 2021, 41(9): 2726-2735.
[2]	李康康, 张静. 基于注意力机制的多层次编码和解码的图像描述模型[J]. 计算机应用, 2021, 41(9): 2504-2509.
[3]	张永斌, 常文欣, 孙连山, 张航. 基于字典的域名生成算法生成域名的检测方法[J]. 计算机应用, 2021, 41(9): 2609-2614.
[4]	赵宏, 孔东一. 图像特征注意力与自适应注意力融合的图像内容中文描述[J]. 计算机应用, 2021, 41(9): 2496-2503.
[5]	徐江浪, 李林燕, 万新军, 胡伏原. 结合目标检测的室内场景识别方法[J]. 计算机应用, 2021, 41(9): 2720-2725.
[6]	牟长宁, 王海鹏, 周丕宇, 侯鑫行. 基于图卷积神经网络的串联质谱从头测序[J]. 计算机应用, 2021, 41(9): 2773-2779.
[7]	王贺兵, 张春梅. 基于非对称卷积-压缩激发-次代残差网络的人脸关键点检测[J]. 计算机应用, 2021, 41(9): 2741-2747.
[8]	曹玉红, 徐海, 刘荪傲, 王紫霄, 李宏亮. 基于深度学习的医学影像分割研究综述[J]. 计算机应用, 2021, 41(8): 2273-2287.
[9]	秦斌斌, 彭良康, 卢向明, 钱江波. 司机分心驾驶检测研究进展[J]. 计算机应用, 2021, 41(8): 2330-2337.
[10]	黄程程, 董霄霄, 李钊. 基于二维Winograd算法的深流水线5×5卷积方法[J]. 计算机应用, 2021, 41(8): 2258-2264.
[11]	曾祥银, 郑伯川, 刘丹. 基于深度卷积神经网络和聚类的左右轨道线检测[J]. 计算机应用, 2021, 41(8): 2324-2329.
[12]	谭道强, 曾诚, 乔金霞, 张俊. 基于混合注意力模型的阴影检测方法[J]. 计算机应用, 2021, 41(7): 2076-2081.
[13]	高钦泉, 黄炳城, 刘文哲, 童同. 基于改进CenterNet的竹条表面缺陷检测方法[J]. 计算机应用, 2021, 41(7): 1933-1938.
[14]	武光利, 李雷霆, 郭振洲, 王成祥. 基于改进的双向长短期记忆网络的视频摘要生成模型[J]. 计算机应用, 2021, 41(7): 1908-1914.
[15]	吴则举, 焦翠娟, 陈亮. 基于改进Faster R-CNN的轮胎缺陷检测方法[J]. 计算机应用, 2021, 41(7): 1939-1946.