互联网流量特征智能提取关键技术研究

发布时间：2018-02-03 04:11

本文关键词： 互联网流量识别特征提取网络监测网络安全数据清理　出处：《北京邮电大学》2014年博士论文　论文类型：学位论文

【摘要】：网络信息技术的高速发展,使互联网及其应用走进了千家万户,改变了当今人们的生活方式。通过互联网信息的传递,人们可以获取当今世界最新的信息咨讯,可以结交全球各地的朋友,可以使用多媒体工具娱乐生活,还可以通过网络贸易,买到世界各地的物产。在提升人们生活质量的同时,互联网的高速普及也造成了网络流量大幅增长、流量突发性增大、网络应用动态多样、网络安全事件频发等问题。通过互联网流量分类技术可以对网络管道中流量所使用的协议、产生流量的应用种类进行感知。该技术是实现现今网络可管可控、实现细粒度QoS (Quality of Service)保障、实现安全监测和实现高效网规网优的基础和前提。然而,动态端口技术、端口伪装技术和数据流量加密技术等各类反侦察技术的采用,使得如何能准确、高效、实时的对网络流量进行识别又重新成为网络流量检测领域极富挑战性的研究热点。网络流量的识别特征是直接影响分类器准确性、时效性和智能性的关键性因素。本文对流量识别领域常用的传输层端口、应用层字符特征、流量统计特征及用户流量行为特征的提取过程、使用场景和使用效率进行了分析研究。并在此基础上针对原始数据中噪声处理问题、特征提取过程的高复杂性问题以及加密网络流量的识别问题进行了较为深入的研究和探索,并取得了一定的研究成果。论文的研究工作和创新点主要包括以下几个方面： 1)本文引入了主成分分析方式对目标应用流量进行自动提纯处理。如果用于目标应用特征提取的数据中包含噪声等各类脏数据,将会对所提取的特征的可信度产生不利影响。为此,本文采用主成分分析法将脏数据的流量统计特征作为次要信息滤除。该方法能有效提高所提取的目标应用网络流量特征的针对性,进而可以提高该方式的识别准确率。 2)本文研究了如何更为高效的提取网络流量特征。传统提取流量字符特征过程的时间复杂度、空间复杂度都较高。针对该情况,本文提出了提取固定比特偏置特征算法。该算法能有效避免构建矩阵和回溯求解的过程,通过实验表明该算法对比传统的LCS (Longest Common Subsequence)等算法有一个数量级以上的运行时间优势。同时,本文还提出了基于PCA (Principal Component Analysis)的特征提取算法。该算法将目标应用流量作为整体考虑,从而提取出其整体信息特征。该方法是流量特征提取领域较为新颖的尝试,为之后的研究开拓了思路。 3)本文对加密流量识别进行了研究。在借鉴现有基于网络流量特征对加密流量识别的基础上,本文使用神经网络对加密流量进行有效识别。同时,为能提高神经网络建模速度,本文还对常用的流量统计信息在神经网络中的识别性能进行了实验统计分析,以期能使用较少的特征达到相似的识别性能。
[Abstract]:With the rapid development of network information technology, the Internet and its applications have entered thousands of households, changing the way of life of today's people. Through the transmission of information on the Internet, people can obtain the latest information in the world. Can make friends around the world, can use multimedia tools entertainment life, but also through the Internet trade, to buy products around the world, while improving the quality of life of people at the same time. The rapid popularity of the Internet has also resulted in a large increase in network traffic, traffic sudden increase, network application dynamic diversity. Through the technology of Internet traffic classification, the protocol used in network pipeline and the types of applications that generate traffic can be sensed. This technology can realize the network can be managed and controlled nowadays. Implementation of fine-grained QoS quality of Service guarantee, security monitoring and the realization of efficient network planning network optimization foundation and premise. However, dynamic port technology. Port camouflage technology and data flow encryption technology and other anti-reconnaissance technology, so that how to be accurate and efficient. Real-time recognition of network traffic has become a challenging research hotspot in the field of network traffic detection. The recognition feature of network traffic is the key factor that directly affects the accuracy, timeliness and intelligence of classifier. In this paper, the commonly used transport layer port, application layer character features in traffic identification field. The extraction process of traffic statistical features and user traffic behavior features, the use of scenarios and use efficiency are analyzed and studied. Based on this, the noise processing problem in the original data is addressed. The high complexity of feature extraction and the recognition of encrypted network traffic have been deeply studied and explored, and some research results have been obtained. The research work and innovation of the thesis mainly include the following aspects: 1) in this paper, principal component analysis (PCA) is introduced to automatically purify the target application flow. If the data used for feature extraction of the target application contains noise and other dirty data. Will have a negative impact on the credibility of the extracted features. In this paper, the principal component analysis (PCA) is used to filter the traffic statistics of dirty data as secondary information. This method can effectively improve the pertinence of the extracted target application network traffic characteristics. Furthermore, the recognition accuracy of this method can be improved. 2) this paper studies how to extract network traffic features more efficiently. The time complexity and space complexity of the traditional feature extraction process are both high. In this paper, a fixed bit offset feature extraction algorithm is proposed, which can effectively avoid the process of constructing matrix and backtracking solution. Experiments show that the proposed algorithm has an order of magnitude advantage over the traditional LCS longest Common sequence algorithm. At the same time. This paper also proposes a feature extraction algorithm based on PCA Principal Component Analysis, which considers the target application traffic as a whole. The method is a novel attempt in the field of traffic feature extraction, which opens up a new idea for the later research. 3) this paper studies the identification of encrypted traffic. Based on the existing network traffic characteristics, this paper uses neural network to identify encrypted traffic effectively. At the same time. In order to improve the modeling speed of neural network, the recognition performance of the commonly used traffic statistics information in neural network is analyzed experimentally in order to achieve similar recognition performance with fewer features.
【学位授予单位】：北京邮电大学
【学位级别】：博士
【学位授予年份】：2014
【分类号】：TP393.06

【参考文献】