Encrypted traffic classification method based on convolutional neural network

Aiming at the problems of low accuracy, weak generality, and easy privacy violation of traditional encrypted network traffic classification methods, an encrypted traffic classification method based on convolutional neural network was proposed, which avoided relying on original traffic data and prevented overfitting of specific byte structure of the application.According to the data packet size and arrival time information of network traffic, a method to convert the original traffic into a two-dimensional picture was designed.Each cell in the histogram represented the number of packets with corresponding size that arrive at the corresponding time interval, avoiding reliance on packet payloads and privacy violations.The LeNet-5 convolutional neural network model was optimized to improve the classification accuracy.The inception module was embedded for multi-dimensional feature extraction and feature fusion.And the 1*1 convolution was used to control the feature dimension of the output.Besides, the average pooling layer and the convolutional layer were used to replace the fully connected layer to increase the calculation speed and avoid overfitting.The sliding window method was used in the object detection task, and each network unidirectional flow was divided into equal-sized blocks, ensuring that the blocks in the training set and the blocks in the test set in a single session do not overlap and expanding the dataset samples.The classification experiment results on the ISCX dataset show that for the application traffic classification task, the average accuracy rate reaches more than 95%.The comparative experimental results show that the traditional classification method has a significant decrease in accuracy or even fails when the types of training set and test set are different.However, the accuracy rate of the proposed method still reaches 89.2%, which proves that the method is universally suitable for encrypted traffic and non-encrypted traffic.All experiments are based on imbalanced datasets, and the experimental results may be further improved if balanced processing is performed.