Abstract
It is very difficult to identify Shadowsocks (SS) traffic, most of which stay in the laboratory environment, and there are very few published research results in this field at home and abroad. ShadowsocksR (SSR) is an enhanced version of SS. It can disguise the traffic of SS as that of conventional protocol, such as HTTP traffic, TLS traffic, etc., which makes it more difficult to identify SSR traffic. Based on Xgboost algorithm, this paper proposes a method to identify SSR traffic for the first time. The experimental results show that this method has a good recognition effect on SSR traffic, and the precision, the recall, the accuracy is all above 95.3%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Miniwatts Marketing Group: Internet usage statistics-world internet users and population stats, June 2020. https://www.internetworldstats.com/stats.htm
Chen, L., Gao, S., Liu, B., Lu, Z.: Research status and development trends on network encrypted traffic identification. Netinfo Secur. (03), 19–25(2019)
Wang, Y., Xiang, Y., Yu, S.Z.: An automatic application signature construction system for unknown traffic. Concurrency Comput. Pract. Experience 22(13), 1927–1944 (2010)
Perera, P., Tian, Y.C., Fidge, C., et al.: A comparison of supervised machine learning algorithms for classification of communications network traffic. In: International Conference on Neural Information Processing, pp. 445–454. Springer, Cham (2017)
Andrew, et al.: Internet traffic classification using bayesian analysis techniques. ACM SIGMETRICS Perform. Eval. Rev. 33(5), 50–60 (2005)
Zuev, D., Moore, A.W.: Traffic classification using a statistical approach. Passive and Active Network Measurement. 6th International Workshop, pp. 32–45. Springer-Verlag, USA (2005)
Deng, Z.Y., Liu, Z.H., Chen, Z.G., et al.: The random forest based detection of Shadowsock’s traffic. In: 9th International Conference on Intelligent Human-Machine Systems and Cybernetics (IHMSC), pp. 75–77. IEEE, Hangzhou (2017)
Xuemei, Z.E.N.G., Xingshu, C.H.E.N., Guolin, S.H.A.O., et al.: Flow context and host behavior based shadowsocks’s traffic identification. Spec. Sect. Secur. Priv. Cloud IoT 7, 41017–41032 (2019)
Cheng, J., Li, Y., Huang, C., Yu, A., Zhang, T.: ACER: detecting Shadowsocks server based on active probe technology. J. Comput. Virol. Hacking Tech. 16(3), 217–227 (2020). https://doi.org/10.1007/s11416-020-00353-z
Liu, Y., Li, W., Li, Y.: Network traffic classification using k-means clustering. In: Second International Multi-Symposiums on Computer and Computational Sciences, pp. 360–365. IEEE, Hangzhou (2007)
Xuhang, L.: SSH Traffic Identification Based on XGBoost. Harbin University of Science and Technology, Harbin (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Qingbing, J., Xiaoyan, D., Lulin, N., Haijun, L. (2021). Research on ShadowsocksR Traffic Identification Based on Xgboost Algorithm. In: Tavana, M., Nedjah, N., Alhajj, R. (eds) Emerging Trends in Intelligent and Interactive Systems and Applications. IISA 2020. Advances in Intelligent Systems and Computing, vol 1304. Springer, Cham. https://doi.org/10.1007/978-3-030-63784-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-63784-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63783-5
Online ISBN: 978-3-030-63784-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)