Abstract
Nowadays, the traffic data information explodes. Variety of malicious traffic is used to frequently evade the traffic identification systems. However, the extraction of massive traffic features and identification of malicious traffic using a single machine learning approach is ineffective in real-time recognition. To this end, this paper proposes the real-time traffic recognition method of Cluster-TRnet that focuses on the temporal and spatial behavior features of the application layer packets. K-means is used to filter disruptive traffic, lessen the learning burden and gather the malicious traffic features. Furthermore, the parameters of jointed convolutional neural network (CNN) and Long Short-Term Memory (LSTM) are adjusted, while the data inputted is augmented and grouped. The malicious traffic features precisely and consequently improve the accuracy of the recognition. Based on Spirent’s traffic data-set and the public traffic data-set, the proposed model is eventually validated. The experimental results show that the proposed method strictly identifies different types of traffic with an accuracy of 99.98%. Besides, it improves the efficiency of malicious traffic identification through filtering 83.51% of invalid traffic, and this dramatically saves the detection time by 78.18%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Su, R.: Design and implementation of a port scanning behavior identification tool based on traffic data visualization. MA Thesis, Xinjiang, University (2019)
Guo, Y.T., Gao, Y., Wang, Y., Qin, M., Pu, Y., Wang, Z., et al.: DPI & DFI: a malicious behavior detection method combining deep packet inspection and deep flow inspection. Procedia Eng. 174, 1309–1314 (2017)
Zhang, B., Wang, B., Lv, Q.: Application of key technologies for network anomaly detection. Electron. Technol. Softw. Eng. 11, 257–258 (2021)
Chen, M.H., Zhu, Y.F., Lu, B., Zhai, Y., Li, J.: Attention-CNN-based application type dentification for encrypted traffic. Comput. Sci. 48(4), 325–332 (2021)
Li, S.J., Xie, X.Y., Xu, Y., Zhang, S.C.: A fast identification method for malicious TLS traffic based on CNN-SIndRNN. Comput. Eng. 1–16 (2021)
Liu, P.: Research on Key Technology of Encrypted Traffic Identification Based on Text-GAN. Nanjing University of Posts and Telecommunications (2020)
Pan, Y.H., Zhang, A.X.: A deep learning-based method for Tor traffic identification. Commun. Technol. 52(12), 2982–2986 (2019)
Zou, Y., Zhang, A., Jiang, B.: Malicious encrypted traffic detection based on LSTM recurrent neural network. Comput. Appl. Softw. 37(2), 308–312 (2020)
Imperva_BadBot_Report. https://www.imperva.com/resources/resource-library/reports/2020-bad-bot-report. Accessed 2020
Bock, L.: Learn Wireshark: Confidently Navigate the Wireshark Interface and Solve Real-World Networking Problems, 1st ed. Packt,Williamsport (2019)
KimiNewt “PyShark,” Github http://kiminewt.github.iopyshark/. Accessed 2021
Alla, S., Adari, S.K.: Beginning Anomaly Detection Using Python-Based Deep Learning With Keras and PyTorce, 1st edn. Apress, New York (2019)
Feurer, M., Eggensperger, K., Falkner, S., Lindauer, M., Hutter, F.: Auto-Sklearn 2.0: the next generation. ArXiv, Vol. 2007.04074 (2020)
Zou, X., Yu, Z., Bao, X., Jin, Y., Zhang, J.: Non-encrypted traffic identification method based on load mapping and random forest. Tianjin: CN108737290A (2018)
Wu, S.: Research on Support Vector Machine Based Network Traffic Classification Techniques. Nanjing University of Posts and Telecommunications (2019)
Liu, J.M., Tang, J.M., Li, L., Chen, Z.S., Zhang, Z.Y.: An Online Identification Method for VoIP Traffic Based on C4.5 Decision Tree. Guangxi Zhuang Autonomous Region: CN105978760B (2019)
Chen, Y.: Research on Network Traffic Classification Technology Based on Deep Learning. Beijing University of Posts and Telecommunications (2019)
Acknowledgement
This research is supported by the Shaanxi province key R&D plan (NO. 2021GY-029, 2021KW-16).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Guo, Z., Liu, R., Lin, Y., Chen, F., Xiong, C., Xie, X. (2022). Cluster-TRnet: Jointed Model for Real-Time Traffic Identification with High Accuracy. In: Xie, Q., Zhao, L., Li, K., Yadav, A., Wang, L. (eds) Advances in Natural Computation, Fuzzy Systems and Knowledge Discovery. ICNC-FSKD 2021. Lecture Notes on Data Engineering and Communications Technologies, vol 89. Springer, Cham. https://doi.org/10.1007/978-3-030-89698-0_119
Download citation
DOI: https://doi.org/10.1007/978-3-030-89698-0_119
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89697-3
Online ISBN: 978-3-030-89698-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)