Yuancong Chai, Yuefei Zhu^*, Wei Lin, Ding Li

CMC-Computers, Materials & Continua, Vol.79, No.1, pp. 1223-1243, 2024, DOI:10.32604/cmc.2024.049904

Abstract With the increasing proportion of encrypted traffic in cyberspace, the classification of encrypted traffic has become a core key technology in network supervision. In recent years, many different solutions have emerged in this field. Most methods identify and classify traffic by extracting spatiotemporal characteristics of data flows or byte-level features of packets. However, due to changes in data transmission mediums, such as fiber optics and satellites, temporal features can exhibit significant variations due to changes in communication links and transmission quality. Additionally, partial spatial features can change due to reasons like data reordering and retransmission. Faced with these challenges, identifying… More >

Haizhen Wang^1,2,*, Jinying Yan^1,*, Na Jia¹

CMC-Computers, Materials & Continua, Vol.78, No.1, pp. 569-588, 2024, DOI:10.32604/cmc.2023.046055

Abstract Encrypted traffic identification pertains to the precise acquisition and categorization of data from traffic datasets containing imbalanced and obscured content. The extraction of encrypted traffic attributes and their subsequent identification presents a formidable challenge. The existing models have predominantly relied on direct extraction of encrypted traffic data from imbalanced datasets, with the dataset’s imbalance significantly affecting the model’s performance. In the present study, a new model, referred to as UD-VLD (Unbalanced Dataset-VAE-LSTM-DRN), was proposed to address above problem. The proposed model is an encrypted traffic identification model for handling unbalanced datasets. The encoder of the variational autoencoder (VAE) is combined… More >

Kaiyue Wang¹, Jian Gao^1,2,*, Xinyan Lei¹

Intelligent Automation & Soft Computing, Vol.37, No.1, pp. 619-638, 2023, DOI:10.32604/iasc.2023.036701

Abstract Traffic characterization (e.g., chat, video) and application identification (e.g., FTP, Facebook) are two of the more crucial jobs in encrypted network traffic classification. These two activities are typically carried out separately by existing systems using separate models, significantly adding to the difficulty of network administration. Convolutional Neural Network (CNN) and Transformer are deep learning-based approaches for network traffic classification. CNN is good at extracting local features while ignoring long-distance information from the network traffic sequence, and Transformer can capture long-distance feature dependencies while ignoring local details. Based on these characteristics, a multi-task learning model that combines Transformer and 1D-CNN for… More >

Jiangtao Zhai^1,*, Peng Lin¹, Yongfu Cui¹, Lilong Xu¹, Ming Liu²

CMES-Computer Modeling in Engineering & Sciences, Vol.136, No.2, pp. 2069-2092, 2023, DOI:10.32604/cmes.2023.023764

Abstract Encrypted traffic classification has become a hot issue in network security research. The class imbalance problem of traffic samples often causes the deterioration of Machine Learning based classifier performance. Although the Generative Adversarial Network (GAN) method can generate new samples by learning the feature distribution of the original samples, it is confronted with the problems of unstable training and mode collapse. To this end, a novel data augmenting approach called GraphCWGAN-GP is proposed in this paper. The traffic data is first converted into grayscale images as the input for the proposed model. Then, the minority class data is augmented with… More >

Xin Tong¹, Changlin Zhang^2,*, Jingya Wang¹, Zhiyan Zhao¹, Zhuoxian Liu¹

CMES-Computer Modeling in Engineering & Sciences, Vol.135, No.1, pp. 561-581, 2023, DOI:10.32604/cmes.2022.022495

Abstract The dark web is a shadow area hidden in the depths of the Internet, which is difficult to access through common search engines. Because of its anonymity, the dark web has gradually become a hotbed for a variety of cyber-crimes. Although some research based on machine learning or deep learning has been shown to be effective in the task of analyzing dark web traffic in recent years, there are still pain points such as low accuracy, insufficient real-time performance, and limited application scenarios. Aiming at the difficulties faced by the existing automated dark web traffic analysis methods, a novel method… More >

Jiaming Mao^1,*, Mingming Zhang¹, Mu Chen², Lu Chen², Fei Xia¹, Lei Fan¹, ZiXuan Wang³, Wenbing Zhao⁴

Computer Systems Science and Engineering, Vol.39, No.3, pp. 373-390, 2021, DOI:10.32604/csse.2021.018086

Abstract The rapidly increasing popularity of mobile devices has changed the methods with which people access various network services and increased network traffic markedly. Over the past few decades, network traffic identification has been a research hotspot in the field of network management and security monitoring. However, as more network services use encryption technology, network traffic identification faces many challenges. Although classic machine learning methods can solve many problems that cannot be solved by port- and payload-based methods, manually extract features that are frequently updated is time-consuming and labor-intensive. Deep learning has good automatic feature learning capabilities and is an ideal… More >

Jiyuan Liu¹, Yingzhi Zeng², Jiangyong Shi², Yuexiang Yang^2,∗, Rui Wang³, Liangzhong He⁴

CMC-Computers, Materials & Continua, Vol.60, No.2, pp. 721-739, 2019, DOI:10.32604/cmc.2019.05610

Abstract Recently, TLS protocol has been widely used to secure the application data carried in network traffic. It becomes more difficult for attackers to decipher messages through capturing the traffic generated from communications of hosts. On the other hand, malwares adopt TLS protocol when accessing to internet, which makes most malware traffic detection methods, such as DPI (Deep Packet Inspection), ineffective. Some literatures use statistical method with extracting the observable data fields exposed in TLS connections to train machine learning classifiers so as to infer whether a traffic flow is malware or not. However, most of them adopt the features based… More >