Anonymous traffic classification based on three-dimensional Markov image and deep learning

• Autorzy: Tang Xin , Li Huanzhou , Zhang Jian , Tang Zhangguo , Wang Han , Cai Cheng

Identyfikatory

DOI

10.24425/bpasts.2023.145676

• Języki publikacji: EN

Abstrakty

EN

Illegal elements use the characteristics of an anonymous network hidden service mechanism to build a dark network and conduct various illegal activities, which brings a serious challenge to network security. The existing anonymous traffic classification methods suffer from cumbersome feature selection and difficult feature information extraction, resulting in low accuracy of classification. To solve this problem, a classification method based on three-dimensional Markov images and output self-attention convolutional neural network is proposed. This method first divides and cleans anonymous traffic data packets according to sessions, then converts the cleaned traffic data into three-dimensional Markov images according to the transition probability matrix of bytes, and finally inputs the images to the output self-attention convolution neural network to train the model and perform classification. The experimental results show that the classification accuracy and F1-score of the proposed method for Tor, I2P, Freenet, and ZeroNet can exceed 98.5%, and the average classification accuracy and F1-score for 8 kinds of user behaviors of each type of anonymous traffic can reach 93.7%. The proposed method significantly improves the classification effect of anonymous traffic compared with the existing methods.

Słowa kluczowe

EN

anonymous network; traffic classification; three-dimensional Markov image; output self-attention; deep learning

PL

sieć anonimowa; klasyfikacja ruchu; trójwymiarowy obraz Markowa; samouwaga wyjściowa; uczenie głębokie

• Wydawca: Polska Akademia Nauk, Wydział IV Nauk Technicznych
• Czasopismo: Bulletin of the Polish Academy of Sciences. Technical Sciences
• Rocznik: 2023
• Tom: Vol. 71, nr 4
• Strony: art. no. e145676
• Opis fizyczny: Bibliogr. 25 poz., rys., tab.

Twórcy

autor

Tang Xin

• School of Physics and Electronic Engineering, Sichuan Normal University, Chengdu 610101, Sichuan, China
• Institute of Network and Communication Technology, Sichuan Normal University, Chengdu 610101, Sichuan, China

• https://orcid.org/0000-0002-2795-6729

autor

Li Huanzhou

• School of Physics and Electronic Engineering, Sichuan Normal University, Chengdu 610101, Sichuan, China
• Institute of Network and Communication Technology, Sichuan Normal University, Chengdu 610101, Sichuan, China

autor

Zhang Jian

• School of Physics and Electronic Engineering, Sichuan Normal University, Chengdu 610101, Sichuan, China
• Institute of Network and Communication Technology, Sichuan Normal University, Chengdu 610101, Sichuan, China

autor

Tang Zhangguo

• School of Physics and Electronic Engineering, Sichuan Normal University, Chengdu 610101, Sichuan, China
• Institute of Network and Communication Technology, Sichuan Normal University, Chengdu 610101, Sichuan, China

autor

Wang Han

• School of Physics and Electronic Engineering, Sichuan Normal University, Chengdu 610101, Sichuan, China
• Institute of Network and Communication Technology, Sichuan Normal University, Chengdu 610101, Sichuan, China

autor

Cai Cheng

• School of Physics and Electronic Engineering, Sichuan Normal University, Chengdu 610101, Sichuan, China
• Institute of Network and Communication Technology, Sichuan Normal University, Chengdu 610101, Sichuan, China

Bibliografia

• [1] L. Junzhou, Y. Ming, L. Zhen, W. Wenjia, and G. Xiaodan, “Anonymous Communication and Darknet: A Survey,” J. Comput. Res. Dev., vol. 56, p. 103, 2019, doi: 10.7544/issn1000-1239.2019.20180769.
• [2] R. Dingledine, N. Mathewson, and P. Syverson, “Tor: The Second-Generation Onion Router,” J. Frankl. Inst., 2004, doi: 10.1016/0016-0032(45)90142-6.
• [3] M.G. Reed, P.F. Syverson, and D.M. Goldschlag, “Anonymous connections and onion routing,” EEE J. Sel. Areas Commun., vol. 16, no. 4, pp. 482–494, 1998, doi: 10.1109/49.668972.
• [4] F. Astolfi, J. Kroese, and J. Van Oorschot, “I2p-the invisible internet project,” Leiden University Web Technology Report, 2015.
• [5] I. Clarke, O. Sandberg, B. Wiley, and T.W. Hong, “Freenet: A distributed anonymous information storage and retrieval system,” in Designing privacy enhancing technologies, 2001: Springer, pp. 46–66, doi: 10.1007/3-540-44702-4_4.
• [6] “Open, free and uncensorable websites, using Bitcoin cryptography and BitTorrent network,” ZeroNet, 2022. [Online]. Available: https://zeronet.io/zh.
• [7] R. Jansen, M. Juarez, R. Galvez, T. Elahi, and C. Diaz, “Inside Job: Applying Traffic Analysis to Measure Tor from Within,” in NDSS, 2018, doi: 10.14722/ndss.2018.23279.
• [8] W. Juan, C. Shimin, Z. Jun, H. Bin, and S. Lei, “Identification of Tor Anonymous Network Traffic Based on Machine Learning,” in 2021 18th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP), 2021, pp. 150–153, doi: 10.1109/ICCWAMTIP53232.2021.9674056.
• [9] H. Yin and Y. He, “I2P anonymous traffic detection and identification,” in 2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS), 2019, pp. 157–162, doi: 10.1109/ICACCS.2019.8728517.
• [10] S. Lee, S.-h. Shin, and B.-h. Roh, “Classification of Freenet Traffic Flow Based on Machine,” J. Commun., vol. 13, no. 11, pp. 654–660, 2018, doi: 10.12720/jcm.13.11.654-660.
• [11] L. Wang, H. Mei, and V.S. Sheng, “Multilevel identification and classification analysis of tor on mobile and pc platforms,” IEEE Trans. Ind. Inf., vol. 17, no. 2, pp. 1079–1088, 2020, doi: 10.1109/TII.2020.2988870.
• [12] D. Sarkar, P. Vinod, and S.Y. Yerima, “Detection of Tor traffic using deep learning,” in 2020 IEEE/ACS 17th International Conference on Computer Systems and Applications (AICCSA), 2020, pp. 1–8, doi: 10.1109/AICCSA50499.2020.9316533.
• [13] P. Choorod and G. Weir, “Tor traffic classification based on encrypted payload characteristics,” in 2021 National Computing Colleges Conference (NCCC), 2021, pp. 1–6, doi: 10.1109/NCCC49330.2021.9428874.
• [14] J. Li, C. Gu, X. Zhang, X. Chen, and W. Liu, “Attcorr: A novel deep learning model for flow correlation attacks on tor,” in 2021 IEEE International Conference on Consumer Electronics and Computer Engineering (ICCECE), 2021, pp. 427–430, doi: 10.1109/ICCECE51280.2021.9342534.
• [15] M.B. Sarwar, M.K. Hanif, R. Talib, M. Younas, and M.U. Sarwar, “DarkDetect: darknet traffic detection and categorization using modified convolution-long short-term memory,” IEEE Access., vol. 9, pp. 113705–113713, 2021, doi: 10.1109/ACCESS.2021.3105000.
• [16] N. Rust-Nguyen, S. Sharma, and M. Stamp, “Darknet traffic classification and adversarial attacks using machine learning,” Comput. Secur., vol. 127, 2023, doi: 10.1016/j.cose.2023.103098.
• [17] A. Montieri, D. Ciuonzo, G. Aceto, and A. Pescape, “Anonymity services tor, i2p, jondonym: classifying in the dark (web),” IEEE Trans. Dependable Secur. Comput., vol. 17, no. 3, pp. 662–675, 2018, doi: 10.1109/TDSC.2018.2804394.
• [18] A. Montieri, D. Ciuonzo, G. Bovenzi, V. Persico, and A. Pescapé, “A dive into the dark web: Hierarchical traffic classification of anonymity tools,” IEEE Trans. Netw. Sci. Eng., vol. 7, no. 3, pp. 1043–1054, 2019, doi: 10.1109/TNSE.2019.2901994.
• [19] Y. Hu, F. Zou, L. Li, and P. Yi, “Traffic classification of user behaviors in tor, i2p, zeronet, freenet,” in 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2020, pp. 418–424, doi: 10.1109/TrustCom50675.2020.00064.
• [20] B. Yuan, J. Wang, D. Liu, W. Guo, P. Wu, and X. Bao, “Byte-level malware classification based on markov images and deep learning,” Comput. Secur., vol. 92, p. 101740, 2020, doi: 10.1016/j.cose.2020.101740.
• [21] Z. Tang, J. Wang, B. Yuan, H. Li, J. Zhang, and H. Wang, “Markov-GAN: Markov image enhancement method for malicious encrypted traffic classification,” IET Inf. Secur., 2022, doi: 10.1049/ise2.12071.
• [22] Y. Lecun, L. Bottou, Y. Bengio, and P. Haffner, “Gradient-based learning applied to document recognition,” Proc. IEEE, vol. 86, no. 11, pp. 2278–2324, 1998, doi: 10.1109/5.726791.
• [23] W. Wang, M. Zhu, X. Zeng, X. Ye, and Y. Sheng, “Malware traffic classification using convolutional neural network for representation learning,” in 2017 International conference on information networking (ICOIN), 2017, pp. 712–717, doi: 10.1109/ICOIN.2017.7899588.
• [24] D. Bahdanau, K. Cho, and Y. Bengio, “Neural Machine Translation by Jointly Learning to Align and Translate,” in 6th International Conference on Learning Representations (ICLR 2018), 2014, doi: 10.48550/arXiv.1409.0473.
• [25] A. Vaswani et al., “Attention is all you need,” in Proc. 31st Conference on Neural Information Processing Systems (NIPS 2017), 2017, doi: 10.48550/arXiv.1706.03762.

Uwagi

Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).