To solve the difficulty of identifying encrypted traffic, this paper proposes a fast network traffic identification method, which applies traffic payload signatures extraction instead of the deep analysis of full-payload data. This method uses 256-dimensional vector to describe the frequency of the packet payload 256 ASCII bytes occur. It extracts payload signatures based on the mean and variance of the quantitative traffic payload. Then it classifies the network traffic into different applications by using a decision tree model. Experimental results show the proposed method can accurately classify the common encrypted network traffic and detect traffic from some malicious attacks.%针对加密流量难以识别的问题,提出一种快速的网络流量识别方法.该方法无需对数据包载荷进行深入分析,使用256维向量描述数据包负载中256个ASCⅡ字节发生的频率,根据载荷特征量化后的均值和方差进行数据特征提取,采用决策树算法对加密流量进行分类识别.实验结果表明,该方法可以对常见的加密网络流量进行准确识别,并能检测部分恶意攻击产生的流量.
展开▼