Journal of Software:2013.24(6):1334-1345

(国家数字交换系统工程技术研究中心, 河南 郑州 450002)
Protocol Independent Identification of Encrypted Traffic Based on Weighted Cumulative Sum Test
ZHAO Bo,GUO Hong,LIU Qin-Rang,WU Jiang-Xing
(National Digital Switching System Engineering and Technological R&D Center, Zhengzhou 450002, China)
Chart / table
Similar Articles
Article :Browse 2056   Download 3278
Received:July 11, 2011    Revised:May 31, 2012
> 中文摘要: 针对加密流量的在线普适识别问题,提出一种基于加权累积和检验的时延自适应加密流量盲识别算法.利用加密数据的随机性特点,对网络报文逐一实施累积和检验,根据报文长度将结果进行加权综合.无需解密操作,也无需匹配特定内容,实现了对加密流量的普适识别.可动态调整报文的检测数量,以达到时延和准确率的统一,实现在线识别.仿真结果显示,对公开和未公开的加密协议流量,识别率均可达到90%以上.
Abstract:A protocol independent identification algorithm is proposed to identify encrypted traffic from both public and private encryption protocols. The randomness of the packet is evaluated by a cumulative test. In addition, results are weighted conflated. A test is performed when every new packet arrived rather than after all packets have received, so that time consumed computation is avoided. The quantity of packets may vary dynamically according to delay and accuracy requirement. Experiments results show that the algorithm achieves accuracy above 90% for SSL and private encryption protocol traffic.
文章编号:     中图分类号:    文献标志码:
基金项目:国家高技术研究发展计划(863)(2009AA01A346); 国家发改委专项(CNGI-09-02-03) 国家高技术研究发展计划(863)(2009AA01A346); 国家发改委专项(CNGI-09-02-03)
Foundation items:
Reference text:


ZHAO Bo,GUO Hong,LIU Qin-Rang,WU Jiang-Xing.Protocol Independent Identification of Encrypted Traffic Based on Weighted Cumulative Sum Test.Journal of Software,2013,24(6):1334-1345