作者:\n\t李博，温雪岩，徐克生，赵永辉 \n

Authors:\n\tLI Bo,WEN Xueyan,XU Kesheng,ZHAO Yonghui \n
摘要:\n\t加密流量已经成为互联网中的主要流量，其分类问题一直是当前研究热点之一。针对当前网络中DoH(DNS-over-HTTPS)流量的准确识别，处理速度偏慢，检测效率不高的问题，提出了一种基于截断奇异值分解(truncated singular value decomposition, TSVD)降维，贝叶斯优化方法改进的极限梯度提升树(improve extreme gradient boosting, IXGboost)的 DoH流量分类方法。通过网络公开数据集，此方法将加密流量分为非DoH流量，良性DoH流量和恶意DoH流量。实验结果表明，其分类准确率达到了99%以上，处理每条数据的时间仅为0.3ms，进而证明所提方法有着较高的准确率和较强的实时性，提升了入侵检测性能，可有效实现对DoH流量的精确分类。\n

Abstract:\n\tEncrypted traffic has become the main traffic in the Internet, and its classification has always been one of the research hotspots.Aiming at the problems of accurate identification of DoH(DNS-over-HTTPS) traffic in the current network, slow processing speed and low detection efficiency, a dimension reduction method based on truncated singular value decomposition (TSVD) is proposed.Improved limit gradient boosting tree (IXGboost) with Bayesian optimization method for DoH Flow classification.This method classifies encrypted traffic into non-DOH traffic, benign DoH traffic and malicious DoH traffic by exposing data sets over the network.Experimental results show that the classification accuracy of the proposed method is more than 99%, and the processing time of each data is only 0.3ms, which proves that the proposed method has high accuracy and strong real-time performance, improves the performance of intrusion detection, and can effectively achieve accurate classification of DoH traffic.\n


PDF全文下载地址:

可免费Download/下载PDF全文