CN117938524A - Traffic classification method based on artificial intelligence algorithm and storage medium - Google Patents
Traffic classification method based on artificial intelligence algorithm and storage medium Download PDFInfo
- Publication number
- CN117938524A CN117938524A CN202410137956.XA CN202410137956A CN117938524A CN 117938524 A CN117938524 A CN 117938524A CN 202410137956 A CN202410137956 A CN 202410137956A CN 117938524 A CN117938524 A CN 117938524A
- Authority
- CN
- China
- Prior art keywords
- data
- flow
- full
- artificial intelligence
- intelligence algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 21
- 238000013473 artificial intelligence Methods 0.000 title claims abstract description 20
- 238000003860 storage Methods 0.000 title claims abstract description 11
- 238000013145 classification model Methods 0.000 claims abstract description 54
- 238000012549 training Methods 0.000 claims abstract description 41
- 238000007781 pre-processing Methods 0.000 claims abstract description 13
- 239000013598 vector Substances 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 11
- 238000011176 pooling Methods 0.000 claims description 10
- 238000004891 communication Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 claims description 7
- 230000004913 activation Effects 0.000 claims description 4
- 238000013528 artificial neural network Methods 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 3
- 238000005520 cutting process Methods 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 2
- 238000012360 testing method Methods 0.000 abstract description 11
- 230000000694 effects Effects 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 11
- 238000013136 deep learning model Methods 0.000 description 10
- 230000006399 behavior Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000009466 transformation Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000007796 conventional method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 238000013527 convolutional neural network Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/026—Capturing of monitoring data using flow identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of flow classification, and discloses a flow classification method and a storage medium based on an artificial intelligence algorithm, wherein the method comprises the following steps: acquiring an original flow; preprocessing the original flow; inputting the preprocessed data into a flow classification model for classification; the flow classification model is obtained through training a training set, and the training set is obtained through a first strategy; according to the method, the sample data is collected by adopting an automatic dial testing mode to train the flow classification model, the automatic dial testing mode is suitable for a wider scene, more various sample data are obtained, the data acquisition is efficient and accurate, various and rich sample data enhance the training effect of the flow classification model, the robustness and accuracy of the flow classification model are improved, and the identification and classification accuracy of network flow data is high.
Description
Technical Field
The invention relates to the technical field of flow classification, in particular to a flow classification method based on an artificial intelligence algorithm and a storage medium.
Background
With the popularity of the internet and network communications, the scale and complexity of network traffic continues to increase. Traffic classification techniques become particularly important for monitoring, managing and protecting networks. Network traffic classification refers to the classification of packets transmitted by a network into different application classes or protocol classes for finer traffic analysis and processing.
Based on ports, deep packet inspection, classical machine learning methods and other traditional network traffic classification technologies have been widely used, but with the increasing complexity and scale of network traffic, especially the wide application of encrypted traffic, traditional technologies have not been well adapted to the development of times and environments. The conventional method mainly faces the following challenges:
Encrypted traffic is difficult to identify: the conventional method cannot directly access or parse the content of the encrypted traffic, and thus cannot rely on the conventional port and protocol information to accurately identify different applications or protocols.
Complex applications and protocols: increasingly complex applications and protocols are emerging on the internet whose communication modes are very different from the standard modes with which traditional methods are familiar. These emerging applications may employ custom communication means, data formats, or encryption techniques, making it difficult for traditional methods to capture their features and behavior patterns.
Demands for counteradaptability: with the increase of malicious behaviors and network attacks, an attacker constantly changes attack strategies and technologies, and the fixed rules and feature extraction flow on which the traditional method depends often cannot adapt to the changes in time.
Disclosure of Invention
Aiming at the defects existing in the prior art, the invention aims to provide a flow classification method and a storage medium based on an artificial intelligence algorithm.
In order to achieve the above object, the present invention provides the following technical solutions:
A flow classification method based on an artificial intelligence algorithm comprises the following steps: acquiring an original flow; preprocessing the original flow; inputting the preprocessed data into a flow classification model for classification; the flow classification model is obtained through training of a training set, and the training set is obtained through a first strategy.
In the invention, preferably, the first strategy comprises that the tested equipment is in communication connection with the acquisition end; the tested equipment performs application operation according to customized operation, and meanwhile, the acquisition end performs packet capturing to capture network flow data in a specific time period; and storing the captured network traffic data, preprocessing to obtain sample data, and generating a training set by the sample data.
In the invention, preferably, the customizing operation is performed by the collecting end, the collecting end is connected with the tested device through an IP, then the application on the tested device is subjected to simulated access through a monitor starting thread in the collecting end, and a packet is grabbed in a simulated access process (Wireshark) to capture network traffic data in a specific time period.
In the present invention, preferably, the simulated access mainly includes operations of opening, logging in, searching, clicking, and interacting, which are performed through the thread.
In the present invention, preferably, the pretreatment includes: removing the Ethernet header; filling data into the user datagram protocol header; shielding the IP address; deleting the data packet without load; converting the original data packet into a byte vector; cutting off byte vectors exceeding a set length, and filling byte vectors smaller than the set length; byte vectors are normalized.
In the present invention, preferably, when generating the training set, the preprocessing further includes performing data balancing by which samples of each class are to be subjected.
In the present invention, preferably, the traffic classification model includes a first convolution layer, a second convolution layer, a max-pooling layer, and a full-connection layer.
In the present invention, preferably, the convolution kernel of the first convolution layer has a size of 4, and the convolution kernel of the second convolution layer has a size of 5, both of which use nonlinear activation functions.
In the present invention, preferably, the full connection layer sequentially includes a first full connection layer, a second full connection layer, a third full connection layer and a fourth full connection layer according to a data processing sequence, where the input of the first full connection layer is connected with the max pooling layer, the input flattened features are processed to obtain global features, the second full connection layer is used to further capture features of different abstraction layers based on the global features, enhance the representation capability of the neural network and reduce the output dimension, the third full connection layer is used to further reduce the dimension of the input features, reduce the number of parameters and reduce the complexity of the network, and the fourth full connection layer processes the output of the third full connection layer to obtain the classification result of the flow data.
A storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of a traffic classification method based on an artificial intelligence algorithm.
Compared with the prior art, the invention has the beneficial effects that:
The method adopts the flow classification model to classify the flow data, and the multi-layer nonlinear transformation performance of the flow classification model enables the flow classification model to find deeper and more representative features, thereby effectively capturing important features of encrypted flow or complex flow; the anti-adaptability characteristic enables the flow classification model to adapt to the continuously-changing network environment and malicious attack, and the robustness of the network flow classification system is obviously enhanced;
The method is suitable for a wider scene, obtains more various sample data, enables data collection to be efficient and accurate, enhances the training effect of the flow classification model by various and rich sample data, improves the robustness and accuracy of the flow classification model, and is high in identification and classification accuracy of network flow data.
Drawings
Fig. 1 is a schematic flow chart of a flow classification method based on an artificial intelligence algorithm according to the present invention.
Fig. 2 is a schematic diagram of a training set generation flow chart of a flow classification method based on an artificial intelligence algorithm.
Fig. 3 is a schematic structural diagram of a flow classification model according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein in the description of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
The application provides a flow classification method based on an artificial intelligence algorithm, which mainly introduces a deep learning model to classify flow, wherein the deep learning model can automatically learn characteristic representation, avoids the complicated process of manually designing characteristics, and can efficiently complete classification of encrypted flow or complex flow; the accuracy of deep learning model classification mainly depends on a high-quality and sufficient data set in the early stage to train the deep learning model, real Internet flow data is needed to be used as training and testing data, if the training and testing data are acquired manually by personnel in the existing mode, the time is long, the data are less, the training effect of the deep learning model is poor, so that the method adopts an automatic acquisition mode, the application of tested equipment is operated by automatic dial testing, the package is automatically grabbed in operation, target data are captured, the target data are processed and then used as the training data set and the testing data set, the deep learning model is trained and tested, a large number of diversified data samples can be acquired by the automatic dial testing mode, rich and real data support is provided for the deep learning model, the robustness and the accuracy of the deep learning model are enhanced, and the flow classification is more accurate.
The following will specifically describe the above process with reference to fig. 1 to 3, and the flow classification method based on the artificial intelligence algorithm of the present application mainly includes the following steps:
Acquiring an original flow;
preprocessing the original flow;
Inputting the preprocessed data into a flow classification model for classification;
The flow classification model is obtained through training of a training set, and the training set is obtained through a first strategy. By adopting the flow classification model for classification, the flow classification model can autonomously learn characteristic representation, so that the complex process of manual design is avoided, and the method is more flexible and efficient to adapt to the classification requirements of encrypted flow and complex flow, thereby improving the classification accuracy and generalization capability of the whole network flow data.
In this embodiment, the first policy includes:
the tested equipment is in communication connection with the acquisition end;
the tested equipment performs application operation according to customized operation, and meanwhile, the acquisition end performs packet capturing to capture network flow data in a specific time period;
and storing the captured network traffic data, preprocessing to obtain sample data, and generating a training set by the sample data.
Specifically, the first strategy is mainly used for acquiring sample data in an automatic dial testing mode. The method comprises the steps that firstly, a tested device is required to be in communication connection with a collecting end, the collecting end is a computer, the tested device is mobile, the collecting end has a hot spot function, the tested device is connected to the collecting end through Uiautomator, then a thread is started to perform simulation access to an application program of the tested device through a built-in monitor of a PyAutoGUI script, the application program is subjected to operations including opening, logging in, searching, clicking, interaction and the like through the thread, so that a real user accesses the application program in a simulation access process, the collecting end grabs a packet through a Wireshark to capture network traffic data in a specific time period, finally, after the access to the application program is completed, the network traffic data acquired at the time is associated with the corresponding application program by using PyAutoGUI to control the Wireshark again, the packet grabbing is finished, and the captured network traffic data is stored. Network traffic data for different application programs can be automatically acquired through the first strategy, and sample data are obtained after the network traffic data are preprocessed. By adopting the end-to-end learning method from the acquisition end to the tested equipment, the original data is directly classified, the collection and manual processing processes of the data set are simplified, the generation efficiency and expandability of the early training set are improved, meanwhile, the flow classification model can directly conduct iterative learning from the original data, and the classification accuracy and adaptability of the flow classification model are enhanced.
Specifically, the preprocessing of the network traffic data specifically includes:
1. Removing the Ethernet header; since network traffic data is captured at the data link layer, it contains ethernet headers, i.e. contains information about the physical link, such as a Media Access Control (MAC) address, which is critical for forwarding frames in the network, but has no effect on application identification or traffic characterization tasks, it is deleted, reducing subsequent data throughput and avoiding its impact on subsequent classification operations.
2. Filling data into the user datagram protocol header; the transport layer of network traffic data, in particular the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), has a header of different length, usually with a header of 20 bytes and a header of 8 bytes, and in order to unify the transport layer, a zero of 12 bytes is injected at the end of the header of the user datagram protocol, so that it is equal to the length of the TCP header, to facilitate the subsequent processing.
3. The IP address is shielded, the IP address is used for processing the subsequent traffic classification model and is used as classification reference data, so that the IP address affects the classification of the traffic classification model, and when sample data is processed, the sample data is captured through a limited number of acquisition ends and tested equipment, and the IP address of the data in the training stage has no reference meaning, so that the behavior of overfitting the IP is prevented by shielding the IP address.
4. Deleting data packets without load or DNS;
5. converting the original data packet into a byte vector so as to facilitate the subsequent flow classification model processing;
6. Cutting off byte vectors exceeding a set length, and filling byte vectors smaller than the set length; because the length of the data packet changes greatly in the whole data set, the flow classification model needs to take data with fixed length as input, and therefore, according to the length of the input data processed by the flow classification model, the excess bytes are truncated, or the bytes with insufficient length are filled with zero padding at the tail end of the data packet.
7. Byte vectors are normalized by dividing each bit number per byte by 255.
8. When sample data is processed to generate a training set, preprocessing further comprises performing data balancing, wherein samples of each category are subjected to data balancing; the training set is used for training the flow classification model, in order to ensure the accuracy of classifying the flow data, the quantity of sample data of each type is required to be ensured to be consistent, and the situation that the flow classification model is inclined in category in the training process due to the fact that the quantity of samples of the training set is different is avoided, and the prediction classification effect of the category with less sample quantity is poor.
Specifically, most of the existing deep learning models are applied to the field of image processing, cannot be directly applied to network flow classification tasks, and according to the specific network flow, a one-dimensional convolutional neural network is selected for classifying network flow data by the deep learning models, wherein the flow classification models comprise a first convolutional layer, a second convolutional layer, a maximum pooling layer and a full-connection layer, the first convolutional layer and the second convolutional layer are used for extracting characteristics in input data, and the classification capability of the models can be well improved by adopting the two convolutional layers, so that gradient dissipation severity caused by stacking of too many convolutional layers is avoided; the maximum pooling layer is used for reducing feature dimension, reducing subsequent calculation load, introducing a certain degree of position invariance, and the full-connection layer is used for further processing the features to obtain the classification of the network data. Through training, the traffic classification model can effectively analyze global information and local information in the network traffic data, so that accurate classification of the network traffic data is realized.
In this embodiment, the first convolution layer of the flow classification model adopts a convolution kernel with a size of 4, and the second convolution layer adopts a convolution kernel with a size of 5, so that modes in data can be captured better, the first convolution layer and the second convolution layer both adopt nonlinear activation functions, and the maximum pooling layer adopts a pooling window with a size of 2.
In this embodiment, the full-connection layer sequentially includes a first full-connection layer, a second full-connection layer, a third full-connection layer and a fourth full-connection layer according to a data processing sequence, where the input of the first full-connection layer is connected with the max pooling layer, the flattened features are processed to obtain global features, the second full-connection layer is used to further capture features of different abstraction levels based on the global features, enhance the representation capability of the neural network and reduce the output dimension, the third full-connection layer is used to further reduce the dimension of the input features, reduce the number of parameters and reduce the complexity of the network, and the fourth full-connection layer processes the output of the third full-connection layer to obtain the classification result of the flow data, and each full-connection layer adopts a nonlinear activation function. Therefore, the traffic classification model has multilayer nonlinear transformation and anti-adaptability, the multilayer nonlinear transformation enables the model to find deeper and more representative characteristics, effectively captures important characteristics of encrypted traffic and complex traffic, and simultaneously, the anti-adaptability enables the traffic classification model to adapt to continuously-changing network environments and malicious attacks, so that the robustness in network traffic classification is remarkably enhanced.
In this embodiment, before training, the flow classification model needs to perform super-parameter setting, the learning rate is set to 0.001 according to the data requirement of the flow classification model, the practical sample number of each iteration is 16, the iteration number is 20 during training, and the Dropout parameter is 0.05, and through the super-parameter setting, the performance and generalization capability of the flow classification model are improved, so that the flow classification model is better suitable for the distribution and task requirements of different data.
Working principle:
Firstly, constructing a flow classification model consisting of two convolution layers, a maximum pooling layer and four full-connection layers, setting proper super parameters, training after the flow classification model is constructed, acquiring a training set by adopting a first strategy, namely, adopting an automatic dial testing mode after being in communication connection with tested equipment through an acquisition end, namely, automatically operating application in the tested equipment by the acquisition end, simulating a real access process, grabbing specific network flow data in the access process, respectively storing network flow data which are correspondingly grabbed by different applications, preprocessing, generating a plurality of sample data, and carrying out 8 on the sample data: the ratio 2 is divided into a training set test set, and each class in the training set is rebalanced through undersampling, so that excessive deviation of a flow classification model to certain classes is avoided, and the accuracy of the flow classification model in few classes is improved.
And then inputting the data in the training set into a flow classification model, performing repeated iterative learning, strengthening the generalization capability and robustness of the flow classification model, and correcting the self parameters by optimizing the adjustment of super parameters, a back propagation algorithm and a loss function, so that the flow classification model shows better performance on the training data. After sufficient training, the flow classification model can accurately identify and classify unknown network flows, and support is provided for the fields of network safety, flow management and the like.
After the flow classification model is trained, the flow classification model is tested and evaluated by using the data of the test set, and the flow classification model can accurately classify network flow through comprehensive analysis of accuracy, precision, recall rate, F1 fraction, ROC curve and the like of the tested flow classification model, and has better generalization capability.
For unknown network data traffic, the unknown network data traffic is simply preprocessed and then is input into a traffic classification model, and classification of the network data traffic can be output after the processing of the traffic classification model, for example, the network data traffic is encrypted or unencrypted; or the network data is from an application program, and the classification of the network data is marked in a label form, so that data support is provided for traffic management, network security and the like.
In other preferred embodiments of the present invention, a computer-readable storage medium is provided, storing a computer program which, when executed by a processor, causes the processor to perform the steps of the method as described in the above embodiments.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing description is directed to the preferred embodiments of the present invention, but the embodiments are not intended to limit the scope of the invention, and all equivalent changes or modifications made under the technical spirit of the present invention should be construed to fall within the scope of the present invention.
Claims (10)
1. The flow classification method based on the artificial intelligence algorithm is characterized by comprising the following steps:
Acquiring an original flow;
preprocessing the original flow;
Inputting the preprocessed data into a flow classification model for classification;
The flow classification model is obtained through training of a training set, and the training set is obtained through a first strategy.
2. The method of traffic classification based on artificial intelligence algorithm according to claim 1, wherein the first policy comprises:
the tested equipment is in communication connection with the acquisition end;
the tested equipment performs application operation according to customized operation, and meanwhile, the acquisition end performs packet capturing to capture network flow data in a specific time period;
and storing the captured network traffic data, preprocessing to obtain sample data, and generating a training set by the sample data.
3. The traffic classification method based on the artificial intelligence algorithm according to claim 2, wherein the customizing operation is performed by the collecting terminal, the collecting terminal is connected with the tested device through IP, then a monitor in the collecting terminal starts a thread to perform analog access to an application on the tested device, and a packet is grabbed in the analog access flow to capture network traffic data in a specific time period.
4. A traffic classification method based on artificial intelligence algorithm according to claim 3, characterized in that the simulated access mainly comprises operations of opening, logging in, searching, clicking, interaction, which are performed by said threads.
5. The traffic classification method based on artificial intelligence algorithm according to claim 2, wherein the preprocessing comprises:
Removing the Ethernet header;
Filling data into the user datagram protocol header;
Shielding the IP address;
Deleting the data packet without load;
Converting the original data packet into a byte vector;
cutting off byte vectors exceeding a set length, and filling byte vectors smaller than the set length;
byte vectors are normalized.
6. The artificial intelligence algorithm based traffic classification method according to claim 5, wherein the preprocessing further comprises performing data balancing by which samples for each class will be balanced when generating the training set.
7. The method of traffic classification based on artificial intelligence algorithm according to claim 6, wherein the traffic classification model comprises a first convolution layer, a second convolution layer, a max-pooling layer and a full-connection layer.
8. The traffic classification method according to claim 7, wherein the first convolution layer has a convolution kernel size of 4 and the second convolution layer has a convolution kernel size of 5, both of which employ nonlinear activation functions.
9. The traffic classification method based on the artificial intelligence algorithm according to claim 8, wherein the full-connection layer sequentially comprises a first full-connection layer, a second full-connection layer, a third full-connection layer and a fourth full-connection layer according to a data processing sequence, the input of the first full-connection layer is connected with the maximum pooling layer, the input characteristics subjected to flattening are processed to obtain global characteristics, the second full-connection layer is used for further capturing characteristics of different abstraction layers on the basis of the global characteristics, the representation capability of a neural network is enhanced, the output dimension is reduced, the third full-connection layer is used for further reducing the dimension of the input characteristics, the parameter number is reduced, the network complexity is reduced, and the output of the fourth full-connection layer is processed to obtain the classification result of the traffic data.
10. A storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of the artificial intelligence algorithm based flow classification method according to any one of the preceding claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410137956.XA CN117938524A (en) | 2024-01-31 | 2024-01-31 | Traffic classification method based on artificial intelligence algorithm and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410137956.XA CN117938524A (en) | 2024-01-31 | 2024-01-31 | Traffic classification method based on artificial intelligence algorithm and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117938524A true CN117938524A (en) | 2024-04-26 |
Family
ID=90753656
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410137956.XA Pending CN117938524A (en) | 2024-01-31 | 2024-01-31 | Traffic classification method based on artificial intelligence algorithm and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117938524A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020119662A1 (en) * | 2018-12-14 | 2020-06-18 | 深圳先进技术研究院 | Network traffic classification method |
| CN112054967A (en) * | 2020-08-07 | 2020-12-08 | 北京邮电大学 | Network traffic classification method and device, electronic equipment and storage medium |
| CN116582300A (en) * | 2023-04-12 | 2023-08-11 | 中国科学院信息工程研究所 | Network traffic classification method and device based on machine learning |
| CN116827873A (en) * | 2023-03-03 | 2023-09-29 | 国家计算机网络与信息安全管理中心 | Encryption application flow classification method and system based on local-global feature attention |
| CN116980356A (en) * | 2022-08-25 | 2023-10-31 | ***通信集团湖南有限公司 | Network traffic identification method and device, electronic equipment and storage medium |
| CN116975733A (en) * | 2022-07-20 | 2023-10-31 | ***通信集团浙江有限公司 | Traffic classification system, model training method, device, and storage medium |
-
2024
- 2024-01-31 CN CN202410137956.XA patent/CN117938524A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020119662A1 (en) * | 2018-12-14 | 2020-06-18 | 深圳先进技术研究院 | Network traffic classification method |
| CN112054967A (en) * | 2020-08-07 | 2020-12-08 | 北京邮电大学 | Network traffic classification method and device, electronic equipment and storage medium |
| CN116975733A (en) * | 2022-07-20 | 2023-10-31 | ***通信集团浙江有限公司 | Traffic classification system, model training method, device, and storage medium |
| CN116980356A (en) * | 2022-08-25 | 2023-10-31 | ***通信集团湖南有限公司 | Network traffic identification method and device, electronic equipment and storage medium |
| CN116827873A (en) * | 2023-03-03 | 2023-09-29 | 国家计算机网络与信息安全管理中心 | Encryption application flow classification method and system based on local-global feature attention |
| CN116582300A (en) * | 2023-04-12 | 2023-08-11 | 中国科学院信息工程研究所 | Network traffic classification method and device based on machine learning |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hwang et al. | An unsupervised deep learning model for early network traffic anomaly detection | |
| CN111865815B (en) | Flow classification method and system based on federal learning | |
| CN110311829B (en) | Network traffic classification method based on machine learning acceleration | |
| CN105024877B (en) | A kind of Hadoop malicious node detecting systems based on user's behaviors analysis | |
| CN111526099B (en) | Internet of things application flow detection method based on deep learning | |
| CN112073242A (en) | Method for generating and applying network protocol fuzzy test case | |
| CN115277102B (en) | Network attack detection method and device, electronic equipment and storage medium | |
| CN111935185B (en) | Method and system for constructing large-scale trapping scene based on cloud computing | |
| CN114048795A (en) | Service type identification method based on PCA and XGboost integration | |
| Nukavarapu et al. | MirageNet-towards a GAN-based framework for synthetic network traffic generation | |
| CN116684877A (en) | GYAC-LSTM-based 5G network traffic anomaly detection method and system | |
| CN112839051B (en) | Encryption flow real-time classification method and device based on convolutional neural network | |
| CN110858837B (en) | Network management and control method and device and electronic equipment | |
| Cherepanov et al. | Visualization of class activation maps to explain AI classification of network packet captures | |
| CN114510615A (en) | Fine-grained encrypted website fingerprint classification method and device based on graph attention pooling network | |
| CN110191081A (en) | The Feature Selection system and method for network flow attack detecting based on learning automaton | |
| CN117349618A (en) | Method and medium for constructing malicious encryption traffic detection model of network information system | |
| CN115622810B (en) | Business application identification system and method based on machine learning algorithm | |
| CN111310796A (en) | Web user click identification method facing encrypted network flow | |
| CN117938524A (en) | Traffic classification method based on artificial intelligence algorithm and storage medium | |
| CN114338437B (en) | Network traffic classification method and device, electronic equipment and storage medium | |
| CN115086021A (en) | Campus network intrusion detection method, device, equipment and storage medium | |
| CN113746707A (en) | Encrypted traffic classification method based on classifier and network structure | |
| CN115694947B (en) | Network encryption traffic threat sample generation mechanism method based on countermeasure generation DQN | |
| CN116455798B (en) | Automatic generation method and device for protocol program test model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |