Go to DBLP homepageCaps-LSTM: A Novel Hierarchical Encrypted VPN Network Traffic Identification Using CapsNet and LSTM
Abstract: At present, encryption technologies are widely applied in the network, providing a lot of opportunities for attackers to hide their command and control activities, and thus encrypted traffic detection technology is one of the important means to prevent malicious attacks in advance. The existing methods based on machine learning cannot get rid of the artificial dependence of feature selection. Moreover, deep learning methods ignore the hierarchical characteristics of traffic. Therefore, we propose a novel deep neural network that combines CapsNet and LSTM to implement a hierarchical encrypted traffic recognition model, Caps-LSTM, which splits the traffic twice and classifies the encrypted traffic hierarchically based on the temporal and spatial characteristics, where CapsNet learns the lower spatial characteristics of the traffic and LSTM learns the upper temporal characteristics of the traffic. Finally, the softmax classifier is used to achieve effective detection of encrypted traffic services and specific application categories. Compared with the existing advanced methods based on the common data set ISCX VPN-nonVPN, the experimental results show that Caps-LSTM is more effective.
Loading