CN114510615A - Fine-grained encrypted website fingerprint classification method and device based on graph attention pooling network - Google Patents

Fine-grained encrypted website fingerprint classification method and device based on graph attention pooling network Download PDF

Info

Publication number
CN114510615A
CN114510615A CN202111191717.5A CN202111191717A CN114510615A CN 114510615 A CN114510615 A CN 114510615A CN 202111191717 A CN202111191717 A CN 202111191717A CN 114510615 A CN114510615 A CN 114510615A
Authority
CN
China
Prior art keywords
graph
flow
network
nodes
attention
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111191717.5A
Other languages
Chinese (zh)
Inventor
管洋洋
苟高鹏
陆杰
刘畅
李镇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN202111191717.5A priority Critical patent/CN114510615A/en
Publication of CN114510615A publication Critical patent/CN114510615A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/906Clustering; Classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2415Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on parametric or probabilistic models, e.g. based on likelihood ratio or false acceptance rate versus a false rejection rate
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/047Probabilistic or stochastic networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/048Activation functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Biomedical Technology (AREA)
  • Mathematical Physics (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Biophysics (AREA)
  • Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Software Systems (AREA)
  • Probability & Statistics with Applications (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to a fine-grained encrypted website fingerprint classification method and device based on a graph attention pooling network. The method comprises the steps of establishing a flow trace graph for describing a network flow mode, wherein nodes in the flow trace graph represent network flows, and edges represent context relations of the network flows; automatically learning the intra-flow characteristics and the inter-flow characteristics in the flow trace diagram by using the graph neural network model to obtain effective embedded representation of the flow trace diagram; the effective embedded representation of the traffic trace graph is utilized for website fingerprint classification. The invention provides a flow trace graph capable of reasonably describing a network flow pattern, the method is based on a graph neural network algorithm, complex artificial feature selection is not needed, the global feature and the local feature of the network flow can be effectively learned at the same time, important flow nodes can be automatically learned and paid more attention to, and the negative effects of similar flow nodes and noise flow nodes among classes are reduced. The method is suitable for various granularity website fingerprint scenes, the performance is better, and the number of required training samples is less.

Description

Fine-grained encrypted website fingerprint classification method and device based on graph attention pooling network
Technical Field
The invention relates to a fine-grained encrypted website fingerprint classification method and device based on a graph attention pooling network, and belongs to the technical field of computer software.
Background
With the increasing awareness of network security, encryption protocols such as HTTPS are widely used in various websites. These encryption protocols also present a significant challenge to network management (such as QoS and malicious behavior tracking) while protecting data privacy. In recent years, with the revival and development of artificial intelligence, a web site fingerprinting technology for identifying a specific web page in encrypted traffic using a machine learning algorithm has become a popular research point in the field of network security.
In the early research, effective statistical characteristics are mined in encrypted flow from various angles such as data packet size, packet arrival time interval and the like, and a traditional machine learning algorithm, such as a K neighbor algorithm, a support vector machine algorithm, a random forest algorithm and the like, is adopted as a classifier, so that better performance is obtained. In recent years, due to the rapid development of deep learning technology, some researches adopt models such as a convolutional neural network and a cyclic neural network to automatically extract effective features from encrypted traffic and realize high-precision website fingerprint classification. These deep learning methods have better performance and do not require complicated manual feature selection, and thus become the mainstream web site fingerprinting method.
However, research has been directed primarily to website home page classification scenarios. In fact, people are not limited to accessing only the home page. Many web sites typically contain several sub-web pages within them, and these web pages represent different services and network behaviors. Therefore, the fine-grained webpage classification problem has important significance for network management such as QoS and the like. However, because different web pages in the same website often have similar layout and content, the traffic features manually or automatically extracted by the conventional method are no longer clearly distinguishable, which further causes the performance degradation of the existing method.
A small amount of research has proposed some methods to improve the classification performance of fine-grained web pages by combining global and local features of traffic. For example, the total byte number, the total packet number and other global characteristics of the network flow are counted, the time slice characteristics such as the byte number, the packet number and other time slice characteristics of each time slice, and the local characteristics such as the length sequence of the front and back n data packets. Compared with the global features under the traditional home page fingerprint scene, the local features can well represent the tiny difference between the fine-grained webpage traffic. However, these methods employ machine learning algorithms, requiring complex manual feature selection and extraction processes. Although the website fingerprint method based on deep learning can automatically learn a potential traffic pattern, it is difficult to find fine-grained local feature differences, and the performance is also greatly reduced in a fine-grained scene. Therefore, additional knowledge is needed to help the deep learning model learn the slight feature difference between similar samples.
Disclosure of Invention
The invention aims to provide a method and a device for effectively solving fine-grained encrypted website fingerprints. The invention is a deep learning algorithm, does not need complex artificial feature selection, and can simultaneously learn the global features and the local features of the network traffic.
The invention provides a fine-grained encrypted website fingerprint classification method based on a graph attention pooling network. In the webpage access flow, different streams represent different types of resource requests, and the method can automatically learn the importance of the different streams on the final classification and has interpretability. The method also has the advantage of better classification performance under the condition of less training samples.
Specifically, the technical scheme adopted by the invention is as follows:
a fine-grained encryption website fingerprint classification method based on a graph attention pooling network comprises the following steps:
establishing a traffic trace graph for describing a network traffic pattern, wherein nodes in the traffic trace graph represent network flows, and edges represent context relations of the network flows;
automatically learning the intra-flow characteristics and the inter-flow characteristics in the flow trace diagram by using the graph neural network model to obtain effective embedded representation of the flow trace diagram;
the effective embedded representation of the traffic trace graph is utilized for website fingerprint classification.
Further, in the traffic trace graph, for two flows generated by the same client, whether two nodes have edges is determined according to whether the starting time interval of the two flows is smaller than an empirical threshold.
Further, the automatically learning the intra-flow features and the inter-flow features in the traffic trace graph by using the graph neural network model to obtain an effective embedded representation of the traffic trace graph comprises:
the attention weight of the nodes is learned by adopting the attention layer of the multi-head graph, so that the model focuses more on important nodes in the flow trace graph, and the negative effects of similar nodes and noise nodes among classes are reduced;
and further screening important nodes by adopting a self-attention pooling layer, and reducing the parameter quantity of the model.
Furthermore, in the multi-head graph attention layer, a flow trace graph firstly extracts a shallow abstract representation through a single-layer full-connection network, then learns the node attention weight through a K-head graph attention network to obtain K node representations, and then accumulates and sends the K node representations to a self-attention pooling layer.
Further, the self-attention pooling layer calculates the importance of each node by adopting a graph convolution network and retains a topK node so as to further screen important nodes and reduce the number of model parameters.
Further, global maximum pooling and global average pooling are carried out on the topK node graph, the two pooling results are spliced to obtain global embedded representation of the graph and serve as output of one rolling block, and finally the output results of the two rolling blocks are spliced to obtain final effective embedding.
Further, the website fingerprint classification by using the effective embedded representation of the traffic trace graph comprises the following steps: and (3) obtaining a webpage classification result by using a single-layer full-connection network and a Log Softmax function as a classifier, wherein Dropout is used for preventing over-training fitting, and NLLLoss is used as a loss function.
A fine-grained encrypted website fingerprint classification device based on a graph attention pooling network comprises the following components:
the composition module is used for establishing a flow trace graph for describing a network flow mode, wherein nodes in the flow trace graph represent network flows, and edges represent the context of the network flows;
the graph attention level pooling module is used for automatically learning the intra-flow characteristics and the inter-flow characteristics in the flow trace graph by utilizing the graph neural network model to obtain effective embedded representation of the flow trace graph;
and the output module is used for carrying out website fingerprint classification by utilizing the effective embedded representation of the flow trace graph.
The key points of the invention are as follows:
1. aiming at the problem of fine-grained website fingerprints, a graph attention pooling network-based encryption website fingerprint classification method is provided. The method uses the traffic trace graph to represent the context of the flow in the webpage access traffic, and can simultaneously represent the global characteristics and the local characteristics of the network traffic. And automatically learning the intra-flow characteristics and inter-flow characteristics in the trace graph by using the graph neural network model, and finally obtaining the effective embedded representation of the trace graph.
2. And learning the attention weight of the node by adopting a multi-head graph attention mechanism, so that the model focuses more on important nodes in the flow trace graph, and the negative effects of similar nodes and noise nodes among classes are reduced. And a self-attention pooling module is adopted to further screen important nodes, and the parameter quantity of the model is reduced.
3. The method can automatically adapt to the website fingerprint scenes with various granularities. The optimal classifier can achieve target indexes under data sets with various granularities. Meanwhile, the method can obtain better classification performance under the condition of less training samples.
The invention has the following characteristics and beneficial effects on solving the problem of fine-grained website fingerprints:
1. the method provides a traffic trace graph which can reasonably describe a network traffic pattern, uses nodes to represent network flows, and utilizes side information to represent the context of the network flows.
2. Based on the graph neural network algorithm, complex artificial feature selection is not needed, and the global feature and the local feature of the network traffic can be effectively learned at the same time.
3. The method can automatically learn and pay more attention to the important stream nodes, and reduce the negative effects of similar stream nodes and noise stream nodes among classes.
4. The method is suitable for various granularity website fingerprint scenes, the performance is better, and the number of required training samples is less.
Drawings
FIG. 1 is a basic block diagram of the method of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, the present invention shall be described in further detail with reference to the following detailed description and accompanying drawings.
FIG. 1 is a basic framework diagram of the method of the present invention, comprising 3 stages, the left side representing the composition stage, the middle representing the training stage, and the right side representing the classification stage. The training stage is a graph attention level pooling module, and comprises 2 volume blocks, and each block comprises 3 sub-layers. The composition module and the graph attention hierarchy pooling module are the most critical technology of the present invention. The scheme of the invention comprises the following technical steps:
1. and a patterning stage:
(1) preparing data: an SSL/TLS encrypted network traffic data packet in a current task scene is collected (SSL/TLS indicates that a website adopts an HTTPS encryption protocol), and after the SSL/TLS encrypted network traffic data packet is labeled, a data set is divided according to a certain proportion, for example, a training set, a verification set and a test set are 6:1: 3. The training set is used for continuously optimizing and adjusting model parameters in a training stage, and the verification set is used for assisting in observing whether the training degree of the model is over-fitted or meets the expected requirement so as to judge when to stop training. The test set is used to test classification performance of the model in actual network traffic.
(2) And (3) stream generation: and (3) shunting the data packets in the step (1) according to the quintuple, and extracting the start time, the size (packet length) and the arrival time interval of the data packet of each flow for constructing node and side information in the step (3). Wherein the five-tuple refers to a source IP address, a destination IP address, a source port number, a destination port number, and a protocol type.
(3) Constructing a flow trace graph: and (3) taking each flow in the step (2) as a node in the graph, and taking the packet length sequence and the packet arrival time interval sequence of the flow as the characteristics of the node. For the streams generated by the same client, whether two nodes have edges is determined according to whether the starting time interval of the two streams is smaller than an empirical threshold, and the threshold is set to be 2 s. As shown in fig. 1, wherein ClientIP1==ClientIP2Indicating that the two streams are streams generated by the same client, the start time interval | t of the two streams1-t2| is less than or equal to the empirical threshold tthresholdAt two nodes v1、v2With an edge added in between. In fig. 1, a denotes the adjacency matrix of the diagram, and X denotes the feature matrix.
2. The training phase, mainly for the power level pooling module of the drawing attention, contains 3 sublayers:
(1) multi-head graph attention layer: the flow trace graph firstly extracts shallow abstract representation through a single-layer full-connection network, then learns node attention weight through a K head graph attention network (GAT) to obtain K node representations, and then accumulates and feeds the K node representations into (2), as shown in figure 1, wherein FC is the full-connection network, Elu represents an exponential linear unit activation function,
Figure BDA0003301391430000041
indicating the learned attention weight. And K is to perform K independent GAT operations on the same flow trace graph to obtain K different node representations. The purpose of K times of calculation is to learn more diversified weights, so that the learning capability of the model is improved.
(2) Self-attention pooling layer: the layer further screens the important nodes by calculating the importance of each node and reserving the topK nodes (reserving the nodes with the importance scores of K before ranking), and meanwhile, the parameter quantity of the model is reduced. As shown in FIG. 1, where Relu represents the rectifying linear cell activation function, GCN represents the graph convolution network, scoreviRepresenting learned node importance scores. Wherein the node importance is represented by a graph volumeThe product network (GCN) is calculated, and the graph convolution operation can focus on the characteristic information of the node and can fully utilize the structure information of the graph.
(3) A readout layer: and (3) the layer respectively carries out global maximum pooling (Maxpool) and global average pooling (MeanPool) on the topK node map in the step (2), and splices two pooling results to obtain a global embedded representation of the flow trace map of the layer, and outputs the global embedded representation as a rolling block (Readout) of the graph attention level pooling module. And finally, splicing the results of the two rolling blocks of the module to obtain the final effective embedding of the sample. As shown in fig. 1, wherein Jumping Knowledge represents a splicing operation of a jump connection, i.e., Readout.
3. A classification stage:
in the stage, the output module is used for obtaining a webpage classification result by using a single-layer full-connection network (FC) and combining a Log Softmax function as a classifier. Where Dropout is used to prevent over-training, NLLLoss as a loss function.
Examples of the invention:
example 1 traditional website fingerprint Home Page Classification scenario
In 10 months of 2020, the original access traffic of the HTTPS website of Alexa chinese rank Top100 is actively collected. With 1w traffic samples for 100 visits per web page. And carrying out sample labeling and feature extraction on the test data, and then carrying out data set division in a proportion of 6:1:3 on a training set, a verification set and a test set. After the image is formed and trained, the algorithm provided by the invention obtains a high F1 score of 99.85% in a test set, and is improved by more than 1% compared with the existing most advanced research work. The method is an optimal method in the traditional website home page classification scene.
Example 2 Fine-grained Web fingerprint scenarios under Single Web site
In 11 months of 2020, the raw access traffic for a total of 90 popular web pages under 2 representative HTTPS websites is collected. 60 webpages of the A website and 30 webpages of the B website are selected, each webpage is visited 100 times, and 9k samples are counted. And after the traffic samples A and B are respectively labeled, feature extracted and data sets are divided, the traffic samples are sent to the graph attention pooling network model provided by the invention for training. Test set results show that the high F1 values of 96.72% and 91.45% are respectively obtained on the two data sets, and compared with the existing most advanced method, the method is improved by 3% to 23%.
Example 3 Fine-grained webpage fingerprint scenarios under multiple websites
In 12 months of 2020, the original access traffic of a total of 100 popular web pages under 9 representative HTTPS websites is actively collected, and each web page is accessed 100 times, and a total of 1w traffic samples are collected. Experimental test results show that 93.37% of F1 value is obtained, and the F1 value is improved by more than 14% compared with the prior art.
On the whole, the graph and attention pooling network model provided by the invention is best in the website fingerprint scenes with various granularities. Meanwhile, experiments show that the method can achieve high accuracy rate only by using a small number of training samples, for example, the accuracy rate of 99% can be achieved only by using 25 samples in a home page classification scene, and the accuracy rate of 90% can be achieved only by using 15 samples in a single website fine-grained webpage classification scene.
Based on the same inventive concept, another embodiment of the present invention provides an apparatus for classifying fine-grained encrypted website fingerprints based on a graph attention pooling network, including:
the composition module is used for establishing a flow trace graph for describing a network flow mode, wherein nodes in the flow trace graph represent network flows, and edges represent the context of the network flows;
the graph attention level pooling module is used for automatically learning the intra-flow characteristics and the inter-flow characteristics in the flow trace graph by utilizing the graph neural network model to obtain effective embedded representation of the flow trace graph;
and the output module is used for carrying out website fingerprint classification by utilizing the effective embedded representation of the flow trace graph.
The specific implementation process of each module is referred to the description of the method of the invention.
Based on the same inventive concept, another embodiment of the present invention provides an electronic device (computer, server, smartphone, etc.) comprising a memory and a processor, the memory storing a computer program configured to be executed by the processor, the computer program comprising instructions for performing the steps of the inventive method.
Based on the same inventive concept, another embodiment of the present invention provides a computer-readable storage medium (e.g., ROM/RAM, magnetic disk, optical disk) storing a computer program, which when executed by a computer, performs the steps of the inventive method.
Other embodiments of the invention:
1. multi-head attention layer: when the method is implemented specifically, a Graph Convolution Network (GCN) and the like can be adopted to replace a multi-head attention layer so as to reduce the calculation complexity and achieve higher accuracy.
2. A readout layer: the method of the invention can adopt modes of Readout averaging/summing and the like to replace splicing operation in specific implementation.
3. An output module: the method of the invention can self-define the output layer structure according to the classification task when in concrete implementation, for example, a global average pooling layer is adopted to replace a full connection layer.
The particular embodiments of the present invention disclosed above are illustrative only and are not intended to be limiting, since various alternatives, modifications, and variations will be apparent to those skilled in the art without departing from the spirit and scope of the invention. The invention should not be limited to the disclosure of the embodiments in the specification, but the scope of the invention is defined by the appended claims.

Claims (10)

1. A fine-grained encrypted website fingerprint classification method based on a graph attention pooling network is characterized by comprising the following steps:
establishing a traffic trace graph for describing a network traffic pattern, wherein nodes in the traffic trace graph represent network flows, and edges represent context relations of the network flows;
automatically learning the intra-flow characteristics and the inter-flow characteristics in the flow trace diagram by using the graph neural network model to obtain effective embedded representation of the flow trace diagram;
the effective embedded representation of the traffic trace graph is utilized for website fingerprint classification.
2. The method of claim 1, wherein for two flows generated by the same client, the traffic trace graph determines whether two nodes have an edge according to whether a starting time interval of the two flows is smaller than an empirical threshold.
3. The method of claim 1, wherein automatically learning intra-flow features and inter-flow features in a traffic trace graph using a graph neural network model to obtain an efficient embedded representation of the traffic trace graph comprises:
the attention weight of the nodes is learned by adopting the attention layer of the multi-head graph, so that the model focuses more on important nodes in the flow trace graph, and the negative effects of similar nodes and noise nodes among classes are reduced;
and further screening important nodes by adopting a self-attention pooling layer, and reducing the parameter quantity of the model.
4. The method according to claim 3, wherein in the multi-head graph attention layer, the traffic trace graph firstly extracts a shallow abstract representation through a single-layer full-connection network, then learns the node attention weight through a K-head graph attention network to obtain K node representations, and then accumulates and feeds the K node representations into a self-attention pooling layer.
5. The method of claim 3, wherein the self-attention pooling layer calculates importance of each node using graph convolution network and retains topK node to further screen important nodes while reducing model parameters.
6. The method according to claim 5, wherein global maximal pooling and global average pooling operations are performed on the topK node map, and the two pooling results are concatenated to obtain a global embedding representation of the map and used as an output of one volume block, and finally the results output by the two volume blocks are concatenated to obtain a final effective embedding.
7. The method of claim 1, wherein the utilizing the effectively embedded representation of the traffic trace graph for website fingerprint classification comprises: and (3) obtaining a webpage classification result by using a single-layer full-connection network and a Log Softmax function as a classifier, wherein Dropout is used for preventing over-training fitting, and NLLLoss is used as a loss function.
8. A fine-grained encrypted website fingerprint classification device based on a graph attention pooling network is characterized by comprising the following steps:
the composition module is used for establishing a flow trace graph for describing a network flow mode, wherein nodes in the flow trace graph represent network flows, and edges represent the context of the network flows;
the graph attention level pooling module is used for automatically learning intra-flow features and inter-flow features in the flow trace graph by utilizing a graph neural network model to obtain effective embedded representation of the flow trace graph;
and the output module is used for carrying out website fingerprint classification by utilizing the effective embedded representation of the flow trace graph.
9. An electronic apparatus, comprising a memory and a processor, the memory storing a computer program configured to be executed by the processor, the computer program comprising instructions for performing the method of any of claims 1 to 7.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a computer, implements the method of any one of claims 1 to 7.
CN202111191717.5A 2021-10-13 2021-10-13 Fine-grained encrypted website fingerprint classification method and device based on graph attention pooling network Pending CN114510615A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111191717.5A CN114510615A (en) 2021-10-13 2021-10-13 Fine-grained encrypted website fingerprint classification method and device based on graph attention pooling network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111191717.5A CN114510615A (en) 2021-10-13 2021-10-13 Fine-grained encrypted website fingerprint classification method and device based on graph attention pooling network

Publications (1)

Publication Number Publication Date
CN114510615A true CN114510615A (en) 2022-05-17

Family

ID=81547910

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111191717.5A Pending CN114510615A (en) 2021-10-13 2021-10-13 Fine-grained encrypted website fingerprint classification method and device based on graph attention pooling network

Country Status (1)

Country Link
CN (1) CN114510615A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115580547A (en) * 2022-11-21 2023-01-06 中国科学技术大学 Website fingerprint identification method and system based on time-space correlation between network data streams

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115580547A (en) * 2022-11-21 2023-01-06 中国科学技术大学 Website fingerprint identification method and system based on time-space correlation between network data streams

Similar Documents

Publication Publication Date Title
Zeng et al. DeepVCM: A deep learning based intrusion detection method in VANET
US10176364B2 (en) Media content enrichment using an adapted object detector
CN110855648B (en) Early warning control method and device for network attack
CN114422211B (en) HTTP malicious traffic detection method and device based on graph attention network
CN106230809B (en) A kind of mobile Internet public sentiment monitoring method and system based on URL
US20170091303A1 (en) Client-Side Web Usage Data Collection
CN114389966A (en) Network traffic identification method and system based on graph neural network and stream space-time correlation
Shen et al. Efficient fine-grained website fingerprinting via encrypted traffic analysis with deep learning
Wang et al. 2ch-TCN: a website fingerprinting attack over tor using 2-channel temporal convolutional networks
CN115080756A (en) Attack and defense behavior and space-time information extraction method oriented to threat information map
Wu et al. Tdae: Autoencoder-based automatic feature learning method for the detection of dns tunnel
CN115037543A (en) Abnormal network flow detection method based on bidirectional time convolution neural network
Wang et al. Identifying DApps and user behaviors on ethereum via encrypted traffic
CN114338064A (en) Method, device, equipment and storage medium for identifying network traffic type
Wang et al. An unknown protocol syntax analysis method based on convolutional neural network
CN114510615A (en) Fine-grained encrypted website fingerprint classification method and device based on graph attention pooling network
CN113938290A (en) Website de-anonymization method and system for user side traffic data analysis
CN112235254A (en) Rapid identification method for Tor network bridge in high-speed backbone network
CN112437022A (en) Network flow identification method, equipment and computer storage medium
Wu et al. SFIM: Identify user behavior based on stable features
WO2019127652A1 (en) Method for identifying harmful video on basis of user id and credits content and system therefor
Gu et al. An online website fingerprinting defense based on the non-targeted adversarial patch
CN111835720B (en) VPN flow WEB fingerprint identification method based on feature enhancement
TWI591982B (en) Network flow recognization method and recognization system
CN113783920A (en) Method and apparatus for identifying web access portal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination