Identification of encrypted and malicious network traffic based on one-dimensional convolutional neural network

Abstract

The rapid advancement of the Internet has brought a exponential growth in network traffic. At present, devices deployed at edge nodes process huge amount of data, extract key features of network traffic and then forward them to the cloud server/data center. However, since the efficiency of mobile terminal devices in identifying and classifying encrypted and malicious traffic lags behind, how to identify network traffic more efficiently and accurately remains a challenging problem. We design a convolutional neural network model: One-dimensional convolutional neural network with hexadecimal data (HexCNN-1D) that combines normalized processing and attention mechanisms. By adding the attention mechanism modules Global Attention Block (GAB) and Category Attention Block (CAB), network traffic is classified and identified. By extracting effective load information from hexadecimal network traffic, our model can identify most categories of network traffic including encrypted and malicious traffic data. The experimental results show that the average accuracy is 98.8%. Our model can greatly improve the accuracy of network traffic data recognition.