CSTNET

The increasing prevalence of encrypted traffic inmodern networks poses significant challenges for network security,particularly in detecting and classifying malicious activitiesand application signatures. To overcome this issue, deep learninghas turned out to be a promising candidate owing to its abilityto learn complex data patterns. In this work, we present adeep learning-based novel and robust framework for encryptedtraffic analysis (ETA) which leverages the power of BidirectionalEncoder Representations from Transformers (BERT) and LongShort-Term Memory (LSTM) networks. Our proposed frameworkleverages the capability of LSTM to capture long-termdependencies in sequential data for modeling the temporal patternsof network packets, while BERT enhances this by providingan understanding of the bidirectional context within packetsequences. Hence, this approach of ETA relies on LSTM forenabling effective detection of anomalies and prediction of futurepacket where BERT provides a deeper contextual understandingof the traffic flow. Publicly available dataset ISCXVPN2016and CSTNET are used to test our proposed framework whichoutperformed the existing works by yielding an accuracy rate(AC) of 99.65%, precision (PR) of 99.53% and recall (RC) of99.28%. The proposed framework serves to efficiently detectOver-the-Top (OTT) application signatures within encryptedtraffic streams, ensuring comprehensive network monitoring andenhanced security measures without compromising the integrityof packets.

现代网络中加密流量的日益普及，为网络安全带来了显著挑战，尤其在恶意活动检测分类与应用签名识别领域。为破解这一难题，深度学习凭借其学习复杂数据模式的能力，成为极具前景的解决方案。本研究提出一种基于深度学习的新颖鲁棒加密流量分析（Encrypted Traffic Analysis, ETA）框架，该框架融合了Transformer双向编码器表征模型（Bidirectional Encoder Representations from Transformers, BERT）与长短期记忆网络（Long Short-Term Memory, LSTM）的强大能力。所提框架借助LSTM捕获时序数据中长期依赖关系的能力，对网络数据包的时序特征进行建模；而BERT则通过捕捉数据包序列内的双向上下文信息，进一步优化建模过程。因此，该加密流量分析方法依托LSTM实现异常的有效检测与未来数据包预测，同时借助BERT实现对流量流更深入的上下文理解。本研究采用公开数据集ISCXVPN2016与CSTNET对所提框架开展测试，结果显示其性能优于现有相关研究：准确率（Accuracy, AC）达99.65%，精确率（Precision, PR）达99.53%，召回率（Recall, RC）达99.28%。所提框架可高效检测加密流量流中的OTT（Over-the-Top）应用签名，在不破坏数据包完整性的前提下，实现全面网络监控与强化的安全防护措施。