With the emphasis on user privacy and communication security, encrypted traffic has increased dramatically, which brings great challenges to traffic classification. The classification method of encrypted traffic based...With the emphasis on user privacy and communication security, encrypted traffic has increased dramatically, which brings great challenges to traffic classification. The classification method of encrypted traffic based on GNN can deal with encrypted traffic well. However, existing GNN-based approaches ignore the relationship between client or server packets. In this paper, we design a network traffic topology based on GCN, called Flow Mapping Graph (FMG). FMG establishes sequential edges between vertexes by the arrival order of packets and establishes jump-order edges between vertexes by connecting packets in different bursts with the same direction. It not only reflects the time characteristics of the packet but also strengthens the relationship between the client or server packets. According to FMG, a Traffic Mapping Classification model (TMC-GCN) is designed, which can automatically capture and learn the characteristics and structure information of the top vertex in FMG. The TMC-GCN model is used to classify the encrypted traffic. The encryption stream classification problem is transformed into a graph classification problem, which can effectively deal with data from different data sources and application scenarios. By comparing the performance of TMC-GCN with other classical models in four public datasets, including CICIOT2023, ISCXVPN2016, CICAAGM2017, and GraphDapp, the effectiveness of the FMG algorithm is verified. The experimental results show that the accuracy rate of the TMC-GCN model is 96.13%, the recall rate is 95.04%, and the F1 rate is 94.54%.展开更多
With the rapid expansion of multimedia data,protecting digital information has become increasingly critical.Reversible data hiding offers an effective solution by allowing sensitive information to be embedded in multi...With the rapid expansion of multimedia data,protecting digital information has become increasingly critical.Reversible data hiding offers an effective solution by allowing sensitive information to be embedded in multimedia files while enabling full recovery of the original data after extraction.Audio,as a vital medium in communication,entertainment,and information sharing,demands the same level of security as images.However,embedding data in encrypted audio poses unique challenges due to the trade-offs between security,data integrity,and embedding capacity.This paper presents a novel interpolation-based reversible data hiding algorithm for encrypted audio that achieves scalable embedding capacity.By increasing sample density through interpolation,embedding opportunities are significantly enhanced while maintaining encryption throughout the process.The method further integrates multiple most significant bit(multi-MSB)prediction and Huffman coding to optimize compression and embedding efficiency.Experimental results on standard audio datasets demonstrate the proposed algorithm’s ability to embed up to 12.47 bits per sample with over 9.26 bits per sample available for pure embedding capacity,while preserving full reversibility.These results confirm the method’s suitability for secure applications that demand high embedding capacity and perfect reconstruction of original audio.This work advances reversible data hiding in encrypted audio by offering a secure,efficient,and fully reversible data hiding framework.展开更多
Network traffic classification is a crucial research area aimed at improving quality of service,simplifying network management,and enhancing network security.To address the growing complexity of cryptography,researche...Network traffic classification is a crucial research area aimed at improving quality of service,simplifying network management,and enhancing network security.To address the growing complexity of cryptography,researchers have proposed various machine learning and deep learning approaches to tackle this challenge.However,existing mainstream methods face several general issues.On one hand,the widely used Transformer architecture exhibits high computational complexity,which negatively impacts its efficiency.On the other hand,traditional methods are often unreliable in traffic representation,frequently losing important byte information while retaining unnecessary biases.To address these problems,this paper introduces the Swin Transformer architecture into the domain of network traffic classification and proposes the NetST(Network Swin Transformer)model.This model improves the Swin Transformer to better accommodate the characteristics of network traffic,effectively addressing efficiency issues.Furthermore,this paper presents a traffic representation scheme designed to extract meaningful information from large volumes of traffic while minimizing bias.We integrate four datasets relevant to network traffic classification for our experiments,and the results demonstrate that NetST achieves a high accuracy rate while maintaining low memory usage.展开更多
With the widespread adoption of encrypted Domain Name System(DNS)technologies such as DNS over Hyper Text Transfer Protocol Secure(HTTPS),traditional port and protocol-based traffic analysis methods have become ineffe...With the widespread adoption of encrypted Domain Name System(DNS)technologies such as DNS over Hyper Text Transfer Protocol Secure(HTTPS),traditional port and protocol-based traffic analysis methods have become ineffective.Although encrypted DNS enhances user privacy protection,it also provides concealed communication channels for malicious software,compelling detection technologies to shift towards statistical featurebased and machine learning approaches.However,these methods still face challenges in real-time performance and privacy protection.This paper proposes a real-time identification technology for encrypted DNS traffic with privacy protection.Firstly,a hierarchical architecture of cloud-edge-end collaboration is designed,incorporating task offloading strategies to balance privacy protection and identification efficiency.Secondly,a privacy-preserving federated learning mechanismbased on Federated Robust Aggregation(FedRA)is proposed,utilizingMedoid aggregation and differential privacy techniques to ensure data privacy and enhance identification accuracy.Finally,an edge offloading strategy based on a dynamic priority scheduling algorithm(DPSA)is designed to alleviate terminal burden and reduce latency.Simulation results demonstrate that the proposed technology significantly improves the accuracy and realtime performance of encrypted DNS traffic identification while protecting privacy,making it suitable for various network environments.展开更多
The proliferation of internet traffic encryption has become a double-edged sword. While it significantly enhances user privacy, it also inadvertently shields cyber-attacks from detection, presenting a formidable chall...The proliferation of internet traffic encryption has become a double-edged sword. While it significantly enhances user privacy, it also inadvertently shields cyber-attacks from detection, presenting a formidable challenge to cybersecurity. Traditional machine learning and deep learning techniques often fall short in identifying encrypted malicious traffic due to their inability to fully extract and utilize the implicit relational and positional information embedded within data packets. This limitation has led to an unresolved challenge in the cybersecurity community: how to effectively extract valuable insights from the complex patterns of traffic packet transmission. Consequently, this paper introduces the TB-Graph model, an encrypted malicious traffic classification model based on a relational graph attention network. The model is a heterogeneous traffic burst graph that embeds side-channel features, which are unaffected by encryption, into the graph nodes and connects them with three different types of burst edges. Subsequently, we design a relational positional coding that prevents the loss of temporal relationships between the original traffic flows during graph transformation. Ultimately, TB-Graph leverages the powerful graph representation learning capabilities of Relational Graph Attention Network (RGAT) to extract latent behavioral features from the burst graph nodes and edge relationships. Experimental results show that TB-Graph outperforms various state-of-the-art methods in fine-grained encrypted malicious traffic classification tasks on two public datasets, indicating its enhanced capability for identifying encrypted malicious traffic.展开更多
As an essential function of encrypted Internet traffic analysis,encrypted traffic service classification can support both coarse-grained network service traffic management and security supervision.However,the traditio...As an essential function of encrypted Internet traffic analysis,encrypted traffic service classification can support both coarse-grained network service traffic management and security supervision.However,the traditional plaintext-based Deep Packet Inspection(DPI)method cannot be applied to such a classification.Moreover,machine learning-based existing methods encounter two problems during feature selection:complex feature overcost processing and Transport Layer Security(TLS)version discrepancy.In this paper,we consider differences between encryption network protocol stacks and propose a composite deep learning-based method in multiprotocol environments using a sliding multiple Protocol Data Unit(multiPDU)length sequence as features by fully utilizing the Markov property in a multiPDU length sequence and maintaining suitability with a TLS-1.3 environment.Control experiments show that both Length-Sensitive(LS)composite deep learning model using a capsule neural network and LS-long short time memory achieve satisfactory effectiveness in F1-score and performance.Owing to faster feature extraction,our method is suitable for actual network environments and superior to state-of-the-art methods.展开更多
Remote medical diagnosis can be realized by using the Internet,but when transmitting medical images of patients through the Internet,personal information of patients may be leaked.Aim at the security of medical inform...Remote medical diagnosis can be realized by using the Internet,but when transmitting medical images of patients through the Internet,personal information of patients may be leaked.Aim at the security of medical information system and the protection of medical images,a novel robust zero-watermarking based on SIFT-DCT(Scale Invariant Feature Transform-Discrete Cosine Transform)for medical images in the encrypted domain is proposed.Firstly,the original medical image is encrypted in transform domain based on Logistic chaotic sequence to enhance the concealment of original medical images.Then,the SIFT-DCT is used to extract the feature sequences of encrypted medical images.Next,zero-watermarking technology is used to ensure that the region of interest of medical images are not changed.Finally,the robust of the algorithm is evaluated by the correlation coefficient between the original watermark and the attacked watermark.A series of attack experiments are carried out on this method,and the results show that the algorithm is not only secure,but also robust to both traditional and geometric attacks,especially in clipping attacks.展开更多
In order to solve the problem of patient information security protection in medical images,whilst also taking into consideration the unchangeable particularity of medical images to the lesion area and the need for med...In order to solve the problem of patient information security protection in medical images,whilst also taking into consideration the unchangeable particularity of medical images to the lesion area and the need for medical images themselves to be protected,a novel robust watermarking algorithm for encrypted medical images based on dual-tree complex wavelet transform and discrete cosine transform(DTCWT-DCT)and chaotic map is proposed in this paper.First,DTCWT-DCT transformation was performed on medical images,and dot product was per-formed in relation to the transformation matrix and logistic map.Inverse transformation was undertaken to obtain encrypted medical images.Then,in the low-frequency part of the DTCWT-DCT transformation coefficient of the encrypted medical image,a set of 32 bits visual feature vectors that can effectively resist geometric attacks are found to be the feature vector of the encrypted medical image by using perceptual hashing.After that,different logistic initial values and growth parameters were set to encrypt the watermark,and zero-watermark technology was used to embed and extract the encrypted medical images by combining cryptography and third-party concepts.The proposed watermarking algorithm does not change the region of interest of medical images thus it does not affect the judgment of doctors.Additionally,the security of the algorithm is enhanced by using chaotic mapping,which is sensitive to the initial value in order to encrypt the medical image and the watermark.The simulation results show that the pro-posed algorithm has good homomorphism,which can not only protect the original medical image and the watermark information,but can also embed and extract the watermark directly in the encrypted image,eliminating the potential risk of decrypting the embedded watermark and extracting watermark.Compared with the recent related research,the proposed algorithm solves the contradiction between robustness and invisibility of the watermarking algorithm for encrypted medical images,and it has good results against both conventional attacks and geometric attacks.Under geometric attacks in particular,the proposed algorithm performs much better than existing algorithms.展开更多
In this paper, we to detect encrypted botnet propose a novel method traffic. During the traffic preprocessing stage, the proposed payload extraction method can identify a large amount of encrypted applications traffic...In this paper, we to detect encrypted botnet propose a novel method traffic. During the traffic preprocessing stage, the proposed payload extraction method can identify a large amount of encrypted applications traffic. It can filter out a large amount of non-malicious traffic, greatly in, roving the detection efficiency. A Sequential Probability Ratio Test (SPRT)-based method can find spatialtemporal correlations in suspicious botnet traffic and make an accurate judgment. Experimental resuks show that the false positive and false nega- tive rates can be controlled within a certain range.展开更多
Verifiably encrypted signatures are employed when a signer wants to sign a message for a verifier but does not want the verifier to possess his signature on the message until some certain requirements of his are satis...Verifiably encrypted signatures are employed when a signer wants to sign a message for a verifier but does not want the verifier to possess his signature on the message until some certain requirements of his are satisfied. This paper presented new verifiably encrypted signatures from bilinear pairings. The proposed signatures share the properties of simplicity and efficiency with existing verifiably encrypted signature schemes. To support the proposed scheme, it also exhibited security proofs that do not use random oracle assumption. For existential unforgeability, there exist tight security reductions from the proposed verifiably encrypted signature scheme to a strong but reasonable computational assumption.展开更多
To fulfill the requirements of data security in environments with nonequivalent resources,a high capacity data hiding scheme in encrypted image based on compressive sensing(CS)is proposed by fully utilizing the adapta...To fulfill the requirements of data security in environments with nonequivalent resources,a high capacity data hiding scheme in encrypted image based on compressive sensing(CS)is proposed by fully utilizing the adaptability of CS to nonequivalent resources.The original image is divided into two parts:one part is encrypted with traditional stream cipher;the other part is turned to the prediction error and then encrypted based on CS to vacate room simultaneously.The collected non-image data is firstly encrypted with simple stream cipher.For data security management,the encrypted non-image data is then embedded into the encrypted image,and the scrambling operation is used to further improve security.Finally,the original image and non-image data can be separably recovered and extracted according to the request from the valid users with different access rights.Experimental results demonstrate that the proposed scheme outperforms other data hiding methods based on CS,and is more suitable for nonequivalent resources.展开更多
While encryption technology safeguards the security of network communications,malicious traffic also uses encryption protocols to obscure its malicious behavior.To address the issues of traditional machine learning me...While encryption technology safeguards the security of network communications,malicious traffic also uses encryption protocols to obscure its malicious behavior.To address the issues of traditional machine learning methods relying on expert experience and the insufficient representation capabilities of existing deep learning methods for encrypted malicious traffic,we propose an encrypted malicious traffic classification method that integrates global semantic features with local spatiotemporal features,called BERT-based Spatio-Temporal Features Network(BSTFNet).At the packet-level granularity,the model captures the global semantic features of packets through the attention mechanism of the Bidirectional Encoder Representations from Transformers(BERT)model.At the byte-level granularity,we initially employ the Bidirectional Gated Recurrent Unit(BiGRU)model to extract temporal features from bytes,followed by the utilization of the Text Convolutional Neural Network(TextCNN)model with multi-sized convolution kernels to extract local multi-receptive field spatial features.The fusion of features from both granularities serves as the ultimate multidimensional representation of malicious traffic.Our approach achieves accuracy and F1-score of 99.39%and 99.40%,respectively,on the publicly available USTC-TFC2016 dataset,and effectively reduces sample confusion within the Neris and Virut categories.The experimental results demonstrate that our method has outstanding representation and classification capabilities for encrypted malicious traffic.展开更多
Optical fibers are typically used in telecommunications services for data transmission,where the use of fiber tags is essential to distinguish between the different transmission fibers or channels and thus ensure the ...Optical fibers are typically used in telecommunications services for data transmission,where the use of fiber tags is essential to distinguish between the different transmission fibers or channels and thus ensure the working functionality of the communication system.Traditional physical entity marking methods for fiber labeling are bulky,easily confused,and,most importantly,the label information can be accessed easily by all potential users.This work proposes an encrypted optical fiber tag based on an encoded fiber Bragg grating(FBG)array that is fabricated using a point-by-point femtosecond laser pulse chain inscription method.Gratings with different resonant wavelengths and reflectivities are realized by adjusting the grating period and the refractive index modulations.It is demonstrated that a binary data sequence carried by a fiber tag can be inscribed into the fiber core in the form of an FBG array,and the tag data can be encrypted through appropriate design of the spatial distributions of the FBGs with various reflection wavelengths and reflectivities.The proposed fiber tag technology can be used for applications in port identification,encrypted data storage,and transmission in fiber networks.展开更多
Encrypted traffic classification has become a hot issue in network security research.The class imbalance problem of traffic samples often causes the deterioration of Machine Learning based classifier performance.Altho...Encrypted traffic classification has become a hot issue in network security research.The class imbalance problem of traffic samples often causes the deterioration of Machine Learning based classifier performance.Although the Generative Adversarial Network(GAN)method can generate new samples by learning the feature distribution of the original samples,it is confronted with the problems of unstable training andmode collapse.To this end,a novel data augmenting approach called Graph CWGAN-GP is proposed in this paper.The traffic data is first converted into grayscale images as the input for the proposed model.Then,the minority class data is augmented with our proposed model,which is built by introducing conditional constraints and a new distance metric in typical GAN.Finally,the classical deep learning model is adopted as a classifier to classify datasets augmented by the Condition GAN(CGAN),Wasserstein GAN-Gradient Penalty(WGAN-GP)and Graph CWGAN-GP,respectively.Compared with the state-of-the-art GAN methods,the Graph CWGAN-GP cannot only control the modes of the data to be generated,but also overcome the problem of unstable training and generate more realistic and diverse samples.The experimental results show that the classification precision,recall and F1-Score of theminority class in the balanced dataset augmented in this paper have improved by more than 2.37%,3.39% and 4.57%,respectively.展开更多
The rapidly increasing popularity of mobile devices has changed the methods with which people access various network services and increased net-work traffic markedly.Over the past few decades,network traffic identific...The rapidly increasing popularity of mobile devices has changed the methods with which people access various network services and increased net-work traffic markedly.Over the past few decades,network traffic identification has been a research hotspot in the field of network management and security mon-itoring.However,as more network services use encryption technology,network traffic identification faces many challenges.Although classic machine learning methods can solve many problems that cannot be solved by port-and payload-based methods,manually extract features that are frequently updated is time-consuming and labor-intensive.Deep learning has good automatic feature learning capabilities and is an ideal method for network traffic identification,particularly encrypted traffic identification;Existing recognition methods based on deep learning primarily use supervised learning methods and rely on many labeled samples.However,in real scenarios,labeled samples are often difficult to obtain.This paper adjusts the structure of the auxiliary classification generation adversarial network(ACGAN)so that it can use unlabeled samples for training,and use the wasserstein distance instead of the original cross entropy as the loss function to achieve semisupervised learning.Experimental results show that the identification accuracy of ISCX and USTC data sets using the proposed method yields markedly better performance when the number of labeled samples is small compared to that of convolutional neural network(CNN)based classifier.展开更多
In the IoT(Internet of Things)domain,the increased use of encryption protocols such as SSL/TLS,VPN(Virtual Private Network),and Tor has led to a rise in attacks leveraging encrypted traffic.While research on anomaly d...In the IoT(Internet of Things)domain,the increased use of encryption protocols such as SSL/TLS,VPN(Virtual Private Network),and Tor has led to a rise in attacks leveraging encrypted traffic.While research on anomaly detection using AI(Artificial Intelligence)is actively progressing,the encrypted nature of the data poses challenges for labeling,resulting in data imbalance and biased feature extraction toward specific nodes.This study proposes a reconstruction error-based anomaly detection method using an autoencoder(AE)that utilizes packet metadata excluding specific node information.The proposed method omits biased packet metadata such as IP and Port and trains the detection model using only normal data,leveraging a small amount of packet metadata.This makes it well-suited for direct application in IoT environments due to its low resource consumption.In experiments comparing feature extraction methods for AE-based anomaly detection,we found that using flowbased features significantly improves accuracy,precision,F1 score,and AUC(Area Under the Receiver Operating Characteristic Curve)score compared to packet-based features.Additionally,for flow-based features,the proposed method showed a 30.17%increase in F1 score and improved false positive rates compared to Isolation Forest and OneClassSVM.Furthermore,the proposedmethod demonstrated a 32.43%higherAUCwhen using packet features and a 111.39%higher AUC when using flow features,compared to previously proposed oversampling methods.This study highlights the impact of feature extraction methods on attack detection in imbalanced,encrypted traffic environments and emphasizes that the one-class method using AE is more effective for attack detection and reducing false positives compared to traditional oversampling methods.展开更多
With recent significant development in the portable device market, cloud computing is getting more and more utilized. Many sensitive data are stored in cloud central servers. To ensure privacy, these data are usually ...With recent significant development in the portable device market, cloud computing is getting more and more utilized. Many sensitive data are stored in cloud central servers. To ensure privacy, these data are usually encrypted before being uploaded—making file searching complicated. Although previous cloud computing searchable encryption schemes allow users to search encrypted data by keywords securely, these techniques only support exact keyword search and will fail if there are some spelling errors or if some morphological variants of words are used. In this paper, we provide the solution for fuzzy keyword search over encrypted cloud data. K-grams is used to produce fuzzy results. For security reasons, we use two separate servers that cannot communicate with each other. Our experiment result shows that our system is effective and scalable to handle large number of encrypted files.展开更多
Encrypted traffic plays a crucial role in safeguarding network security and user privacy.However,encrypting malicious traffic can lead to numerous security issues,making the effective classification of encrypted traff...Encrypted traffic plays a crucial role in safeguarding network security and user privacy.However,encrypting malicious traffic can lead to numerous security issues,making the effective classification of encrypted traffic essential.Existing methods for detecting encrypted traffic face two significant challenges.First,relying solely on the original byte information for classification fails to leverage the rich temporal relationships within network traffic.Second,machine learning and convolutional neural network methods lack sufficient network expression capabilities,hindering the full exploration of traffic’s potential characteristics.To address these limitations,this study introduces a traffic classification method that utilizes time relationships and a higher-order graph neural network,termed HGNN-ETC.This approach fully exploits the original byte information and chronological relationships of traffic packets,transforming traffic data into a graph structure to provide the model with more comprehensive context information.HGNN-ETC employs an innovative k-dimensional graph neural network to effectively capture the multi-scale structural features of traffic graphs,enabling more accurate classification.We select the ISCXVPN and the USTC-TK2016 dataset for our experiments.The results show that compared with other state-of-the-art methods,our method can obtain a better classification effect on different datasets,and the accuracy rate is about 97.00%.In addition,by analyzing the impact of varying input specifications on classification performance,we determine the optimal network data truncation strategy and confirm the model’s excellent generalization ability on different datasets.展开更多
Traffic characterization(e.g.,chat,video)and application identifi-cation(e.g.,FTP,Facebook)are two of the more crucial jobs in encrypted network traffic classification.These two activities are typically carried out se...Traffic characterization(e.g.,chat,video)and application identifi-cation(e.g.,FTP,Facebook)are two of the more crucial jobs in encrypted network traffic classification.These two activities are typically carried out separately by existing systems using separate models,significantly adding to the difficulty of network administration.Convolutional Neural Network(CNN)and Transformer are deep learning-based approaches for network traf-fic classification.CNN is good at extracting local features while ignoring long-distance information from the network traffic sequence,and Transformer can capture long-distance feature dependencies while ignoring local details.Based on these characteristics,a multi-task learning model that combines Transformer and 1D-CNN for encrypted traffic classification is proposed(MTC).In order to make up for the Transformer’s lack of local detail feature extraction capability and the 1D-CNN’s shortcoming of ignoring long-distance correlation information when processing traffic sequences,the model uses a parallel structure to fuse the features generated by the Transformer block and the 1D-CNN block with each other using a feature fusion block.This structure improved the representation of traffic features by both blocks and allows the model to perform well with both long and short length sequences.The model simultaneously handles multiple tasks,which lowers the cost of training.Experiments reveal that on the ISCX VPN-nonVPN dataset,the model achieves an average F1 score of 98.25%and an average recall of 98.30%for the task of identifying applications,and an average F1 score of 97.94%,and an average recall of 97.54%for the task of traffic characterization.When advanced models on the same dataset are chosen for comparison,the model produces the best results.To prove the generalization,we applied MTC to CICIDS2017 dataset,and our model also achieved good results.展开更多
Accurate classification of encrypted traffic plays an important role in network management.However,current methods confronts several problems:inability to characterize traffic that exhibits great dispersion,inability ...Accurate classification of encrypted traffic plays an important role in network management.However,current methods confronts several problems:inability to characterize traffic that exhibits great dispersion,inability to classify traffic with multi-level features,and degradation due to limited training traffic size.To address these problems,this paper proposes a traffic granularity-based cryptographic traffic classification method,called Granular Classifier(GC).In this paper,a novel Cardinality-based Constrained Fuzzy C-Means(CCFCM)clustering algorithm is proposed to address the problem caused by limited training traffic,considering the ratio of cardinality that must be linked between flows to achieve good traffic partitioning.Then,an original representation format of traffic is presented based on granular computing,named Traffic Granules(TG),to accurately describe traffic structure by catching the dispersion of different traffic features.Each granule is a compact set of similar data with a refined boundary by excluding outliers.Based on TG,GC is constructed to perform traffic classification based on multi-level features.The performance of the GC is evaluated based on real-world encrypted network traffic data.Experimental results show that the GC achieves outstanding performance for encrypted traffic classification with limited size of training traffic and keeps accurate classification in dynamic network conditions.展开更多
基金supported by the National Key Research and Development Program of China No.2023YFA1009500.
文摘With the emphasis on user privacy and communication security, encrypted traffic has increased dramatically, which brings great challenges to traffic classification. The classification method of encrypted traffic based on GNN can deal with encrypted traffic well. However, existing GNN-based approaches ignore the relationship between client or server packets. In this paper, we design a network traffic topology based on GCN, called Flow Mapping Graph (FMG). FMG establishes sequential edges between vertexes by the arrival order of packets and establishes jump-order edges between vertexes by connecting packets in different bursts with the same direction. It not only reflects the time characteristics of the packet but also strengthens the relationship between the client or server packets. According to FMG, a Traffic Mapping Classification model (TMC-GCN) is designed, which can automatically capture and learn the characteristics and structure information of the top vertex in FMG. The TMC-GCN model is used to classify the encrypted traffic. The encryption stream classification problem is transformed into a graph classification problem, which can effectively deal with data from different data sources and application scenarios. By comparing the performance of TMC-GCN with other classical models in four public datasets, including CICIOT2023, ISCXVPN2016, CICAAGM2017, and GraphDapp, the effectiveness of the FMG algorithm is verified. The experimental results show that the accuracy rate of the TMC-GCN model is 96.13%, the recall rate is 95.04%, and the F1 rate is 94.54%.
基金funded by theNational Science and Technology Council of Taiwan under the grant number NSTC 113-2221-E-035-058.
文摘With the rapid expansion of multimedia data,protecting digital information has become increasingly critical.Reversible data hiding offers an effective solution by allowing sensitive information to be embedded in multimedia files while enabling full recovery of the original data after extraction.Audio,as a vital medium in communication,entertainment,and information sharing,demands the same level of security as images.However,embedding data in encrypted audio poses unique challenges due to the trade-offs between security,data integrity,and embedding capacity.This paper presents a novel interpolation-based reversible data hiding algorithm for encrypted audio that achieves scalable embedding capacity.By increasing sample density through interpolation,embedding opportunities are significantly enhanced while maintaining encryption throughout the process.The method further integrates multiple most significant bit(multi-MSB)prediction and Huffman coding to optimize compression and embedding efficiency.Experimental results on standard audio datasets demonstrate the proposed algorithm’s ability to embed up to 12.47 bits per sample with over 9.26 bits per sample available for pure embedding capacity,while preserving full reversibility.These results confirm the method’s suitability for secure applications that demand high embedding capacity and perfect reconstruction of original audio.This work advances reversible data hiding in encrypted audio by offering a secure,efficient,and fully reversible data hiding framework.
基金supported by National Natural Science Foundation of China(62473341)Key Technologies R&D Program of Henan Province(242102211071,252102211086,252102210166).
文摘Network traffic classification is a crucial research area aimed at improving quality of service,simplifying network management,and enhancing network security.To address the growing complexity of cryptography,researchers have proposed various machine learning and deep learning approaches to tackle this challenge.However,existing mainstream methods face several general issues.On one hand,the widely used Transformer architecture exhibits high computational complexity,which negatively impacts its efficiency.On the other hand,traditional methods are often unreliable in traffic representation,frequently losing important byte information while retaining unnecessary biases.To address these problems,this paper introduces the Swin Transformer architecture into the domain of network traffic classification and proposes the NetST(Network Swin Transformer)model.This model improves the Swin Transformer to better accommodate the characteristics of network traffic,effectively addressing efficiency issues.Furthermore,this paper presents a traffic representation scheme designed to extract meaningful information from large volumes of traffic while minimizing bias.We integrate four datasets relevant to network traffic classification for our experiments,and the results demonstrate that NetST achieves a high accuracy rate while maintaining low memory usage.
文摘With the widespread adoption of encrypted Domain Name System(DNS)technologies such as DNS over Hyper Text Transfer Protocol Secure(HTTPS),traditional port and protocol-based traffic analysis methods have become ineffective.Although encrypted DNS enhances user privacy protection,it also provides concealed communication channels for malicious software,compelling detection technologies to shift towards statistical featurebased and machine learning approaches.However,these methods still face challenges in real-time performance and privacy protection.This paper proposes a real-time identification technology for encrypted DNS traffic with privacy protection.Firstly,a hierarchical architecture of cloud-edge-end collaboration is designed,incorporating task offloading strategies to balance privacy protection and identification efficiency.Secondly,a privacy-preserving federated learning mechanismbased on Federated Robust Aggregation(FedRA)is proposed,utilizingMedoid aggregation and differential privacy techniques to ensure data privacy and enhance identification accuracy.Finally,an edge offloading strategy based on a dynamic priority scheduling algorithm(DPSA)is designed to alleviate terminal burden and reduce latency.Simulation results demonstrate that the proposed technology significantly improves the accuracy and realtime performance of encrypted DNS traffic identification while protecting privacy,making it suitable for various network environments.
文摘The proliferation of internet traffic encryption has become a double-edged sword. While it significantly enhances user privacy, it also inadvertently shields cyber-attacks from detection, presenting a formidable challenge to cybersecurity. Traditional machine learning and deep learning techniques often fall short in identifying encrypted malicious traffic due to their inability to fully extract and utilize the implicit relational and positional information embedded within data packets. This limitation has led to an unresolved challenge in the cybersecurity community: how to effectively extract valuable insights from the complex patterns of traffic packet transmission. Consequently, this paper introduces the TB-Graph model, an encrypted malicious traffic classification model based on a relational graph attention network. The model is a heterogeneous traffic burst graph that embeds side-channel features, which are unaffected by encryption, into the graph nodes and connects them with three different types of burst edges. Subsequently, we design a relational positional coding that prevents the loss of temporal relationships between the original traffic flows during graph transformation. Ultimately, TB-Graph leverages the powerful graph representation learning capabilities of Relational Graph Attention Network (RGAT) to extract latent behavioral features from the burst graph nodes and edge relationships. Experimental results show that TB-Graph outperforms various state-of-the-art methods in fine-grained encrypted malicious traffic classification tasks on two public datasets, indicating its enhanced capability for identifying encrypted malicious traffic.
基金supported by the General Program of the National Natural Science Foundation of China under Grant No.62172093the National Key R&D Program of China under Grant No.2018YFB1800602+1 种基金2019 Industrial Internet Innovation and Development Project,Ministry of Industry and Information Technology(MIIT)under Grant No.6709010003Ministry of Education-China Mobile Research Fund under Grant No.MCM20180506。
文摘As an essential function of encrypted Internet traffic analysis,encrypted traffic service classification can support both coarse-grained network service traffic management and security supervision.However,the traditional plaintext-based Deep Packet Inspection(DPI)method cannot be applied to such a classification.Moreover,machine learning-based existing methods encounter two problems during feature selection:complex feature overcost processing and Transport Layer Security(TLS)version discrepancy.In this paper,we consider differences between encryption network protocol stacks and propose a composite deep learning-based method in multiprotocol environments using a sliding multiple Protocol Data Unit(multiPDU)length sequence as features by fully utilizing the Markov property in a multiPDU length sequence and maintaining suitability with a TLS-1.3 environment.Control experiments show that both Length-Sensitive(LS)composite deep learning model using a capsule neural network and LS-long short time memory achieve satisfactory effectiveness in F1-score and performance.Owing to faster feature extraction,our method is suitable for actual network environments and superior to state-of-the-art methods.
基金This work is supported by the Key Reach Project of Hainan Province[ZDYF2018129]the National Natural Science Foundation of China[61762033]+3 种基金the National Natural Science Foundation of Hainan[2018CXTD333]the Key Innovation and Entrepreneurship Project of Hainan University[Hdcxcyxm201711]the Higher Education Research Project of Hainan Province(Hnky2019-73)the Key Research Project of Haikou College of Economics[HJKZ18-01].
文摘Remote medical diagnosis can be realized by using the Internet,but when transmitting medical images of patients through the Internet,personal information of patients may be leaked.Aim at the security of medical information system and the protection of medical images,a novel robust zero-watermarking based on SIFT-DCT(Scale Invariant Feature Transform-Discrete Cosine Transform)for medical images in the encrypted domain is proposed.Firstly,the original medical image is encrypted in transform domain based on Logistic chaotic sequence to enhance the concealment of original medical images.Then,the SIFT-DCT is used to extract the feature sequences of encrypted medical images.Next,zero-watermarking technology is used to ensure that the region of interest of medical images are not changed.Finally,the robust of the algorithm is evaluated by the correlation coefficient between the original watermark and the attacked watermark.A series of attack experiments are carried out on this method,and the results show that the algorithm is not only secure,but also robust to both traditional and geometric attacks,especially in clipping attacks.
基金supported by the Key Research Project of Hainan Province[ZDYF2018129]the Higher Education Research Project of Hainan Province(Hnky2019-73)+3 种基金the National Natural Science Foundation of China[61762033]the Natural Science Foundation of Hainan[617175]the Special Scientific Research Project of Philosophy and Social Sciences of Chongqing Medical University[201703]the Key Research Project of Haikou College of Economics[HJKZ18-01].
文摘In order to solve the problem of patient information security protection in medical images,whilst also taking into consideration the unchangeable particularity of medical images to the lesion area and the need for medical images themselves to be protected,a novel robust watermarking algorithm for encrypted medical images based on dual-tree complex wavelet transform and discrete cosine transform(DTCWT-DCT)and chaotic map is proposed in this paper.First,DTCWT-DCT transformation was performed on medical images,and dot product was per-formed in relation to the transformation matrix and logistic map.Inverse transformation was undertaken to obtain encrypted medical images.Then,in the low-frequency part of the DTCWT-DCT transformation coefficient of the encrypted medical image,a set of 32 bits visual feature vectors that can effectively resist geometric attacks are found to be the feature vector of the encrypted medical image by using perceptual hashing.After that,different logistic initial values and growth parameters were set to encrypt the watermark,and zero-watermark technology was used to embed and extract the encrypted medical images by combining cryptography and third-party concepts.The proposed watermarking algorithm does not change the region of interest of medical images thus it does not affect the judgment of doctors.Additionally,the security of the algorithm is enhanced by using chaotic mapping,which is sensitive to the initial value in order to encrypt the medical image and the watermark.The simulation results show that the pro-posed algorithm has good homomorphism,which can not only protect the original medical image and the watermark information,but can also embed and extract the watermark directly in the encrypted image,eliminating the potential risk of decrypting the embedded watermark and extracting watermark.Compared with the recent related research,the proposed algorithm solves the contradiction between robustness and invisibility of the watermarking algorithm for encrypted medical images,and it has good results against both conventional attacks and geometric attacks.Under geometric attacks in particular,the proposed algorithm performs much better than existing algorithms.
基金supported by the National Basic Research Program of China(973 Program)under Grant No.2011CB302903the Priority Academic Program Development of Jiangsu Higher Education Institutions under Grant No.YX002001
文摘In this paper, we to detect encrypted botnet propose a novel method traffic. During the traffic preprocessing stage, the proposed payload extraction method can identify a large amount of encrypted applications traffic. It can filter out a large amount of non-malicious traffic, greatly in, roving the detection efficiency. A Sequential Probability Ratio Test (SPRT)-based method can find spatialtemporal correlations in suspicious botnet traffic and make an accurate judgment. Experimental resuks show that the false positive and false nega- tive rates can be controlled within a certain range.
文摘Verifiably encrypted signatures are employed when a signer wants to sign a message for a verifier but does not want the verifier to possess his signature on the message until some certain requirements of his are satisfied. This paper presented new verifiably encrypted signatures from bilinear pairings. The proposed signatures share the properties of simplicity and efficiency with existing verifiably encrypted signature schemes. To support the proposed scheme, it also exhibited security proofs that do not use random oracle assumption. For existential unforgeability, there exist tight security reductions from the proposed verifiably encrypted signature scheme to a strong but reasonable computational assumption.
基金The work was funded by the National Natural Science Foundation of China(Grant Nos.61572089,61502399,61633005)the Chongqing Research Program of Basic Research and Frontier Technology(Grant No.cstc2017jcyjBX0008)+3 种基金the Project Supported by Graduate Student Research and Innovation Foundation of Chongqing(Grant No.CYB17026)the Chongqing Postgraduate Education Reform Project(Grant No.yjg183018)the Chongqing University Postgraduate Education Reform Project(Grant No.cquyjg18219)the Fundamental Research Funds for the Central Universities(Grant Nos.106112017CDJQJ188830,106112017CDJXY180005).
文摘To fulfill the requirements of data security in environments with nonequivalent resources,a high capacity data hiding scheme in encrypted image based on compressive sensing(CS)is proposed by fully utilizing the adaptability of CS to nonequivalent resources.The original image is divided into two parts:one part is encrypted with traditional stream cipher;the other part is turned to the prediction error and then encrypted based on CS to vacate room simultaneously.The collected non-image data is firstly encrypted with simple stream cipher.For data security management,the encrypted non-image data is then embedded into the encrypted image,and the scrambling operation is used to further improve security.Finally,the original image and non-image data can be separably recovered and extracted according to the request from the valid users with different access rights.Experimental results demonstrate that the proposed scheme outperforms other data hiding methods based on CS,and is more suitable for nonequivalent resources.
基金This research was funded by National Natural Science Foundation of China under Grant No.61806171Sichuan University of Science&Engineering Talent Project under Grant No.2021RC15+2 种基金Open Fund Project of Key Laboratory for Non-Destructive Testing and Engineering Computer of Sichuan Province Universities on Bridge Inspection and Engineering under Grant No.2022QYJ06Sichuan University of Science&Engineering Graduate Student Innovation Fund under Grant No.Y2023115The Scientific Research and Innovation Team Program of Sichuan University of Science and Technology under Grant No.SUSE652A006.
文摘While encryption technology safeguards the security of network communications,malicious traffic also uses encryption protocols to obscure its malicious behavior.To address the issues of traditional machine learning methods relying on expert experience and the insufficient representation capabilities of existing deep learning methods for encrypted malicious traffic,we propose an encrypted malicious traffic classification method that integrates global semantic features with local spatiotemporal features,called BERT-based Spatio-Temporal Features Network(BSTFNet).At the packet-level granularity,the model captures the global semantic features of packets through the attention mechanism of the Bidirectional Encoder Representations from Transformers(BERT)model.At the byte-level granularity,we initially employ the Bidirectional Gated Recurrent Unit(BiGRU)model to extract temporal features from bytes,followed by the utilization of the Text Convolutional Neural Network(TextCNN)model with multi-sized convolution kernels to extract local multi-receptive field spatial features.The fusion of features from both granularities serves as the ultimate multidimensional representation of malicious traffic.Our approach achieves accuracy and F1-score of 99.39%and 99.40%,respectively,on the publicly available USTC-TFC2016 dataset,and effectively reduces sample confusion within the Neris and Virut categories.The experimental results demonstrate that our method has outstanding representation and classification capabilities for encrypted malicious traffic.
基金supported by the National Natural Science Foundation of China(62122057,62075136,62105217,62205221,62205222)the Basic and Applied Basic Research Foundation of Guangdong Province(2022B1515120061)Shenzhen Science and Technology Program(Shenzhen Key Laboratory of Ultrafast Laser Micro/Nano Manufacturing ZDSYS20220606100405013,RCYX20200714114524139,JCYJ20200109114001806)。
文摘Optical fibers are typically used in telecommunications services for data transmission,where the use of fiber tags is essential to distinguish between the different transmission fibers or channels and thus ensure the working functionality of the communication system.Traditional physical entity marking methods for fiber labeling are bulky,easily confused,and,most importantly,the label information can be accessed easily by all potential users.This work proposes an encrypted optical fiber tag based on an encoded fiber Bragg grating(FBG)array that is fabricated using a point-by-point femtosecond laser pulse chain inscription method.Gratings with different resonant wavelengths and reflectivities are realized by adjusting the grating period and the refractive index modulations.It is demonstrated that a binary data sequence carried by a fiber tag can be inscribed into the fiber core in the form of an FBG array,and the tag data can be encrypted through appropriate design of the spatial distributions of the FBGs with various reflection wavelengths and reflectivities.The proposed fiber tag technology can be used for applications in port identification,encrypted data storage,and transmission in fiber networks.
基金supported by the National Natural Science Foundation of China (Grants Nos.61931004,62072250)the Talent Launch Fund of Nanjing University of Information Science and Technology (2020r061).
文摘Encrypted traffic classification has become a hot issue in network security research.The class imbalance problem of traffic samples often causes the deterioration of Machine Learning based classifier performance.Although the Generative Adversarial Network(GAN)method can generate new samples by learning the feature distribution of the original samples,it is confronted with the problems of unstable training andmode collapse.To this end,a novel data augmenting approach called Graph CWGAN-GP is proposed in this paper.The traffic data is first converted into grayscale images as the input for the proposed model.Then,the minority class data is augmented with our proposed model,which is built by introducing conditional constraints and a new distance metric in typical GAN.Finally,the classical deep learning model is adopted as a classifier to classify datasets augmented by the Condition GAN(CGAN),Wasserstein GAN-Gradient Penalty(WGAN-GP)and Graph CWGAN-GP,respectively.Compared with the state-of-the-art GAN methods,the Graph CWGAN-GP cannot only control the modes of the data to be generated,but also overcome the problem of unstable training and generate more realistic and diverse samples.The experimental results show that the classification precision,recall and F1-Score of theminority class in the balanced dataset augmented in this paper have improved by more than 2.37%,3.39% and 4.57%,respectively.
基金This work is supported by the Science and Technology Project of State Grid Jiangsu Electric Power Co.,Ltd.under Grant No.J2020068.
文摘The rapidly increasing popularity of mobile devices has changed the methods with which people access various network services and increased net-work traffic markedly.Over the past few decades,network traffic identification has been a research hotspot in the field of network management and security mon-itoring.However,as more network services use encryption technology,network traffic identification faces many challenges.Although classic machine learning methods can solve many problems that cannot be solved by port-and payload-based methods,manually extract features that are frequently updated is time-consuming and labor-intensive.Deep learning has good automatic feature learning capabilities and is an ideal method for network traffic identification,particularly encrypted traffic identification;Existing recognition methods based on deep learning primarily use supervised learning methods and rely on many labeled samples.However,in real scenarios,labeled samples are often difficult to obtain.This paper adjusts the structure of the auxiliary classification generation adversarial network(ACGAN)so that it can use unlabeled samples for training,and use the wasserstein distance instead of the original cross entropy as the loss function to achieve semisupervised learning.Experimental results show that the identification accuracy of ISCX and USTC data sets using the proposed method yields markedly better performance when the number of labeled samples is small compared to that of convolutional neural network(CNN)based classifier.
基金supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.RS-2023-00235509,Development of Security Monitoring Technology Based Network Behavior against Encrypted Cyber Threats in ICT Convergence Environment).
文摘In the IoT(Internet of Things)domain,the increased use of encryption protocols such as SSL/TLS,VPN(Virtual Private Network),and Tor has led to a rise in attacks leveraging encrypted traffic.While research on anomaly detection using AI(Artificial Intelligence)is actively progressing,the encrypted nature of the data poses challenges for labeling,resulting in data imbalance and biased feature extraction toward specific nodes.This study proposes a reconstruction error-based anomaly detection method using an autoencoder(AE)that utilizes packet metadata excluding specific node information.The proposed method omits biased packet metadata such as IP and Port and trains the detection model using only normal data,leveraging a small amount of packet metadata.This makes it well-suited for direct application in IoT environments due to its low resource consumption.In experiments comparing feature extraction methods for AE-based anomaly detection,we found that using flowbased features significantly improves accuracy,precision,F1 score,and AUC(Area Under the Receiver Operating Characteristic Curve)score compared to packet-based features.Additionally,for flow-based features,the proposed method showed a 30.17%increase in F1 score and improved false positive rates compared to Isolation Forest and OneClassSVM.Furthermore,the proposedmethod demonstrated a 32.43%higherAUCwhen using packet features and a 111.39%higher AUC when using flow features,compared to previously proposed oversampling methods.This study highlights the impact of feature extraction methods on attack detection in imbalanced,encrypted traffic environments and emphasizes that the one-class method using AE is more effective for attack detection and reducing false positives compared to traditional oversampling methods.
文摘With recent significant development in the portable device market, cloud computing is getting more and more utilized. Many sensitive data are stored in cloud central servers. To ensure privacy, these data are usually encrypted before being uploaded—making file searching complicated. Although previous cloud computing searchable encryption schemes allow users to search encrypted data by keywords securely, these techniques only support exact keyword search and will fail if there are some spelling errors or if some morphological variants of words are used. In this paper, we provide the solution for fuzzy keyword search over encrypted cloud data. K-grams is used to produce fuzzy results. For security reasons, we use two separate servers that cannot communicate with each other. Our experiment result shows that our system is effective and scalable to handle large number of encrypted files.
基金supported in part by the National Key Research and Development Program of China(No.2022YFB4500800)the National Science Foundation of China(No.42071431).
文摘Encrypted traffic plays a crucial role in safeguarding network security and user privacy.However,encrypting malicious traffic can lead to numerous security issues,making the effective classification of encrypted traffic essential.Existing methods for detecting encrypted traffic face two significant challenges.First,relying solely on the original byte information for classification fails to leverage the rich temporal relationships within network traffic.Second,machine learning and convolutional neural network methods lack sufficient network expression capabilities,hindering the full exploration of traffic’s potential characteristics.To address these limitations,this study introduces a traffic classification method that utilizes time relationships and a higher-order graph neural network,termed HGNN-ETC.This approach fully exploits the original byte information and chronological relationships of traffic packets,transforming traffic data into a graph structure to provide the model with more comprehensive context information.HGNN-ETC employs an innovative k-dimensional graph neural network to effectively capture the multi-scale structural features of traffic graphs,enabling more accurate classification.We select the ISCXVPN and the USTC-TK2016 dataset for our experiments.The results show that compared with other state-of-the-art methods,our method can obtain a better classification effect on different datasets,and the accuracy rate is about 97.00%.In addition,by analyzing the impact of varying input specifications on classification performance,we determine the optimal network data truncation strategy and confirm the model’s excellent generalization ability on different datasets.
基金supported by the People’s Public Security University of China central basic scientific research business program(No.2021JKF206).
文摘Traffic characterization(e.g.,chat,video)and application identifi-cation(e.g.,FTP,Facebook)are two of the more crucial jobs in encrypted network traffic classification.These two activities are typically carried out separately by existing systems using separate models,significantly adding to the difficulty of network administration.Convolutional Neural Network(CNN)and Transformer are deep learning-based approaches for network traf-fic classification.CNN is good at extracting local features while ignoring long-distance information from the network traffic sequence,and Transformer can capture long-distance feature dependencies while ignoring local details.Based on these characteristics,a multi-task learning model that combines Transformer and 1D-CNN for encrypted traffic classification is proposed(MTC).In order to make up for the Transformer’s lack of local detail feature extraction capability and the 1D-CNN’s shortcoming of ignoring long-distance correlation information when processing traffic sequences,the model uses a parallel structure to fuse the features generated by the Transformer block and the 1D-CNN block with each other using a feature fusion block.This structure improved the representation of traffic features by both blocks and allows the model to perform well with both long and short length sequences.The model simultaneously handles multiple tasks,which lowers the cost of training.Experiments reveal that on the ISCX VPN-nonVPN dataset,the model achieves an average F1 score of 98.25%and an average recall of 98.30%for the task of identifying applications,and an average F1 score of 97.94%,and an average recall of 97.54%for the task of traffic characterization.When advanced models on the same dataset are chosen for comparison,the model produces the best results.To prove the generalization,we applied MTC to CICIDS2017 dataset,and our model also achieved good results.
基金supported in part by the Shandong Provincial Natural Science Foundation under Grant ZR2021QF008the National Natural Science Foundation of China under Grant 62072351+1 种基金in part by the open research project of ZheJiang Lab under grant 2021PD0AB01in part by the 111 Project under Grant B16037。
文摘Accurate classification of encrypted traffic plays an important role in network management.However,current methods confronts several problems:inability to characterize traffic that exhibits great dispersion,inability to classify traffic with multi-level features,and degradation due to limited training traffic size.To address these problems,this paper proposes a traffic granularity-based cryptographic traffic classification method,called Granular Classifier(GC).In this paper,a novel Cardinality-based Constrained Fuzzy C-Means(CCFCM)clustering algorithm is proposed to address the problem caused by limited training traffic,considering the ratio of cardinality that must be linked between flows to achieve good traffic partitioning.Then,an original representation format of traffic is presented based on granular computing,named Traffic Granules(TG),to accurately describe traffic structure by catching the dispersion of different traffic features.Each granule is a compact set of similar data with a refined boundary by excluding outliers.Based on TG,GC is constructed to perform traffic classification based on multi-level features.The performance of the GC is evaluated based on real-world encrypted network traffic data.Experimental results show that the GC achieves outstanding performance for encrypted traffic classification with limited size of training traffic and keeps accurate classification in dynamic network conditions.
