基于对比学习和预训练Transformer的流量隐匿数据检测方法  

作　　者：何帅[1,2] 张京超 徐笛 江帅 郭晓威 付才 HE Shuai;ZHANG Jingchao;XU Di;JIANG Shuai;GUO Xiaowei;FU Cai(School of Cyberspace Science and Engineering,Huazhong University of Science and Technology,Wuhan 430040,China;Hubei Key Laboratory of Distributed System Security,Wuhan 430040,China)

机构地区：[1]华中科技大学网络空间安全学院,湖北武汉430040 [2]分布式系统安全湖北省重点实验室,湖北武汉430040

出　　处：《通信学报》2025年第3期221-233,共13页Journal on Communications

基　　金：国家重点研发计划基金资助项目(No.2023YFB3106402);国家自然科学基金资助项目(No.62072200)。

摘　　要：为解决海量加密流量难表征、恶意行为难感知以及隐私数据归属难识别的问题,提出了一种基于对比学习和预训练Transformer的流量隐匿数据检测方法。考虑加密流量的高度复杂性、非结构化的特点以及传统下游任务的微调方法在加密流量领域的效果不佳的挑战,数据报文通过提取数据包序列被转换为类似自然语言处理中的词元。然后利用预训练Transformer模型将浅层表征转换为适用于多种加密流量下游任务的通用流量表征。通过将流量中的隐匿数据检测问题转换为相似性分析问题,基于对比学习的思想设计了一种差异性敏感的Transformer模型架构,同时使用样本的正负样本对增强模型对流量差异性的感知能力,并提出使用信息对比估计作为加密流量下游任务微调的损失函数。实验结果表明,所提方法在检测准确率、精确率、召回率以及F1分数等方面优于主流方法。To solve the problems of characterizing representing massive encrypted traffic,perceiving malicious behaviors,and identifying the ownership of privacy data,a traffic concealed data detection method was proposed based on contrastive learning and pre-trained Transformer.Considering the high complexity,unstructured nature of encrypted traffic,and the insufficient performance of traditional fine-tuning methods for downstream tasks in the encrypted traffic domain,data packets were first transformed into tokens which was similar to those used in natural language processing.Then,a pre-trained Transformer model was utilized to convert shallow representations into a general traffic representation,which was suitable for various encrypted traffic downstream tasks.By transforming the problem of concealed data detection into a similarity analysis problem,a diversity-sensitive Transformer architecture was developed leveraging contrastive learning,which enhanced the model’s sensitivity to traffic differences through the use of positive and negative sample pairs,and using information noise contrastive estimation(Info NCE)as the loss function for fine-tuning downstream tasks of encrypted traffic.Experimental results show that the proposed method outperforms mainstream methods in terms of accuracy,precision,recall and F1 score.

关 键 词：流量隐匿数据检测 预训练Transformer模型 对比学习 加密流量 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]