基于时序双模特征融合的加密FTP指令细粒度识别方法

付春辉; 杨智; 郭渊博; 李勇飞; 金舒原

doi:10.11959/j.issn.1000-436x.2026075

Chinese

您当前的位置：

首页 >

文章列表页 >

基于时序双模特征融合的加密FTP指令细粒度识别方法

学术论文 | 更新时间：2026-05-07

- 基于时序双模特征融合的加密FTP指令细粒度识别方法
- Fine-grained recognition method for encrypted FTP commands based on temporal dual-mode feature fusion
- 通信学报 2026年47卷第4期页码：126-144
- 作者机构：
  
  1.信息工程大学密码工程学院，河南郑州 450004
  2.海南大学网络空间安全学院，海南海口 570228
  3.中山大学计算机学院，广东广州 510275
- 作者简介：
  
  [ "付春辉（1999- ），男，山东潍坊人，信息工程大学博士生，主要研究方向为智能化网络流量分类。" ]
  [ "杨智（1975- ），男，河南开封人，博士，信息工程大学教授、博士生导师，主要研究方向为操作系统安全、云计算安全、隐私保护。" ]
  [ "郭渊博（1975- ），男，陕西周至人，博士，海南大学教授、博士生导师，主要研究方向为大数据安全、态势感知。" ]
  [ "李勇飞（1998- ），男，河南开封人，信息工程大学博士生，主要研究方向为联邦学习安全。" ]
  [ "金舒原（1974- ），女，吉林白城人，博士，中山大学教授、博士生导师，主要研究方向为漏洞挖掘、网络攻防、人工智能安全、操作系统安全。" ]
- 基金信息：
  
  国家自然科学基金资助项目(62472456)
- DOI：10.11959/j.issn.1000-436x.2026075
  中图分类号： TP393
- 收稿：2025-12-31，
  
  修回：2026-03-12，
  
  录用：2026-03-13，
  
  纸质出版：2026-04-20
- 稿件说明：
移动端阅览
付春辉,杨智,郭渊博等.基于时序双模特征融合的加密FTP指令细粒度识别方法[J].通信学报,2026,47(04):126-144.

Fu Chunhui,Yang Zhi,Guo Yuanbo,et al.Fine-grained recognition method for encrypted FTP commands based on temporal dual-mode feature fusion[J].Journal on Communications,2026,47(04):126-144.
付春辉,杨智,郭渊博等.基于时序双模特征融合的加密FTP指令细粒度识别方法[J].通信学报,2026,47(04):126-144. DOI： 10.11959/j.issn.1000-436x.2026075.

Fu Chunhui,Yang Zhi,Guo Yuanbo,et al.Fine-grained recognition method for encrypted FTP commands based on temporal dual-mode feature fusion[J].Journal on Communications,2026,47(04):126-144. DOI： 10.11959/j.issn.1000-436x.2026075.

摘要

针对当前网络流量应用层指令细粒度识别方面存在的不足，提出一种基于时序双模特征融合的加密FTP指令细粒度识别方法，并解决IPsec-ESP加密隧道下的FTP指令识别问题。首先，设计基于加密代理的多约束匹配算法，实现对ESP加密流量的指令级精确标注；然后，构建包含时序双模特征融合的流量分析框架，从宏观流量模式和微观时序动态两个维度提取特征。实验基于加密代理环境获取真实FTP流量数据，实现对24种FTP指令细粒度（响应）的匹配标注和精确识别，并通过5种机器学习模型的对比实验，验证了该方法的有效性。实验结果表明，该方法在加密FTP指令级分类任务中的准确率达95.4%，显著优于传统单模特征方法，为加密网络环境下的应用层流量识别提供新的技术路径。

Abstract

To address deficiencies in fine-grained identification of application-layer commands in network traffic

a fine-grained recognition method for encrypted FTP commands based on temporal dual-modal feature fusion was proposed

solving FTP command identification under IPsec-ESP encrypted tunnels. First

a multi-constraint matching algorithm based on the encrypted proxy was designed to achieve accurate instruction-level annotation of ESP encrypted traffic. Then

a traffic analysis framework with temporal dual-modal feature fusion was constructed to extract features from macroscopic traffic patterns and microscopic temporal dynamics. In experiments

real FTP traffic was obtained in the encrypted proxy environment to realize matching annotation and accurate identification of 24 fine-grained FTP commands (responses). Comparative experiments with five machine learning models verify the effectiveness of the proposed method. The results show that the proposed method achieves 95.4% accuracy in encrypted FTP command-level classification

significantly outperforming traditional single-modal feature methods

providing a new technical approach for application-layer traffic identification in encrypted networks.

关键词

Keywords

references

Cisco . Cisco annual Internet report (2018-2023) [R ] . (2024-12-08) [2025-12-31 ] .

Sharma A , Gupta B B , Singh A K , et al . Orchestration of APT malware evasive manoeuvers employed for eluding anti-virus and sandbox defense [J ] . Computers & Security , 2022 , 115 : 102627 .

Talabani H S , Abdul Z K , Mohammed Saleh H M . DNS over HTTPS tunneling detection system based on selected features via ant colony optimization [J ] . Future Internet , 2025 , 17 ( 5 ): 211 .

中国国家互联网应急中心 . 关于国家授时中心遭受美国国家安全局网络攻击事件的技术分析报告 [R ] . (2025-10-19)[2025-12-31 ] .

National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) . Technical analysis report on the cyber attack against the National Time Service Center (NTSC) by the national security agency (NSA) [R ] . (2025-10-19) [2025-12-31 ] .

Papadogiannaki E , Ioannidis S . A survey on encrypted network traffic analysis applications, techniques, and countermeasures [J ] . ACM Computing Surveys , 2022 , 54 ( 6 ): 1 - 35 .

Wang P , Chen X J , Ye F , et al . A survey of techniques for mobile service encrypted traffic classification using deep learning [J ] . IEEE Access , 2019 , 7 : 54024 - 54033 .

Catal C , Giray G , Tekinerdogan B . Applications of deep learning for mobile malware detection: a systematic literature review [J ] . Neural Computing and Applications , 2022 , 34 ( 2 ): 1007 - 1032 .

Shen M , Ye K , Liu X T , et al . Machine learning-powered encrypted network traffic analysis: a comprehensive survey [J ] . IEEE Communications Surveys & Tutorials , 2023 , 25 ( 1 ): 791 - 824 .

付钰 , 刘涛涛 , 王坤 , 等 . 基于机器学习的加密流量分类研究综述 [J ] . 通信学报 , 2025 , 46 ( 1 ): 167 - 191 .

Fu Y , Liu T T , Wang K , et al . Survey of research on encrypted traffic classification based on machine learning [J ] . Journal on Communications , 2025 , 46 ( 1 ): 167 - 191 .

Zuo M , Guo C Y , Xu H Y , et al . METC: a hybrid deep learning framework for cross-network encrypted DNS over HTTPS traffic detection and tunnel identification [J ] . Information Fusion , 2025 , 121 : 103125 .

Lin P , Ye K J , Hu Y S , et al . A novel multimodal deep learning framework for encrypted traffic classification [J ] . IEEE/ACM Transactions on Networking , 2023 , 31 ( 3 ): 1369 - 1384 .

Yin J N , Cui L , Hao Z Y , et al . BTRFormer: hierarchical learning of encrypted traffic using a masked autoencoder with block-based traffic representation [C ] // Proceedings of the 2025 IEEE 33rd International Conference on Network Protocols (ICNP) . Piscataway : IEEE Press , 2025 : 1 - 12 .

Najm I A , Saeed A H , Ahmad B A , et al . Enhanced network traffic classification with machine learning algorithms [C ] // Proceedings of the Cognitive Models and Artificial Intelligence Conference . New York : ACM , 2024 : 322 - 327 .

Bagui S S , Mink D , Bagui S C , et al . Introducing UWF-ZeekData22: a comprehensive network traffic dataset based on the MITRE ATT&CK framework [J ] . Data , 2023 , 8 ( 1 ): 18 .

Wang Y P , Yun X C , Zhang Y Z , et al . Rethinking robust and accurate application protocol identification [J ] . Computer Networks , 2017 , 129 : 64 - 78 .

Luo J , Chen Z C , Chen W X , et al . A study on the application of the T5 large language model in encrypted traffic classification [J ] . Peer-to-Peer Networking and Applications , 2025 , 18 : 15 .

Wang Z H , Yang Y , Wang Y J . A survey of encrypted traffic classification: datasets, representation, approaches and future thinking [C ] // Proceedings of the 2024 IEEE/ACIS 24th International Conference on Computer and Information Science (ICIS) . Piscataway : IEEE Press , 2024 : 113 - 120 .

张国敏 , 屠智鑫 , 邢长友 , 等 . 基于对抗样本的流量时序特征混淆方法 [J ] . 信息网络安全 , 2024 , 24 ( 12 ): 1882 - 1895 .

Zhang G M , Tu Z X , Xing C Y , et al . Traffic obfuscation method for temporal features based on adversarial example [J ] . Netinfo Security , 2024 , 24 ( 12 ): 1882 - 1895 .

Seydali M , Khunjush F , Akbari B , et al . CBS: a deep learning approach for encrypted traffic classification with mixed spatio-temporal and statistical features [J ] . IEEE Access , 2023 , 11 : 141674 - 141702 .

Wang W , Zhu M , Wang J L , et al . End-to-end encrypted traffic classification with one-dimensional convolution neural networks [C ] // Proceedings of the 2017 IEEE International Conference on Intelligence and Security Informatics (ISI) . Piscataway : IEEE Press , 2017 : 43 - 48 .

Bu Z Y , Zhou B , Cheng P Y , et al . Encrypted network traffic classification using deep and parallel network-in-network models [J ] . IEEE Access , 2020 , 8 : 132950 - 132959 .

Akbari I , Salahuddin M A , Aniva L , et al . A look behind the curtain: traffic classification in an increasingly encrypted web [J ] . Proceedings of the ACM on Measurement and Analysis of Computing Systems , 2021 , 5 ( 1 ): 1 - 26 .

Chen Z H , Cheng G , Wei Z J , et al . Higher layers, better results: application layer feature engineering in encrypted traffic classification [C ] // Proceedings of International Conference on Wireless Algorithms, Systems, and Applications . Cham : Springer , 2022 : 548 - 556 .

Xu S J , Kong K C , Jin X B , et al . Unveiling traffic paths: Explainable path signature feature-based encrypted traffic classification [J ] . Computers & Security , 2025 , 150 : 104283 .

Kala J , Soukup D . Automated annotation of network traffic with data from Web browser [C ] // Proceedings of 10th Prague Embedded Systems Workshop . Prague : Czech Technical University in Prague , 2022 : 87 - 94 .

Torres J L G , Catania C A , Veas E . Active learning approach to label network traffic datasets [J ] . Journal of Information Security and Applications , 2019 , 49 : 102388 .

Ravi V , Poornima A S . Designing a robust network traffic annotator and classifier using active learning technique [C ] // Proceedings of the 2024 Asia Pacific Conference on Innovation in Technology (APCIT) . Piscataway : IEEE Press , 2024 : 1 - 5 .

Cordero C G , Vasilomanolakis E , Wainakh A , et al . On generating network traffic datasets with synthetic attacks for intrusion detection [J ] . ACM Transactions on Privacy and Security , 2021 , 24 ( 2 ): 1 - 39 .

Heng Y Q , Chandrasekhar V , Andrews J G . UTMobileNetTraffic2021: a labeled public network traffic dataset [J ] . IEEE Networking Letters , 2021 , 3 ( 3 ): 156 - 160 .

Bomma H P . Navigating the challenges of data encryption and compliance regulations: FTP vs SFTP [J ] . International Journal of Innovative Research in Engineering & Multidisciplinary Physical Sciences , 2021 , 9 ( 5 ): 1 - 6 .

Faouzi J . Time series classification: a review of algorithms and implementations [C ] // Proceedings of Time Series Analysis-Recent Advances, New Perspectives and Applications . London : IntechOpen , 2024 : 298 - 332 .

Dai J B , Xu X L , Gao H H , et al . CMFTC: cross modality fusion efficient multitask encrypt traffic classification in IIoT environment [J ] . IEEE Transactions on Network Science and Engineering , 2023 , 10 ( 6 ): 3989 - 4009 .

Polák M , Sedlák D , Fesl J , et al . Real data center network traffic dataset and analysis [C ] // Proceedings of the 2024 IEEE 13th International Conference on Cloud Networking (CloudNet) . Piscataway : IEEE Press , 2024 : 1 - 5 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向6G的内生智能频谱管控关键技术研究

基于数据特征的成员推理增强攻击方法

基于并联分支联合编码的网络恶意流量分类研究

IP地理定位技术综述：理论、方法与应用创新