A new dynamic security defense system based on TCP_REPAIR and deep learning

Journal of Cloud Computing

Advances, Systems and Applications

Table 2 1D-CNN comparison experiment table

Experiment	Content	Category	Traffic Type	Whether Encryption	Dataset Size
1	Malicious encrypted traffic identification	2-class	Session	No	26,921
			Session	Yes	12,525
			Flow	No	32,422
			Flow	Yes	17,926
2	Regular encrypted traffic classification	6-class	Session	No	26,921
			Session	Yes	12,525
			Flow	No	32,422
			Flow	Yes	17,926
3	Encrypted traffic classification	12-class	Session	No	26,921
			Session	Yes	12,525
			Flow	No	32,422
			Flow	Yes	17,926

The ISCX dataset classifies data into 12 categories, including 6 categories of regular encrypted traffic (VPN-Email, VPN-Chat, VPN-Streaming, VPN-File Transfer, VPN-VoIP, VPN-P2P) and 6 categories of protocol-encapsulated traffic (Email, Chat, Streaming, File Transfer, VoIP, P2P). In Experiment 1, there were 14,000 malicious traffic and 12,921 normal traffic in the unencrypted data set of Session traffic. There are 7000 malicious traffic and 5525 normal traffic in the encrypted data set. Flow Traffic There are 17,000 malicious traffic and 15,422 normal traffic in the non-encrypted data set. There were 9000 malicious traffic and 8926 normal traffic in the encrypted data set. The above malicious traffic is generated by randomly adding some malicious codes to the traffic data