[关键词]
[摘要]
加密视频识别是网络安全和网络管理领域亟待解决的问题,已有的方法是将视频的加密传输指纹与视频指纹库中的视频指纹进行匹配,从而识别出加密传输的视频.现有工作主要集中在匹配识别算法的研究上,但是没有专门针对待匹配数据源的研究,也缺少在大型视频指纹库里对这些算法的查准率和假阳率指标的分析,由此造成现有成果的实用性不能保证.针对这一问题,首先分析使用安全传输层协议加密的应用数据单元(application data unit,简称ADU)密文长度相对明文长度发生漂移的原因,首次将HTTP头部特征和TLS片段特征作为ADU长度复原的拟合特征,提出了一种对加密ADU指纹精准复原方法HHTF,并将其应用于加密视频识别.基于真实Facebook视频模拟构建了20万级的大型指纹库.从理论上推导并计算出:只需已有方法十分之一的ADU数目,在该指纹库中视频识别准确率、查准率、查全率达到100%,假阳率达到0.在模拟大型视频指纹库中的实验结果与理论推导结果一致.HHTF方法的应用,使得在大规模视频指纹库场景中识别加密传输的视频成为可能,具有很强的实用性和应用价值.
[Key word]
[Abstract]
Encrypted video identification is an urgent problem in the field of network security and network management. The existing methods are to match the video transmission fingerprint of encrypted video with the video fingerprint in the video fingerprint database. The existing research mainly focuses on the study of matching recognition algorithm, but there is neither particular research on matching data sources nor the analysis of precision and false positive rate in large-scale video fingerprint library. The resulting practicality of existing methods cannot be guaranteed. In order to address this problem, this study firstly analyses the reason why the length of the cipher text of the application data unit (ADU) encrypted by TLS drifts relative to the length of the plaintext. For the first time, HTTP head feature and TLS fragment features are used as fitting features for ADU length restoration, and then this study proposes an accurate fingerprint restoration method HHTF for the encrypted ADU, and applies HHTF to the encrypted video recognition. A large fingerprint database of 200 000 videos was built based on the simulation of real Facebook videos. Theoretical derivation and calculation demonstrate that the accuracy, precision, and recall rate can reach 100%, and the false positive rate is 0 requiring only one-tenth the numbers of ADUs of the existing method. The experimental results in simulating large-scale video fingerprint database are consistent with the theoretical calculations. The application of the HHTF method makes it possible to recognize encrypted transmitted video in large-scale video fingerprint library scenarios, which is of great practicality and application value.
[中图分类号]
TP37
[基金项目]
国家重点研发计划(2017YFB0801703,2018YFB1800602);教育部-中国移动科研基金(MCM20180506);国家自然科学基金(61602114);赛尔网络下一代互联网技术创新项目(NGIICS20190101,NGII20170406)