Abstract
Encrypted traffic classification is a crucial issue to be addressed with popularization and application of encryption protocols in the network. How to identify and classify encrypted traffic with high efficiency and accuracy has attracted increasing attention for reasons of network management and security. Although many deep learning methods have been reported, high complexity cannot satisfy the real-time classification requirement because of hardware and training costs. In this paper, we propose a lightweight traffic classification method for Transport Layer Security (TLS) protocol based on the Relative Distinguished Name (RDN) field information and k-nearest neighbor (KNN). A specific application is firstly identified by RDN field of TLS handshake messages. Secondly, KNN algorithm is used to classify flows of the same application into different service categories based on carefully selected spatial-temporal features. The effectiveness of the proposed method is well supported by detailed analysis. The experimental results demonstrate the good performance with high speed and precisions of 98.68%, 96.25%, 98.87%, 95.93% for VoIP, Chat, Streaming, File, respectively.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wang, M., et al.: CENTIME: a direct comprehensive traffic features extraction for encrypted traffic classification. In: 2021 IEEE 6th International Conference on Computer and Communication Systems (ICCCS), pp. 490–498 (2021)
Rezaei, S., Kroencke, B., Liu, X.: Large-scale mobile app identification using deep learning. IEEE Access 8, 348–362 (2020)
Dong, C., et al.: CETAnalytics: comprehensive effective traffic information analytics for encrypted traffic classification. Comput. Netw. 176, 107258 (2020)
Wang, W., et al.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI) (2017)
Rasteh, A., et al.: Encrypted Internet traffic classification using a supervised Spiking Neural Network. arXiv preprint arXiv:2101.09818 (2021)
Usama, M., et al.: Unsupervised machine learning for networking: techniques applications and research challenges. IEEE Access 7, 65579–65615 (2019)
Zhang, Y., et al.: STNN: a novel TLS/SSL encrypted traffic classification system based on stereo transform neural network. In: 2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS) (2019)
Kohout, J., et al.: Learning communication patterns for malware discovery in HTTPs data. Expert Syst. Appl. 101, 129–142 (2018)
Lotfollahi, M., et al.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft. Comput. 24(3), 1999–2012 (2019)
Rezaei, S., Liu, X.: Deep learning for encrypted traffic classification: an overview. IEEE Commun. Mag. 57(5), 76–81 (2019)
Pacheco, F., et al.: Towards the deployment of machine learning solutions in network traffic classification: a systematic survey. IEEE Commun. Surv. Tutor. 21(2), 1988–2014 (2019)
Ma, C., Du, X., Cao, L.: Improved KNN algorithm for fine-grained classification of encrypted network flow. Electronics 9(2), 324 (2020)
Hejun, Z., Liehuang, Z.: Encrypted network behaviors identification based on dynamic time warping and k-nearest neighbor. Clust. Comput. 22(2), 2571–2580 (2017)
Shbair, W.M., et al.: Efficiently bypassing SNI-based HTTPS filtering. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015)
McGaughey, D., et al.: A systematic approach of feature selection for encrypted network traffic classification. In: 2018 Annual IEEE International Systems Conference (SysCon) (2018)
Draper-Gil, G., et al.: Characterization of encrypted and vpn traffic using time-related. In: Proceedings of the 2nd international conference on information systems security and privacy (ICISSP) (2016)
Gómez, S.E., et al.: Ensemble network traffic classification: algorithm comparison and novel ensemble scheme proposal. Comput. Netw. 127, 68–80 (2017)
Sun, G., et al.: Internet traffic classification based on incremental support vector machines. Mob. Netw. Appl. 23(4), 789–796 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Hu, J., Zhu, H., Zhang, R. (2022). A Lightweight Encrypted Network Traffic Classification Method Based on Protocol Field and K-Nearest Neighbor. In: Liu, Q., Liu, X., Cheng, J., Shen, T., Tian, Y. (eds) Proceedings of the 12th International Conference on Computer Engineering and Networks. CENet 2022. Lecture Notes in Electrical Engineering, vol 961. Springer, Singapore. https://doi.org/10.1007/978-981-19-6901-0_26
Download citation
DOI: https://doi.org/10.1007/978-981-19-6901-0_26
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-6900-3
Online ISBN: 978-981-19-6901-0
eBook Packages: Computer ScienceComputer Science (R0)