An Novel Hybrid Method for Effectively Classifying Encrypted Traffic

Author

Sun, Guang-Lu ; Xue, Yibo ; Dong, Yingfei ; Wang, Dongsheng ; Li, Chenglong

Author_Institution

Res. Inst. of Inf. Technol., Tsinghua Univ., Beijing, China

fYear

2010

fDate

6-10 Dec. 2010

Firstpage

1

Lastpage

5

Abstract

Classifying encrypted traffic is critical to effective network analysis and management. While traditional payload- based methods are powerless to deal with encrypted traffic, machine learning methods have been proposed to address this issue. However, these methods often bring heavy overhead into the system. In this paper, we propose a hybrid method that combines signature-based methods and statistical analysis methods to address this issue. We first identify SSL/TLS traffic with signature matching methods, and then apply statistical analysis to determine concrete application protocols. Our experimental results show that the proposed method is able to recognize over 99% of SSL/TLS traffic and achieve 94.52% in F-score for protocols identification.

Keywords

cryptography; learning (artificial intelligence); statistical analysis; telecommunication computing; telecommunication network management; telecommunication security; telecommunication traffic; SSL-TLS traffic; encrypted traffic; machine learning; network analysis; network management; payload- based method; signature matching method; signature-based method; statistical analysis; Accuracy; Bayesian methods; Computational modeling; Cryptography; Protocols; Statistical analysis; Training;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference (GLOBECOM 2010), 2010 IEEE

Conference_Location

Miami, FL

ISSN

1930-529X

Print_ISBN

978-1-4244-5636-9

Electronic_ISBN

1930-529X

Type

conf

DOI

10.1109/GLOCOM.2010.5683649

Filename

5683649