Application identification from encrypted traffic based on characteristic changes by encryption

Application identification is paid much attention by network operators to manage application based traffic control in the Internet. However, encryption is one of the factors to make application identification difficult, because it is so hard to infer the original (unencrypted) packets from encrypted packets. Therefore the accuracy of application identification is getting worse as the increase of encrypted traffic. In this paper, the changes in traffic features due to encryption are analyzed, and two methods are developed that can be used with an existing method for identifying applications from encrypted traffic. Experimental results show that these methods improve identification accuracy up to 28.5% for encrypted traffic compared to existing methods. Moreover, identification using the best combination of flow features enables high accuracy with less computation due to the elimination of features that do not flow a Gaussian distribution and thus degrade accuracy.