Title :
Machine learning based encrypted traffic classification: Identifying SSH and Skype
Author :
Alshammari, Riyad ; Heywood, A. Nur Zincir
Author_Institution :
Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada
Abstract :
The objective of this work is to assess the robustness of machine learning based traffic classification for classifying encrypted traffic where SSH and Skype are taken as good representatives of encrypted traffic. Here what we mean by robustness is that the classifiers are trained on data from one network but tested on data from an entirely different network. To this end, five learning algorithms - adaboost, support vector machine, Nai¿e Bayesian, RIPPER and C4.5 - are evaluated using flow based features, where IP addresses, source/destination ports and payload information are not employed. Results indicate the C4.5 based approach performs much better than other algorithms on the identification of both SSH and Skype traffic on totally different networks.
Keywords :
cryptography; learning (artificial intelligence); support vector machines; telecommunication traffic; C4.5 based approach; Nai¿e Bayesian; RIPPER; Skype; adaboost; encrypted traffic classification; flow based features; machine learning; secure shell; support vector machine; traffic classification; Bayesian methods; Cryptography; Financial management; Machine learning; Payloads; Robustness; Support vector machine classification; Support vector machines; Telecommunication traffic; Traffic control;
Conference_Titel :
Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on
Conference_Location :
Ottawa, ON
Print_ISBN :
978-1-4244-3763-4
Electronic_ISBN :
978-1-4244-3764-1
DOI :
10.1109/CISDA.2009.5356534
