With the rapid growth of the encrypted network traffic, the identification to it becomes a hot topic in information security. Since the existing methods have difficulties in identifying the application which the encrypted traffic belongs to, a new encrypted traffic identification scheme is proposed in this paper. The proposed scheme has two levels. In the first level, the entropy and estimation of Monte Carlo π value as features are used to identify the encrypted traffic by C4.5 decision tree. In the second level, the application types are distinguished from the encrypted traffic selected above. First, the variational automatic encoder is used to extract the layer features, which is combined with the frequently-used stream features. Meanwhile, the mutual information is used to reduce the dimensionality of the combination features. Finally, the random forest classifier is used to obtain the optimal result. Compared with the existing methods, the experimental results show that the proposed scheme not only has faster convergence speed but also achieves better performance in the recognition accuracy, recall rate, and F1-Measure, which is higher than 97%.
An Encrypted Traffic Identification Scheme Based on the Multilevel Structure and Variational Automatic Encoder