Encrypted Traffic Identification Based on N-gram Entropy and Cumulative Sum Test

With the rapid growth of the encrypted network traffic, the identification to it becomes a hot topic in information security. Since the existing methods have difficulties in identifying the application which the encrypted traffic belongs to, a new encrypted traffic identification scheme is proposed in this paper. The proposed scheme has two levels. In the first level, the entropy and estimation of Monte Carlo π value as features are used to identify the encrypted traffic by C4.5 decision tree. In the second level, the application types are distinguished from the encrypted traffic selected above. First, the variational automatic encoder is used to extract the layer features, which is combined with the frequently-used stream features. Meanwhile, the mutual information is used to reduce the dimensionality of the combination features. Finally, the random forest classifier is used to obtain the optimal result. Compared with the existing methods, the experimental results show that the proposed scheme not only has faster convergence speed but also achieves better performance in the recognition accuracy, recall rate, and F1-Measure, which is higher than 97%.

Download Full-text

An analysis of clustering objectives for feature selection applied to encrypted traffic identification

IEEE Congress on Evolutionary Computation ◽

10.1109/cec.2010.5586163 ◽

2010 ◽

Cited By ~ 1

Author(s):

Carlos Bacquet ◽

Nur A. Zincir-Heywood ◽

Malcolm I. Heywood

Keyword(s):

Feature Selection ◽

Traffic Identification ◽

Encrypted Traffic

Download Full-text

Generalization of signatures for SSH encrypted traffic identification

2009 IEEE Symposium on Computational Intelligence in Cyber Security ◽

10.1109/cicybs.2009.4925105 ◽

2009 ◽

Cited By ~ 18

Author(s):

Riyad Alshammari ◽

Nur Zincir-Heywood

Keyword(s):

Traffic Identification ◽

Encrypted Traffic

Download Full-text

A Method for TLS Malicious Traffic Identification Based on Machine Learning

Advances in Science and Technology ◽

10.4028/www.scientific.net/ast.105.291 ◽

2021 ◽

Vol 105 ◽

pp. 291-301

Author(s):

Wei Wang ◽

Cheng Sheng Sun ◽

Jia Ning Ye

Keyword(s):

Feature Extraction ◽

Relevant Information ◽

Extraction Process ◽

Identification Accuracy ◽

Security And Privacy ◽

Feature Extraction Method ◽

Traffic Identification ◽

Work Related ◽

Encrypted Traffic ◽

Network Security Management

With more and more malicious traffic using TLS protocol encryption, efficient identification of TLS malicious traffic has become an increasingly important task in network security management in order to ensure communication security and privacy. Most of the traditional traffic identification methods on TLS malicious encryption only adopt the common characteristics of ordinary traffic, which results in the increase of coupling among features and then the low identification accuracy. In addition, most of the previous work related to malicious traffic identification extracted features directly from the data flow without recording the extraction process, making it difficult for subsequent traceability. Therefore, this paper implements an efficient feature extraction method with structural correlation for TLS malicious encrypted traffic. The traffic feature extraction process is logged in modules, and the index is used to establish relevant information links, so as to analyse the context and facilitate subsequent feature analysis and problem traceability. Finally, Random Forest is used to realize efficient TLS malicious traffic identification with an accuracy of up to 99.38%.

Download Full-text

Deep learning-based real-time VPN encrypted traffic identification methods

Journal of Real-Time Image Processing ◽

10.1007/s11554-019-00930-6 ◽

2019 ◽

Vol 17 (1) ◽

pp. 103-114 ◽

Cited By ~ 2

Author(s):

Lulu Guo ◽

Qianqiong Wu ◽

Shengli Liu ◽

Ming Duan ◽

Huijie Li ◽

...

Keyword(s):

Deep Learning ◽

Real Time ◽

Identification Methods ◽

Traffic Identification ◽

Encrypted Traffic

Download Full-text

Genetic optimization and hierarchical clustering applied to encrypted traffic identification

2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) ◽

10.1109/cicybs.2011.5949391 ◽

2011 ◽

Cited By ~ 17

Author(s):

Carlos Bacquet ◽

A. Nur Zincir-Heywood ◽

Malcolm I. Heywood

Keyword(s):

Hierarchical Clustering ◽

Genetic Optimization ◽

Traffic Identification ◽

Encrypted Traffic

Download Full-text

Skype Traffic Identification Based on Trends-Aware Protocol Fingerprints

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.543-547.2249 ◽

2014 ◽

Vol 543-547 ◽

pp. 2249-2254 ◽

Cited By ~ 2

Author(s):

Wei Wang ◽

Dong Nian Cheng

Keyword(s):

Real Time ◽

Rapid Identification ◽

Traffic Identification ◽

Security Control ◽

Network Quality ◽

Encrypted Traffic ◽

P2p Technology ◽

Signaling Interactions ◽

Better Than

The P2P technology consumes the largest proportion of network traffic and is usually encrypted, which is lack of supervision. Accurate and rapid identification of encrypted P2P traffic, represented by the famous Skype, is of great significance to improve the network quality of service and enhance security control. In this paper, a trends-aware protocol fingerprints model is proposed based on the statistical signatures of signaling interactions and content transfer phase of Skype. The proposed method can sense traffic trends by trends-aware weighting functions and identify Skype traffic with anomaly scores in real-time. Experimental results show that the precision and real-time performances of the proposed algorithm is better than several state-of-art encrypted traffic identification methods, such as the protocol fingerprints and C4.5 algorithm.

Download Full-text