2019
DOI: 10.1109/tifs.2019.2911156
|View full text |Cite
|
Sign up to set email alerts
|

HEDGE: Efficient Traffic Classification of Encrypted and Compressed Packets

Abstract: As the size and source of network traffic increase, so does the challenge of monitoring and analysing network traffic. Therefore, sampling algorithms are often used to alleviate these scalability issues. However, the use of high entropy data streams, through the use of either encryption or compression, further compounds the challenge as current state of the art algorithms cannot accurately and efficiently differentiate between encrypted and compressed packets. In this work, we propose a novel traffic classific… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
48
0
2

Year Published

2020
2020
2024
2024

Publication Types

Select...
5
2

Relationship

1
6

Authors

Journals

citations
Cited by 64 publications
(50 citation statements)
references
References 47 publications
0
48
0
2
Order By: Relevance
“…In recent years, the research on encrypted traffic has mainly used feature engineering [8][9][10][11][12][13] to find out the characteristics that best reflect the features of different classes of encrypted traffic and then classify them by selecting an appropriate classifier. Currently, the commonly used classification models are mainly divided into three types: Markov models [14][15][16], traditional machine learning algorithms [17][18][19][20][21], and deep neural network methods [6,[22][23][24][25][26][27][28][29][30][31].…”
Section: Related Workmentioning
confidence: 99%
See 3 more Smart Citations
“…In recent years, the research on encrypted traffic has mainly used feature engineering [8][9][10][11][12][13] to find out the characteristics that best reflect the features of different classes of encrypted traffic and then classify them by selecting an appropriate classifier. Currently, the commonly used classification models are mainly divided into three types: Markov models [14][15][16], traditional machine learning algorithms [17][18][19][20][21], and deep neural network methods [6,[22][23][24][25][26][27][28][29][30][31].…”
Section: Related Workmentioning
confidence: 99%
“…In 2018, Shi et al [12] proposed a new feature optimization method EFOA based on deep learning and feature selection technology, which can provide the best and robust features for traffic classification. In 2019, Casino et al [8] proposed HEDGE, a method to distinguish encrypted traffic from compressed traffic, using three features based on randomness tests as thresholds for distinguishing highentropy files.…”
Section: Related Workmentioning
confidence: 99%
See 2 more Smart Citations
“…FIPS 140-2 and ent both trivially identify JPEG images, but an alarming amount of WEBP images (at least for file sizes less than 101KB) are reported as random by both these methods. While there are statistical means to distinguish encrypted from compressed data [30], it is yet to be seen whether with a larger amount of data and more sophisticated tests WEBP will be detected as non-random. The ability to embed meaningful, visuallyrich information in a random stream cannot be understated; if undetected this could be used as a means of data exfiltration.…”
Section: Discussionmentioning
confidence: 99%