Time Series Analysis for Encrypted Traffic Classification: A Deep Learning Approach

Vu, Ly; Thuy, Hoang Van; Nguyen, Quang Uy; Ngọc, Trần Nguyễn; Nguyen, Diep N.; Hoang, Dinh Thai; Dutkiewicz, Eryk

doi:10.1109/iscit.2018.8587975

Cited by 26 publications

(14 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, each window contains only a single kind of traffic. Draper-Gil used k-Nearest Neighbor and decision tree predictors; Saber et al [26] used under-and over-sampling, PCA, SVMs; Lotfollahi et al [19] used stacked autoencoders and convolutional neural networks; and Vu et al [30] used LSTMs. The best models on this dataset achieve F1 scores up to 0.98 on the single-class prediction problem.…”

Section: Related Workmentioning

confidence: 99%

Activity Detection from Encrypted Remote Desktop Protocol Traffic

Lapczyk¹,

Skillicorn²

2020

Preprint

View full text Add to dashboard Cite

An increasing amount of Internet traffic has its content encrypted. We address the question of whether it is possible to predict the activities taking place over an encrypted channel, in particular Microsoft's Remote Desktop Protocol. We show that the presence of five typical activities can be detected with precision greater than 97% and recall greater than 94% in 30-second traces. We also show that the design of the protocol exposes fine-grained actions such as keystrokes and mouse movements which may be leveraged to reveal properties such as lengths of passwords.

show abstract

Section: Related Workmentioning

confidence: 99%

Activity Detection from Encrypted Remote Desktop Protocol Traffic

Lapczyk¹,

Skillicorn²

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…The conventional ways of network traffic classification are flow based and payload-based methods [4]. The flow-based method utilizes statistical features of traffic flows.…”

Section: Introductionmentioning

confidence: 99%

A CNN Based Encrypted Network Traffic Classifier

Okonkwo

Foo

et al. 2022

Australasian Computer Science Week 2022

View full text Add to dashboard Cite

The internet is responsible for global connectivity and ensuring its safety is a paramount task for governments and organisations. Cybersecurity concerns led to the encryption of over 87% of internet traffic. Encryption ensures security by improving privacy between sender and receiver but creates a problem of in-accurate traffic classification. Previous papers have used Artificial Intelligence to address this problem, however issues such as model simplicity, complexity, imbalanced dataset etc, are problems yet to be addressed. Overfitting, underfitting and ultimately poor classification are outcomes of poorly designed models. This paper applies deep learning to the problem of encrypted traffic classification. A Convolutional Neural Network (CNN) is used to address this problem. An eleven layered architecture is designed and trained with a range of images generated from the metadata of encrypted traffic. At its core, the design is made less complex for understandability and deals with overfitting. The proposed model is assessed with the standard metrics of accuracy, precision, recall and 𝐹 1 score then compared to a baseline model. The model is trained and tested for seven classification problems, using three encryption types (https, vpn, tor). For all classification tasks, the proposed model achieved accuracies ranging from 91% -99%, which is an indication of optimum generalization strength. Our model outperformed the baseline model which had accuracies ranging from 67.6% -99%, an indication of poor generalization strength.

show abstract

“…Javaid et al [4] proposed a network intrusion detection scheme using sparse autoencoders (SAEs). Reference [5] used Long Short Term Memory (LSTM) to extract time series features between traffic groupings. However, the commonly used CNN, LSTM, and other methods improve the classification results while the problem of network computational complexity cannot be ignored.…”

Section: Introductionmentioning

confidence: 99%

ICLSTM: Encrypted Traffic Service Identification Based on Inception-LSTM Neural Network

Luktarhan

Ding

et al. 2021

Symmetry

View full text Add to dashboard Cite

The wide application of encryption technology has made traffic classification gradually become a major challenge in the field of network security. Traditional methods such as machine learning, which rely heavily on feature engineering and others, can no longer fully meet the needs of encrypted traffic classification. Therefore, we propose an Inception-LSTM(ICLSTM) traffic classification method in this paper to achieve encrypted traffic service identification. This method converts traffic data into common gray images, and then uses the constructed ICLSTM neural network to extract key features and perform effective traffic classification. To alleviate the problem of category imbalance, different weight parameters are set for each category separately in the training phase to make it more symmetrical for different categories of encrypted traffic, and the identification effect is more balanced and reasonable. The method is validated on the public ISCX 2016 dataset, and the results of five classification experiments show that the accuracy of the method exceeds 98% for both regular encrypted traffic service identification and VPN encrypted traffic service identification. At the same time, this deep learning-based classification method also greatly simplifies the difficulty of traffic feature extraction work.

show abstract

Time Series Analysis for Encrypted Traffic Classification: A Deep Learning Approach

Cited by 26 publications

References 15 publications

Activity Detection from Encrypted Remote Desktop Protocol Traffic

Activity Detection from Encrypted Remote Desktop Protocol Traffic

A CNN Based Encrypted Network Traffic Classifier

ICLSTM: Encrypted Traffic Service Identification Based on Inception-LSTM Neural Network

Contact Info

Product

Resources

About