A Lightweight Encrypted Network Traffic Classification Method Based on Protocol Field and K-Nearest Neighbor

Abstract

AbstractEncrypted traffic classification is a crucial issue to be addressed with popularization and application of encryption protocols in the network. How to identify and classify encrypted traffic with high efficiency and accuracy has attracted increasing attention for reasons of network management and security. Although many deep learning methods have been reported, high complexity cannot satisfy the real-time classification requirement because of hardware and training costs. In this paper, we propose a lightweight traffic classification method for Transport Layer Security (TLS) protocol based on the Relative Distinguished Name (RDN) field information and k-nearest neighbor (KNN). A specific application is firstly identified by RDN field of TLS handshake messages. Secondly, KNN algorithm is used to classify flows of the same application into different service categories based on carefully selected spatial-temporal features. The effectiveness of the proposed method is well supported by detailed analysis. The experimental results demonstrate the good performance with high speed and precisions of 98.68%, 96.25%, 98.87%, 95.93% for VoIP, Chat, Streaming, File, respectively.KeywordsEncryption network traffic classificationk-nearest neighborLightweightMachine learning