Are Neural Networks the Best Way for Encrypted Traffic Classification?

Abstract

Are Neural Networks the best way for encrypted traffic classification? — Currently, the answer is “no”. In the future, maybe, however, much more research is needed to achieve the goal. Many recent papers study how to apply neural networks for traffic classification. Although the accuracy of the best machine learning algorithms is well below 100%, they work surprisingly well, even for encrypted traffic. This paper looks deep inside the encrypted traffic of widely used applications and points out the essential peculiarities of the security protocols. The paper reveals that the abilities of the neural networks to classify encrypted traffic are solidly limited by the amount of exposed unencrypted data. Without it, the algorithms classify traffic randomly. The paper identifies the plain-text data in the encrypted traffic that hints to the neural network algorithms. Based on the findings, the paper describes a spot-on, lightweight, and learning-free method that can easily classify the traffic encrypted with current security protocols. Finally, the paper predicts that the next versions of security protocols may conceal more data and complicate traffic classification. So, the paper analyzes the recently proposed amendments to the encryption protocols and their influence on the performance of the existing traffic classification algorithms.