Abstract

Encrypted Network Traffic Classification (ENTC) is a crucial task in network management. The existing ENTC schemes usually imply two hypotheses. First, adopting a centralized processing mode. Second, the number of network traffic categories is fixed. However, it is usually unreasonable to collect all network traffic to the centralized node for processing which may cause network congestion. In addition, new traffic types emerge in endlessly, and the existing models cannot classify them. This paper studies the ENTC problem in distributed scenarios, where multiple monitoring nodes coexist, and both the existing types and new types of encrypted traffic exist at the same time. These nodes cooperate to train models, which can alleviate the challenges of limited numbers and types faced by each single node. In order to solve the proposed ENTC problem, firstly, we propose a feature extraction method in the distributed scenario. Then a detection method for new type traffic and a classification method for existing type traffic are proposed. Finally, a globally consistent automatic category labeling method and classification model updating method for new types encrypted traffic are proposed. We also take Security Information and Event Management (SIEM) as an example to discuss the managerial implications.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.