Length matters: Scalable fast encrypted internet traffic service classification based on multiple protocol data unit length sequence with composite deep learning

Abstract

As an essential function of encrypted Internet traffic analysis, encrypted traffic service classification can support both coarse-grained network service traffic management and security supervision. However, the traditional plaintext-based Deep Packet Inspection (DPI) method cannot be applied to such a classification. Moreover, machine learning-based existing methods encounter two problems during feature selection: complex feature overcost processing and Transport Layer Security (TLS) version discrepancy. In this paper, we consider differences between encryption network protocol stacks and propose a composite deep learning-based method in multiprotocol environments using a sliding multiple Protocol Data Unit (multiPDU) length sequence as features by fully utilizing the Markov property in a multiPDU length sequence and maintaining suitability with a TLS-1.3 environment. Control experiments show that both Length-Sensitive (LS) composite deep learning model using a capsule neural network and LS-long short time memory achieve satisfactory effectiveness in F1-score and performance. Owing to faster feature extraction, our method is suitable for actual network environments and superior to state-of-the-art methods.