Abstract
Confidentiality requirements of individuals and companies led to the dominance of encrypted payloads in the overall Internet traffic. Hence, traffic classification on a network became increasingly difficult as it must rely on only the packet headers. Many vital tasks such as differential pricing, providing a safe Internet for children, and eliminating malicious connections require traffic classification, even if the payload contents are encrypted. Encrypted traffic is harder to classify as packet content becomes unreadable. In this work, we aim to provide an insight into traffic classification using encrypted packets in terms of both accuracy and packet processing time. LSTM (Long Short-Term Memory) architecture is a good candidate for this problem as it can handle sequences. Each flow can be modeled as a sequence and patterns of the sequences can provide valuable information. We compare the performance of LSTM with other methods in both real-time and offline experiments. Compared to a machine learning method both online and offline LSTM excelled with precision and recall differences up to 50%. Average accuracy with LSTM was measured as 97.77% offline and 91.7% in real-time. Average packet processing time in real-time was recorded as 0.593 msec which is 5 times faster than a recent work that uses LSTM method.
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call