Abstract
In recent years, privacy awareness is concerned due to many Internet services have chosen to use encrypted agreements. In order to improve the quality of service (QoS), the network encrypted traffic behaviors are classified based on machine learning discussed in this paper. However, the traditional traffic classification methods, such as IP/ASN (Autonomous System Number) analysis, Port-based and deep packet inspection, etc., can classify traffic behavior, but cannot effectively handle encrypted traffic. Thus, this paper proposed a hybrid traffic classification (HTC) method based on machine learning and combined with IP/ASN analysis with deep packet inspection. Moreover, the majority voting method was also used to quickly classify different QoS traffic accurately. Experimental results show that the proposed HTC method can effectively classify different encrypted traffic. The classification accuracy can be further improved by 10% with majority voting as K = 13. Especially when the networking data are using the same protocol, the proposed HTC can effectively classify the traffic data with different behaviors with the differentiated services code point (DSCP) mark.
Highlights
With the vigorous development of communication technology and the Internet, All-IP networks have become mainstream [1], and many services built on IP networks have been born as a result, such as OTT [2], VoIP [3], etc
After the training is completed, the accuracy and classification results of the P-multi-layer perceptron (MLP) are verified by using 20% test data not involved in the training
It can be observed that the average F1-Score score can reach 0.82, indicating that it can accurately predict more than 80% of the traffic to the correct classification
Summary
With the vigorous development of communication technology and the Internet, All-IP networks have become mainstream [1], and many services built on IP networks have been born as a result, such as OTT [2], VoIP [3], etc. The QoS at the edge of the network necessary that is able to identify traffic has become a major challenge for Internet service providers (ISPs). There are three commonly used traffic classification methods based on packet header (Header) judgment, deep packet inspection (Deep Packet Inspection, DPI) [5], and machine learning (ML) methods [6]. The method based on Header judgment is divided into the IP and Autonomous System Number (ASN) detection method that uses the server’s IP to obtain registrant information, and the stateful firewall recognized the port and connection status. The advantage of using DPI is more accurate, but it takes more time to parse the packet content, so the comparison time is longer and the identification rules are more complicated [7]. The training data is pre-processed before training and the training process needs more computing resources
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
