Rethinking Encrypted Traffic Classification: A Multi-Attribute Associated Fingerprint Approach
Title | Rethinking Encrypted Traffic Classification: A Multi-Attribute Associated Fingerprint Approach |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Chen, Yige, Zang, Tianning, Zhang, Yongzheng, Zhou, Yuan, Wang, Yipeng |
Conference Name | 2019 IEEE 27th International Conference on Network Protocols (ICNP) |
ISBN Number | 978-1-7281-2700-2 |
Keywords | application data, application runtime, application-level traffic classification, attribute-lacking problem, certificate, classification guidance information, communication security, Correlation, cryptographic protocols, cryptography, domain name, encrypted protocol detection, Encrypted traffic classification, encrypted traffic classification methods, encrypted video stream classification, handshake certificates, Human Behavior, human factors, MAAF, Markov processes, Metrics, mobile network applications, mobile radio, multiattribute associated fingerprints, multiple-attribute-based encrypted traffic classification, network management, pattern classification, Protocols, pubcrawl, resilience, Resiliency, Scalability, secure socket layer, security of data, Servers, SSL Trust Models, SSL/TLS, telecommunication security, telecommunication traffic, Training, Transport Layer Security, video streaming |
Abstract | With the unprecedented prevalence of mobile network applications, cryptographic protocols, such as the Secure Socket Layer/Transport Layer Security (SSL/TLS), are widely used in mobile network applications for communication security. The proven methods for encrypted video stream classification or encrypted protocol detection are unsuitable for the SSL/TLS traffic. Consequently, application-level traffic classification based networking and security services are facing severe challenges in effectiveness. Existing encrypted traffic classification methods exhibit unsatisfying accuracy for applications with similar state characteristics. In this paper, we propose a multiple-attribute-based encrypted traffic classification system named Multi-Attribute Associated Fingerprints (MAAF). We develop MAAF based on the two key insights that the DNS traces generated during the application runtime contain classification guidance information and that the handshake certificates in the encrypted flows can provide classification clues. Apart from the exploitation of key insights, MAAF employs the context of the encrypted traffic to overcome the attribute-lacking problem during the classification. Our experimental results demonstrate that MAAF achieves 98.69% accuracy on the real-world traceset that consists of 16 applications, supports the early prediction, and is robust to the scale of the training traceset. Besides, MAAF is superior to the state-of-the-art methods in terms of both accuracy and robustness. |
URL | https://ieeexplore.ieee.org/document/8888043 |
DOI | 10.1109/ICNP.2019.8888043 |
Citation Key | chen_rethinking_2019 |
- secure socket layer
- mobile radio
- multiattribute associated fingerprints
- multiple-attribute-based encrypted traffic classification
- network management
- pattern classification
- Protocols
- pubcrawl
- resilience
- Resiliency
- Scalability
- mobile network applications
- security of data
- Servers
- SSL Trust Models
- SSL/TLS
- telecommunication security
- telecommunication traffic
- Training
- Transport Layer Security
- video streaming
- encrypted protocol detection
- application runtime
- application-level traffic classification
- attribute-lacking problem
- certificate
- classification guidance information
- communication security
- Correlation
- Cryptographic Protocols
- Cryptography
- domain name
- application data
- Encrypted traffic classification
- encrypted traffic classification methods
- encrypted video stream classification
- handshake certificates
- Human behavior
- Human Factors
- MAAF
- Markov processes
- Metrics