Characterization of Encrypted and VPN Traffic using Time-related Features
Gerard Draper-Gil,Arash Habibi Lashkari,Mohammad Saiful Islam Mamun,Ali A. Ghorbani +3 more
- Vol. 2, pp 407-414
TLDR
This paper studies the effectiveness of flow-based time-related features to detect VPN traffic and to characterize encrypted traffic into different categories, according to the type of traffic e.g., browsing, streaming, etc.Abstract:
Traffic characterization is one of the major challenges in today’s security industry. The continuous evolution
and generation of new applications and services, together with the expansion of encrypted communications
makes it a difficult task. Virtual Private Networks (VPNs) are an example of encrypted communication service
that is becoming popular, as method for bypassing censorship as well as accessing services that are geographically
locked. In this paper, we study the effectiveness of flow-based time-related features to detect VPN traffic
and to characterize encrypted traffic into different categories, according to the type of traffic e.g., browsing,
streaming, etc. We use two different well-known machine learning techniques (C4.5 and KNN) to test the accuracy
of our features. Our results show high accuracy and performance, confirming that time-related features
are good classifiers for encrypted traffic characterization.read more
Citations
More filters
Journal ArticleDOI
Deep Learning for Intelligent Wireless Networks: A Comprehensive Survey
TL;DR: A comprehensive survey of the applications of DL algorithms for different network layers, including physical layer modulation/coding, data link layer access control/resource allocation, and routing layer path search, and traffic balancing is performed.
Proceedings ArticleDOI
End-to-end encrypted traffic classification with one-dimensional convolution neural networks
TL;DR: Among all of the four experiments, with the best traffic representation and the fine-tuned model, 11 of 12 evaluation metrics of the experiment results outperform the state-of-the-art method, which indicates the effectiveness of the proposed method.
Journal ArticleDOI
Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study
TL;DR: A survey of deep learning approaches for cyber security intrusion detection, the datasets used, and a comparative study to evaluate the efficiency of several methods are presented.
Proceedings ArticleDOI
Characterization of Tor Traffic using Time based Features.
TL;DR: A time analysis on Tor traffic flows is presented, captured between the client and the entry node, to detect the application type: Browsing, Chat, Streaming, Mail, Voip, P2P or File Transfer.
Journal ArticleDOI
Deep packet: a novel approach for encrypted traffic classification using deep learning
Mohammad Lotfollahi,Mahdi Jafari Siavoshani,Ramin Shirali Hossein Zade,Mohammdsadegh Saberian +3 more
TL;DR: Deep Packet can identify encrypted traffic and also distinguishes between VPN and non-VPN network traffic, and outperforms all of the proposed classification methods on UNB ISCX VPN-nonVPN dataset.
References
More filters
Journal ArticleDOI
The WEKA data mining software: an update
TL;DR: This paper provides an introduction to the WEKA workbench, reviews the history of the project, and, in light of the recent 3.6 stable release, briefly discusses what has been added since the last stable version (Weka 3.4) released in 2003.
Journal ArticleDOI
Wide area traffic: the failure of Poisson modeling
Vern Paxson,Sally Floyd +1 more
TL;DR: It is found that user-initiated TCP session arrivals, such as remote-login and file-transfer, are well-modeled as Poisson processes with fixed hourly rates, but that other connection arrivals deviate considerably from Poisson.
Proceedings ArticleDOI
Internet traffic classification using bayesian analysis techniques
Andrew W. Moore,Denis Zuev +1 more
TL;DR: This work applies a Naïve Bayes estimator to categorize traffic by application using samples of well-known traffic to allow the categorization of traffic using commonly available information alone, and demonstrates the high level of accuracy achievable with this estimator.
Proceedings ArticleDOI
BLINC: multilevel traffic classification in the dark
TL;DR: This work presents a fundamentally different approach to classifying traffic flows according to the applications that generate them, based on observing and identifying patterns of host behavior at the transport layer and demonstrates the effectiveness of this approach on three real traces.
Journal ArticleDOI
A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification
TL;DR: The performance impact of feature set reduction, using Consistency-based and Correlation-based feature selection, is demonstrated on Na naïve Bayes, C4.5, Bayesian Network and Naïve Bayes Tree algorithms.