Certificate-aware encrypted traffic classification using Second-Order Markov Chain

Meng Shen; Mingwei Wei; Liehuang Zhu; Mingzhong Wang; Fuliang Li

doi:10.1109/IWQoS.2016.7590451

Back

Certificate-aware encrypted traffic classification using Second-Order Markov Chain

Conference paper

Peer reviewed

Certificate-aware encrypted traffic classification using Second-Order Markov Chain

Meng Shen, Mingwei Wei, Liehuang Zhu, Mingzhong Wang and Fuliang Li

Proceedings of the 24th International Symposium on Quality of Service

International Symposium on Quality of Service (IWQoS), 24th (Beijing, China, 20-Jun-2016–21-Jun-2016)

IEEE (Institute of Electrical and Electronics Engineers)

2016

DOI: https://doi.org/10.1109/IWQoS.2016.7590451

Files and links (1)

url

https://doi.org/10.1109/IWQoS.2016.7590451View

Published Version

Abstract

Markov processes

protocols

servers

ciphers

ports

encryption

With the prosperity of network applications, traffic classification serves as a crucial role in network management and malicious attack detection. The widely used encryption transmission protocols, such as the Secure Socket Layer/Transport Layer Security (SSL/TLS) protocols, leads to the failure of traditional payload-based classification methods. Existing methods for encrypted traffic classification suffer from low accuracy. In this paper, we propose a certificate-aware encrypted traffic classification method based on the Second-Order Markov Chain. We start by exploring reasons why existing methods not perform well, and make a novel observation that certificate packet length in SSL/TLS sessions contributes to application discrimination. To increase the diversity of application fingerprints, we develop a new model by incorporating the certificate packet length clustering into the Second-Order homogeneous Markov chains. Extensive evaluation results show that the proposed method lead to a 30% improvement on average compared with the state-of-the-art method, in terms of classification accuracy.

Details

Title: Certificate-aware encrypted traffic classification using Second-Order Markov Chain
Authors: Meng Shen (Author) - Beijing Institute of Technology, China
Mingwei Wei (Author) - Beijing Institute of Technology, China
Liehuang Zhu (Author) - Beijing Institute of Technology, China
Mingzhong Wang (Author) - University of the Sunshine Coast - Faculty of Arts, Business and Law
Fuliang Li (Author) - Northeastern University, China
Publication details: Proceedings of the 24th International Symposium on Quality of Service; 10
Conference details: International Symposium on Quality of Service (IWQoS), 24th (Beijing, China, 20-Jun-2016–21-Jun-2016)
Publisher: IEEE (Institute of Electrical and Electronics Engineers)
Date published: 2016
DOI: 10.1109/IWQoS.2016.7590451
ISBN: 9781509026357
Organisation Unit: University of the Sunshine Coast, Queensland; USC Business School - Legacy; School of Science, Technology and Engineering
Language: English
Record Identifier: 99451166302621
Output Type: Conference paper

Metrics

16 File views/ downloads

521 Record Views