Classification of Encrypted Traffic with Second-Order Markov Chains and Application Attribute Bigrams

Meng Shen; Mingwei Wei; Liehuang Zhu; Mingzhong Wang

doi:10.1109/TIFS.2017.2692682

Back

Classification of Encrypted Traffic with Second-Order Markov Chains and Application Attribute Bigrams

Journal article

Peer reviewed

Classification of Encrypted Traffic with Second-Order Markov Chains and Application Attribute Bigrams

Meng Shen, Mingwei Wei, Liehuang Zhu and Mingzhong Wang

IEEE Transactions on Information Forensics and Security, Vol.12(8), pp.1830-1843

2017

DOI: https://doi.org/10.1109/TIFS.2017.2692682

Files and links (1)

url

https://doi.org/10.1109/TIFS.2017.2692682View

Published Version

Abstract

encrypted traffic classification

second-order markov chain

SSL/TLS

certificate

application data

With a profusion of network applications, traffic classification plays a crucial role in network management and policy-based security control. The widely used encryption transmission protocols, such as the Secure Socket Layer/Transport Layer Security (SSL/TLS) protocols, lead to the failure of traditional payload-based classification methods. Existing methods for encrypted traffic classification cannot achieve high discrimination accuracy for applications with similar fingerprints. In this paper, we propose an attribute-aware encrypted traffic classification method based on the second-order Markov Chains. We start by exploring approaches that can further improve the performance of existing methods in terms of discrimination accuracy, and make promising observations that the application attribute bigram, which consists of the certificate packet length and the first application data size in SSL/TLS sessions, contributes to application discrimination. To increase the diversity of application fingerprints, we develop a new method by incorporating the attribute bigrams into the secondorder homogeneous Markov chains. Extensive evaluation results show that the proposed method can improve the classification accuracy by 29% on the average compared with the state-of-theart Markov-based method.

Details

Title: Classification of Encrypted Traffic with Second-Order Markov Chains and Application Attribute Bigrams
Authors: Meng Shen (Author) - Beijing Institute of Technology, China
Mingwei Wei (Author) - Beijing Institute of Technology, China
Liehuang Zhu (Author) - Beijing Institute of Technology, China
Mingzhong Wang (Author) - University of the Sunshine Coast - Faculty of Science, Health, Education and Engineering
Publication details: IEEE Transactions on Information Forensics and Security, Vol.12(8), pp.1830-1843
Publisher: Institute of Electrical and Electronics Engineers
Date published: 2017
DOI: 10.1109/TIFS.2017.2692682
ISSN: 1556-6013
Organisation Unit: University of the Sunshine Coast, Queensland; USC Business School - Legacy; School of Science, Technology and Engineering
Language: English
Record Identifier: 99451289002621
Output Type: Journal article

Metrics

10 File views/ downloads

1188 Record Views

157 Times Cited - Web of Science

InCites Highlights

These are selected metrics from InCites Benchmarking & Analytics tool, related to this output

Collaboration types: Domestic collaboration; International collaboration
Web Of Science research areas: Computer Science, Theory & Methods; Engineering, Electrical & Electronic