Identification of Application in Encrypted Traffic by Using Machine Learning


Pektas A., ACARMAN T.

5th International Conference on Man-Machine Interactions (ICMMI), Krakow, Polonya, 3 - 06 Ekim 2017, cilt.659, ss.545-554 identifier identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Cilt numarası: 659
  • Doi Numarası: 10.1007/978-3-319-67792-7_53
  • Basıldığı Şehir: Krakow
  • Basıldığı Ülke: Polonya
  • Sayfa Sayıları: ss.545-554
  • Anahtar Kelimeler: Encrypted traffic identification, Network flow, Security, Machine learning
  • Galatasaray Üniversitesi Adresli: Evet

Özet

Identification of Internet protocol from raw network traffic plays a crucial role at maintaining and improving the security of back end and front-end computer systems. A significant amount of research work is carried out while exploiting a variety of identification techniques. Although certain level in success at detection of network protocols for unencrypted traffic has been achieved, accuracy and performance is rather poor for encrypted traffic. But considering technological trends, new and existing applications have been adopted to use encryption mechanism to protect information and privacy. Therefore, classification of encrypted network traffic is mandatory for security purposes. In this study, we propose a method for automatic extraction of features from raw network capture and accurate identification of network applications by applying machine learning algorithms. The proposed method is evaluated with two independent datasets. The first dataset is publicly available (known as NISM dataset) and the second dataset is generated with a particular emphasis on accurate labeling of network traffic, it contains 713851 and 448 network flows, respectively. The proposed method classifies network flows provided by the first dataset into their corresponding application categories with the accuracy over 0.997 and Fl-score of 0.99, the second dataset with an accuracy over 0.96 and Fl score of 0.95.