Real-Time Encrypted Traffic Classification with Deep Learning
Confidentiality requirements of individuals and companies led to the dominance of encrypted payloads in the overall Internet traffic. Hence, traffic classification on a network became increasingly difficult as it must rely on only the packet headers. Many vital tasks such as differential pricing, pr...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Sakarya University
2022-04-01
|
| Series: | Sakarya Üniversitesi Fen Bilimleri Enstitüsü Dergisi |
| Subjects: | |
| Online Access: | https://dergipark.org.tr/tr/download/article-file/2092192 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850133738408640512 |
|---|---|
| author | Onur Demir Deniz Tuana Ergönül |
| author_facet | Onur Demir Deniz Tuana Ergönül |
| author_sort | Onur Demir |
| collection | DOAJ |
| description | Confidentiality requirements of individuals and companies led to the dominance of encrypted payloads in the overall Internet traffic. Hence, traffic classification on a network became increasingly difficult as it must rely on only the packet headers. Many vital tasks such as differential pricing, providing a safe Internet for children, and eliminating malicious connections require traffic classification, even if the payload contents are encrypted. Encrypted traffic is harder to classify as packet content becomes unreadable. In this work, we aim to provide an insight into traffic classification using encrypted packets in terms of both accuracy and packet processing time. LSTM (Long Short-Term Memory) architecture is a good candidate for this problem as it can handle sequences. Each flow can be modeled as a sequence and patterns of the sequences can provide valuable information. We compare the performance of LSTM with other methods in both real-time and offline experiments. Compared to a machine learning method both online and offline LSTM excelled with precision and recall differences up to 50%. Average accuracy with LSTM was measured as 97.77% offline and 91.7% in real-time. Average packet processing time in real-time was recorded as 0.593 msec which is 5 times faster than a recent work that uses LSTM method. |
| format | Article |
| id | doaj-art-51fc734a291342b8b91c10a66982aab6 |
| institution | OA Journals |
| issn | 2147-835X |
| language | English |
| publishDate | 2022-04-01 |
| publisher | Sakarya University |
| record_format | Article |
| series | Sakarya Üniversitesi Fen Bilimleri Enstitüsü Dergisi |
| spelling | doaj-art-51fc734a291342b8b91c10a66982aab62025-08-20T02:31:52ZengSakarya UniversitySakarya Üniversitesi Fen Bilimleri Enstitüsü Dergisi2147-835X2022-04-0126231333210.16984/saufenbilder.102650228Real-Time Encrypted Traffic Classification with Deep LearningOnur Demir0https://orcid.org/0000-0002-1088-6461Deniz Tuana Ergönül1https://orcid.org/0000-0003-2945-0833YEDİTEPE ÜNİVERSİTESİ, FEN BİLİMLERİ ENSTİTÜSÜYEDİTEPE ÜNİVERSİTESİ, FEN BİLİMLERİ ENSTİTÜSÜConfidentiality requirements of individuals and companies led to the dominance of encrypted payloads in the overall Internet traffic. Hence, traffic classification on a network became increasingly difficult as it must rely on only the packet headers. Many vital tasks such as differential pricing, providing a safe Internet for children, and eliminating malicious connections require traffic classification, even if the payload contents are encrypted. Encrypted traffic is harder to classify as packet content becomes unreadable. In this work, we aim to provide an insight into traffic classification using encrypted packets in terms of both accuracy and packet processing time. LSTM (Long Short-Term Memory) architecture is a good candidate for this problem as it can handle sequences. Each flow can be modeled as a sequence and patterns of the sequences can provide valuable information. We compare the performance of LSTM with other methods in both real-time and offline experiments. Compared to a machine learning method both online and offline LSTM excelled with precision and recall differences up to 50%. Average accuracy with LSTM was measured as 97.77% offline and 91.7% in real-time. Average packet processing time in real-time was recorded as 0.593 msec which is 5 times faster than a recent work that uses LSTM method.https://dergipark.org.tr/tr/download/article-file/2092192deep learningcomputer communication networksclassificationneural networks (computer) |
| spellingShingle | Onur Demir Deniz Tuana Ergönül Real-Time Encrypted Traffic Classification with Deep Learning Sakarya Üniversitesi Fen Bilimleri Enstitüsü Dergisi deep learning computer communication networks classification neural networks (computer) |
| title | Real-Time Encrypted Traffic Classification with Deep Learning |
| title_full | Real-Time Encrypted Traffic Classification with Deep Learning |
| title_fullStr | Real-Time Encrypted Traffic Classification with Deep Learning |
| title_full_unstemmed | Real-Time Encrypted Traffic Classification with Deep Learning |
| title_short | Real-Time Encrypted Traffic Classification with Deep Learning |
| title_sort | real time encrypted traffic classification with deep learning |
| topic | deep learning computer communication networks classification neural networks (computer) |
| url | https://dergipark.org.tr/tr/download/article-file/2092192 |
| work_keys_str_mv | AT onurdemir realtimeencryptedtrafficclassificationwithdeeplearning AT deniztuanaergonul realtimeencryptedtrafficclassificationwithdeeplearning |