Relevant bibliographies by topics / Encrypted domain traffic classification / Journal articles

Journal articles on the topic 'Encrypted domain traffic classification'

To see the other types of publications on this topic, follow the link: Encrypted domain traffic classification.
Author: Grafiati
Published: 10 December 2022
Last updated: 28 January 2023

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'Encrypted domain traffic classification.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Akbari, Iman, Mohammad A. Salahuddin, Leni Ven, Noura Limam, Raouf Boutaba, Bertrand Mathieu, Stephanie Moteau, and Stephane Tuffin. "Traffic classification in an increasingly encrypted web." Communications of the ACM 65, no. 10 (October 2022): 75–83. http://dx.doi.org/10.1145/3559439.

Full text
Abstract:
Traffic classification is essential in network management for a wide range of operations. Recently, it has become increasingly challenging with the widespread adoption of encryption in the Internet, for example, as a de facto in HTTP/2 and QUIC protocols. In the current state of encrypted traffic classification using deep learning (DL), we identify fundamental issues in the way it is typically approached. For instance, although complex DL models with millions of parameters are being used, these models implement a relatively simple logic based on certain header fields of the TLS handshake, limiting model robustness to future versions of encrypted protocols. Furthermore, encrypted traffic is often treated as any other raw input for DL, while crucial domain-specific considerations are commonly ignored. In this paper, we design a novel feature engineering approach used for encrypted Web protocols, and develop a neural network architecture based on stacked long short-term memory layers and convolutional neural networks. We evaluate our approach on a real-world Web traffic dataset from a major Internet service provider and mobile network operator. We achieve an accuracy of 95% in service classification with less raw traffic and a smaller number of parameters, outperforming a state-of-the-art method by nearly 50% fewer false classifications. We show that our DL model generalizes for different classification objectives and encrypted Web protocols. We also evaluate our approach on a public QUIC dataset with finer application-level granularity in labeling, achieving an overall accuracy of 99%.
APA, Harvard, Vancouver, ISO, and other styles
2

Akbari, Iman, Mohammad A. Salahuddin, Leni Ven, Noura Limam, Raouf Boutaba, Bertrand Mathieu, Stephanie Moteau, and Stephane Tuffin. "A Look Behind the Curtain: Traffic Classification in an Increasingly Encrypted Web." ACM SIGMETRICS Performance Evaluation Review 49, no. 1 (June 22, 2022): 23–24. http://dx.doi.org/10.1145/3543516.3453921.

Full text
Abstract:
Traffic classification is essential in network management for operations ranging from capacity planning, performance monitoring, volumetry, and resource provisioning, to anomaly detection and security. Recently, it has become increasingly challenging with the widespread adoption of encryption in the Internet, e.g., as a de-facto in HTTP/2 and QUIC protocols. In the current state of encrypted traffic classification using Deep Learning (DL), we identify fundamental issues in the way it is typically approached. For instance, although complex DL models with millions of parameters are being used, these models implement a relatively simple logic based on certain header fields of the TLS handshake, limiting model robustness to future versions of encrypted protocols. Furthermore, encrypted traffic is often treated as any other raw input for DL, while crucial domain-specific considerations are commonly ignored. In this paper, we design a novel feature engineering approach that generalizes well for encrypted web protocols, and develop a neural network architecture based on Stacked Long Short-Term Memory (LSTM) layers and Convolutional Neural Networks (CNN). We evaluate our approach on a real-world web traffic dataset from a major Internet service provider and Mobile Network Operator. We achieve an accuracy of 95% in service classification with less raw traffic and smaller number of parameters, out-performing a state-of-the-art method by nearly 50% fewer false classifications. We show that our DL model generalizes for different classification objectives and encrypted web protocols. We also evaluate our approach on a public QUIC dataset with finer application-level granularity in labeling, achieving an overall accuracy of 99%.
APA, Harvard, Vancouver, ISO, and other styles
3

Akbari, Iman, Mohammad A. Salahuddin, Leni Ven, Noura Limam, Raouf Boutaba, Bertrand Mathieu, Stephanie Moteau, and Stephane Tuffin. "A Look Behind the Curtain: Traffic Classification in an Increasingly Encrypted Web." Proceedings of the ACM on Measurement and Analysis of Computing Systems 5, no. 1 (February 18, 2021): 1–26. http://dx.doi.org/10.1145/3447382.

Full text
Abstract:
Traffic classification is essential in network management for operations ranging from capacity planning, performance monitoring, volumetry, and resource provisioning, to anomaly detection and security. Recently, it has become increasingly challenging with the widespread adoption of encryption in the Internet, e.g., as a de-facto in HTTP/2 and QUIC protocols. In the current state of encrypted traffic classification using Deep Learning (DL), we identify fundamental issues in the way it is typically approached. For instance, although complex DL models with millions of parameters are being used, these models implement a relatively simple logic based on certain header fields of the TLS handshake, limiting model robustness to future versions of encrypted protocols. Furthermore, encrypted traffic is often treated as any other raw input for DL, while crucial domain-specific considerations exist that are commonly ignored. In this paper, we design a novel feature engineering approach that generalizes well for encrypted web protocols, and develop a neural network architecture based on Stacked Long Short-Term Memory (LSTM) layers and Convolutional Neural Networks (CNN) that works very well with our feature design. We evaluate our approach on a real-world traffic dataset from a major ISP and Mobile Network Operator. We achieve an accuracy of 95% in service classification with less raw traffic and smaller number of parameters, out-performing a state-of-the-art method by nearly 50% fewer false classifications. We show that our DL model generalizes for different classification objectives and encrypted web protocols. We also evaluate our approach on a public QUIC dataset with finer and application-level granularity in labeling, achieving an overall accuracy of 99%.
APA, Harvard, Vancouver, ISO, and other styles
4

Iliyasu, Auwal Sani, Ibrahim Abba, Badariyya Sani Iliyasu, and Abubakar Sadiq Muhammad. "A Review of Deep Learning Techniques for Encrypted Traffic Classification." Computational Intelligence and Machine Learning 3, no. 2 (October 14, 2022): 15–21. http://dx.doi.org/10.36647/ciml/03.02.a003.

Full text
Abstract:
Network traffic classification is significant for task such as Quality of Services (QoS) provisioning, resource usage planning, pricing as well as in the context of security such as in Intrusion detection systems. The field has received considerable attention in the industry as well as research communities where approaches such as Port based, Deep packet Inspection (DPI), and Classical machine learning techniques were thoroughly studied. However, the emergence of new applications and encryption protocols as a result of continuous transformation of Internet has led to the rise of new challenges. Recently, researchers have employed deep learning techniques in the domain of network traffic classification in order to leverage the inherent advantages offered by deep learning models such as the ability to capture complex pattern as well as automatic feature learning. This paper reviews deep learning based encrypted traffic classification techniques, as well as highlights the current research gap in the literature. Index Terms : Traffic classification, Encrypted traffic, Deep learning, Machine learning.
APA, Harvard, Vancouver, ISO, and other styles
5

Bakhshi, Taimur, and Bogdan Ghita. "Anomaly Detection in Encrypted Internet Traffic Using Hybrid Deep Learning." Security and Communication Networks 2021 (September 21, 2021): 1–16. http://dx.doi.org/10.1155/2021/5363750.

Full text
Abstract:
An increasing number of Internet application services are relying on encrypted traffic to offer adequate consumer privacy. Anomaly detection in encrypted traffic to circumvent and mitigate cyber security threats is, however, an open and ongoing research challenge due to the limitation of existing traffic classification techniques. Deep learning is emerging as a promising paradigm, allowing reduction in manual determination of feature set to increase classification accuracy. The present work develops a deep learning-based model for detection of anomalies in encrypted network traffic. Three different publicly available datasets including the NSL-KDD, UNSW-NB15, and CIC-IDS-2017 are used to comprehensively analyze encrypted attacks targeting popular protocols. Instead of relying on a single deep learning model, multiple schemes using convolutional (CNN), long short-term memory (LSTM), and recurrent neural networks (RNNs) are investigated. Our results report a hybrid combination of convolutional (CNN) and gated recurrent unit (GRU) models as outperforming others. The hybrid approach benefits from the low-latency feature derivation of the CNN, and an overall improved training dataset fitting. Additionally, the highly effective generalization offered by GRU results in optimal time-domain-related feature extraction, resulting in the CNN and GRU hybrid scheme presenting the best model.
APA, Harvard, Vancouver, ISO, and other styles
6

Deng, Guoqiang, Min Tang, Yuhao Zhang, Ying Huang, and Xuefeng Duan. "Privacy-Preserving Outsourced Artificial Neural Network Training for Secure Image Classification." Applied Sciences 12, no. 24 (December 14, 2022): 12873. http://dx.doi.org/10.3390/app122412873.

Full text
Abstract:
Artificial neural network (ANN) is powerful in the artificial intelligence field and has been successfully applied to interpret complex image data in the real world. Since the majority of images are commonly known as private with the information intended to be used by the owner, such as handwritten characters and face, the private constraints form a major obstacle in developing high-precision image classifiers which require access to a large amount of image data belonging to multiple users. State-of-the-art privacy-preserving ANN schemes often use full homomorphic encryption which result in a substantial overhead of computation and data traffic for the data owners, and are restricted to approximation models by low-degree polynomials which lead to a large accuracy loss of the trained model compared to the original ANN model in the plain domain. Consequently, it is still a huge challenge to train an ANN model in the encrypted-domain. To mitigate this problem, we propose a privacy-preserving ANN system for secure constructing image classifiers, named IPPNN, where the server is able to train an ANN-based classifier on the combined image data of all data owners without being able to observe any images using primitives, such as randomization and functional encryption. Our system achieves faster training time and supports lossless training. Moreover, IPPNN removes the need for multiple communications among data owners and servers. We analyze the security of the protocol and perform experiments on a large scale image recognition task. The results show that the IPPNN is feasible to use in practice while achieving high accuracy.
APA, Harvard, Vancouver, ISO, and other styles
7

Meng, Yitong, and Jinlong Fei. "Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature." Security and Communication Networks 2020 (November 30, 2020): 1–21. http://dx.doi.org/10.1155/2020/8850472.

Full text
Abstract:
It has been shown that website fingerprinting attacks are capable of destroying the anonymity of the communicator at the traffic level. This enables local attackers to infer the website contents of the encrypted traffic by using packet statistics. Previous researches on hidden service attacks tend to focus on active attacks; therefore, the reliability of attack conditions and validity of test results cannot be fully verified. Hence, it is necessary to reexamine hidden service attacks from the perspective of fingerprinting attacks. In this paper, we propose a novel Website Response Fingerprinting (WRFP) Attack based on response time feature and extremely randomized tree algorithm to analyze the hidden information of the response fingerprint. The objective is to monitor hidden service website pages, service types, and mounted servers. WRFP relies on the hidden service response fingerprinting dataset. In addition to simulated website mirroring, two different mounting modes are taken into account, the same-source server and multisource server. A total of 300,000 page instances within 30,000 domain sites are collected, and we comprehensively evaluate the classification performance of the proposed WRFP. Our results show that the TPR of webpages and server classification remain greater than 93% in the small-scale closed-world performance test, and it is capable of tolerating up to 10% fluctuations in response time. WRFP also provides a higher accuracy and computational efficiency than traditional website fingerprinting classifiers in the challenging open-world performance test. This also indicates the importance of response time feature. Our results also suggest that monitoring website types improves the judgment effect of the classifier on subpages.
APA, Harvard, Vancouver, ISO, and other styles
8

Hu, Xinyi, Chunxiang Gu, Yihang Chen, and Fushan Wei. "CBD: A Deep-Learning-Based Scheme for Encrypted Traffic Classification with a General Pre-Training Method." Sensors 21, no. 24 (December 9, 2021): 8231. http://dx.doi.org/10.3390/s21248231.

Full text
Abstract:
With the rapid increase in encrypted traffic in the network environment and the increasing proportion of encrypted traffic, the study of encrypted traffic classification has become increasingly important as a part of traffic analysis. At present, in a closed environment, the classification of encrypted traffic has been fully studied, but these classification models are often only for labeled data and difficult to apply in real environments. To solve these problems, we propose a transferable model called CBD with generalization abilities for encrypted traffic classification in real environments. The overall structure of CBD can be generally described as a of one-dimension CNN and the encoder of Transformer. The model can be pre-trained with unlabeled data to understand the basic characteristics of encrypted traffic data, and be transferred to other datasets to complete the classification of encrypted traffic from the packet level and the flow level. The performance of the proposed model was evaluated on a public dataset. The results showed that the performance of the CBD model was better than the baseline methods, and the pre-training method can improve the classification ability of the model.
APA, Harvard, Vancouver, ISO, and other styles
9

Boldyrikhin, N. V., D. A. Korochentsev, and F. A. Altunin. "CLASSIFICATION FEATURES OF ENCRYPTED NETWORK TRAFFIC." IZVESTIYA SFedU. ENGINEERING SCIENCES, no. 3 (October 19, 2020): 89–98. http://dx.doi.org/10.18522/2311-3103-2020-3-89-98.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Lu, Bei, Nurbol Luktarhan, Chao Ding, and Wenhui Zhang. "ICLSTM: Encrypted Traffic Service Identification Based on Inception-LSTM Neural Network." Symmetry 13, no. 6 (June 17, 2021): 1080. http://dx.doi.org/10.3390/sym13061080.

Full text
Abstract:
The wide application of encryption technology has made traffic classification gradually become a major challenge in the field of network security. Traditional methods such as machine learning, which rely heavily on feature engineering and others, can no longer fully meet the needs of encrypted traffic classification. Therefore, we propose an Inception-LSTM(ICLSTM) traffic classification method in this paper to achieve encrypted traffic service identification. This method converts traffic data into common gray images, and then uses the constructed ICLSTM neural network to extract key features and perform effective traffic classification. To alleviate the problem of category imbalance, different weight parameters are set for each category separately in the training phase to make it more symmetrical for different categories of encrypted traffic, and the identification effect is more balanced and reasonable. The method is validated on the public ISCX 2016 dataset, and the results of five classification experiments show that the accuracy of the method exceeds 98% for both regular encrypted traffic service identification and VPN encrypted traffic service identification. At the same time, this deep learning-based classification method also greatly simplifies the difficulty of traffic feature extraction work.
APA, Harvard, Vancouver, ISO, and other styles
11

Roy, Sangita, Tal Shapira, and Yuval Shavitt. "Fast and lean encrypted Internet traffic classification." Computer Communications 186 (March 2022): 166–73. http://dx.doi.org/10.1016/j.comcom.2022.02.003.

Full text
APA, Harvard, Vancouver, ISO, and other styles
12

Li, Yan, and Yifei Lu. "ETCC: Encrypted Two-Label Classification Using CNN." Security and Communication Networks 2021 (March 8, 2021): 1–11. http://dx.doi.org/10.1155/2021/6633250.

Full text
Abstract:
Due to the increasing variety of encryption protocols and services in the network, the characteristics of the application are very different under different protocols. However, there are very few existing studies on encrypted application classification considering the type of encryption protocols. In order to achieve the refined classification of encrypted applications, this paper proposes an Encrypted Two-Label Classification using CNN (ETCC) method, which can identify both the protocols and the applications. ETCC is a two-stage two-label classification method. The first stage classifies the protocol used for encrypted traffic. The second stage uses the corresponding classifier to classify applications according to the protocol used by the traffic. Experimental results show that the ETCC achieves 97.65% accuracy on a public dataset (CICDarknet2020).
APA, Harvard, Vancouver, ISO, and other styles
13

Huang, Yung-Fa, Chuan-Bi Lin, Chien-Min Chung, and Ching-Mu Chen. "Research on QoS Classification of Network Encrypted Traffic Behavior Based on Machine Learning." Electronics 10, no. 12 (June 8, 2021): 1376. http://dx.doi.org/10.3390/electronics10121376.

Full text
Abstract:
In recent years, privacy awareness is concerned due to many Internet services have chosen to use encrypted agreements. In order to improve the quality of service (QoS), the network encrypted traffic behaviors are classified based on machine learning discussed in this paper. However, the traditional traffic classification methods, such as IP/ASN (Autonomous System Number) analysis, Port-based and deep packet inspection, etc., can classify traffic behavior, but cannot effectively handle encrypted traffic. Thus, this paper proposed a hybrid traffic classification (HTC) method based on machine learning and combined with IP/ASN analysis with deep packet inspection. Moreover, the majority voting method was also used to quickly classify different QoS traffic accurately. Experimental results show that the proposed HTC method can effectively classify different encrypted traffic. The classification accuracy can be further improved by 10% with majority voting as K = 13. Especially when the networking data are using the same protocol, the proposed HTC can effectively classify the traffic data with different behaviors with the differentiated services code point (DSCP) mark.
APA, Harvard, Vancouver, ISO, and other styles
14

Yi, Junkai, Guanglin Gong, Zeyu Liu, and Yacong Zhang. "Classification of Markov Encrypted Traffic on Gaussian Mixture Model Constrained Clustering." Wireless Communications and Mobile Computing 2021 (October 7, 2021): 1–11. http://dx.doi.org/10.1155/2021/4935108.

Full text
Abstract:
In order to solve the problem that traditional analysis approaches of encrypted traffic in encryption transmission of network application only consider the traffic classification in the complete communication process with ignoring traffic classification in the simplified communication process, and there are a lot of duplication problems in application fingerprints during state transition, a new classification approach of encrypted traffic is proposed. The article applies the Gaussian mixture model (GMM) to analyze the length of the message, and the model is established to solve the problem of application fingerprint duplication. The fingerprints with similar lengths of the same application are divided into as few clusters as possible by constrained clustering approach, which speeds up convergence speed and improves the clustering effect. The experimental results show that compared with the other encryption traffic classification approaches, the proposed approach has 11.7%, 19.8%, 6.86%, and 5.36% improvement in TPR, FPR, Precision, and Recall, respectively, and the classification effect of encrypted traffic is significantly improved.
APA, Harvard, Vancouver, ISO, and other styles
15

Dong, Cong, Chen Zhang, Zhigang Lu, Baoxu Liu, and Bo Jiang. "CETAnalytics: Comprehensive effective traffic information analytics for encrypted traffic classification." Computer Networks 176 (July 2020): 107258. http://dx.doi.org/10.1016/j.comnet.2020.107258.

Full text
APA, Harvard, Vancouver, ISO, and other styles
16

de Toledo, Thais, and Nunzio Torrisi. "Encrypted DNP3 Traffic Classification Using Supervised Machine Learning Algorithms." Machine Learning and Knowledge Extraction 1, no. 1 (January 15, 2019): 384–99. http://dx.doi.org/10.3390/make1010022.

Full text
Abstract:
The Distributed Network Protocol (DNP3) is predominately used by the electric utility industry and, consequently, in smart grids. The Peekaboo attack was created to compromise DNP3 traffic, in which a man-in-the-middle on a communication link can capture and drop selected encrypted DNP3 messages by using support vector machine learning algorithms. The communication networks of smart grids are a important part of their infrastructure, so it is of critical importance to keep this communication secure and reliable. The main contribution of this paper is to compare the use of machine learning techniques to classify messages of the same protocol exchanged in encrypted tunnels. The study considers four simulated cases of encrypted DNP3 traffic scenarios and four different supervised machine learning algorithms: Decision tree, nearest-neighbor, support vector machine, and naive Bayes. The results obtained show that it is possible to extend a Peekaboo attack over multiple substations, using a decision tree learning algorithm, and to gather significant information from a system that communicates using encrypted DNP3 traffic.
APA, Harvard, Vancouver, ISO, and other styles
17

Shi, Zhaolei, Nurbol Luktarhan, Yangyang Song, and Gaoqi Tian. "BFCN: A Novel Classification Method of Encrypted Traffic Based on BERT and CNN." Electronics 12, no. 3 (January 19, 2023): 516. http://dx.doi.org/10.3390/electronics12030516.

Full text
Abstract:
With the speedy advancement of encryption technology and the exponential increase in applications, network traffic classification has become an increasingly important research topic. Existing methods for classifying encrypted traffic have certain limitations. For example, traditional approaches such as machine learning rely heavily on feature engineering, deep learning approaches are susceptible to the amount and distribution of labeled data, and pretrained models focus merely on the global traffic features while ignoring local features. To solve the above problem, we propose a BERT-based byte-level feature convolutional network (BFCN) model consisting of two novel modules. The first is a packet encoder module, in which we use the BERT pretrained encrypted traffic classification model to capture global traffic features through its attention mechanism; the second is a CNN module, which captures byte-level local features in the traffic through convolutional operations. The packet-level and byte-level features are concatenated as the traffic’s final representation, which can better represent encrypted traffic. Our approach achieves state-of-the-art performance on the publicly available ISCX-VPN dataset for the traffic service and application identification task, achieving F1 scores of 99.11% and 99.41%, respectively, on these two tasks. The experimental results demonstrate that our method further improves the performance of encrypted traffic classification.
APA, Harvard, Vancouver, ISO, and other styles
18

Pathmaperuma, Madushi H., Yogachandran Rahulamathavan, Safak Dogan, and Ahmet Kondoz. "CNN for User Activity Detection Using Encrypted In-App Mobile Data." Future Internet 14, no. 2 (February 21, 2022): 67. http://dx.doi.org/10.3390/fi14020067.

Full text
Abstract:
In this study, a simple yet effective framework is proposed to characterize fine-grained in-app user activities performed on mobile applications using a convolutional neural network (CNN). The proposed framework uses a time window-based approach to split the activity’s encrypted traffic flow into segments, so that in-app activities can be identified just by observing only a part of the activity-related encrypted traffic. In this study, matrices were constructed for each encrypted traffic flow segment. These matrices acted as input into the CNN model, allowing it to learn to differentiate previously trained (known) and previously untrained (unknown) in-app activities as well as the known in-app activity type. The proposed method extracts and selects salient features for encrypted traffic classification. This is the first-known approach proposing to filter unknown traffic with an average accuracy of 88%. Once the unknown traffic is filtered, the classification accuracy of our model would be 92%.
APA, Harvard, Vancouver, ISO, and other styles
19

Ma, Chencheng, Xuehui Du, and Lifeng Cao. "Improved KNN Algorithm for Fine-Grained Classification of Encrypted Network Flow." Electronics 9, no. 2 (February 13, 2020): 324. http://dx.doi.org/10.3390/electronics9020324.

Full text
Abstract:
The fine-grained classification of encrypted traffic is important for network security analysis. Malicious attacks are usually encrypted and simulated as normal application or content traffic. Supervised machine learning methods are widely used for traffic classification and show good performances. However, they need a large amount of labeled data to train a model, while labeled data is hard to obtain. Aiming at solving this problem, this paper proposes a method to train a model based on the K-nearest neighbor (KNN) algorithm, which only needs a small amount of data. Due to the fact that the importance of different traffic features varies, and traditional KNN does not highlight the importance of different features, this study introduces the concept of feature weight and proposes the weighted feature KNN (WKNN) algorithm. Furthermore, to obtain the optimal feature set and the corresponding feature weight set, a feature selection and feature weight self-adaptive algorithm for WKNN is proposed. In addition, a three-layer classification framework for encrypted network flows is established. Based on the improved KNN and the framework, this study finally presents a method for fine-grained classification of encrypted network flows, which can identify the encryption status, application type and content type of encrypted network flows with high accuracies of 99.3%, 92.4%, and 97.0%, respectively.
APA, Harvard, Vancouver, ISO, and other styles
20

Rezaei, Shahbaz, and Xin Liu. "Deep Learning for Encrypted Traffic Classification: An Overview." IEEE Communications Magazine 57, no. 5 (May 2019): 76–81. http://dx.doi.org/10.1109/mcom.2019.1800819.

Full text
APA, Harvard, Vancouver, ISO, and other styles
21

Mishra, Ankur. "Encrypted network traffic classification with convolutional auto-encoders." International Journal of Information Systems and Management 2, no. 2 (2020): 139. http://dx.doi.org/10.1504/ijisam.2020.10032697.

Full text
APA, Harvard, Vancouver, ISO, and other styles
22

Mishra, Ankur. "Encrypted network traffic classification with convolutional auto-encoders." International Journal of Information Systems and Management 2, no. 2 (2020): 139. http://dx.doi.org/10.1504/ijisam.2020.110551.

Full text
APA, Harvard, Vancouver, ISO, and other styles
23

Zhuang Qiao, Shunliang Zhang, Liuqun Zhai, and Xiaohui Zhang. "Encrypted 5G over-the-top voice traffic classification using deep learning." ITU Journal on Future and Evolving Technologies 3, no. 3 (December 9, 2022): 779–92. http://dx.doi.org/10.52953/eyif3681.

Full text
Abstract:
With the commercialization of fifth-generation (5G), the rapid popularity of mobile Over-The-Top (OTT) voice applications brings huge impacts on the traditional telecommunication voice call services. Tunnel encryption technology such as Virtual Private Networks (VPNs) allow OTT users to escape the supervision of network operators easily, which may cause potential security risks to cyberspace. To monitor harmful OTT applications in the context of 5G, it is critical to identify encrypted OTT voice traffic. However, there is no comprehensive study on typical OTT voice traffic identification. This paper mainly focuses on analyzing OTT voice traffic in the 5G network specifically. We propose employing Long Short-Term Memory (LSTM) and Convolutional Neural Networks (CNNs) to identify encrypted 5G OTT voice traffic, study the identification performance of used deep learning methods in three different scenarios. To verify the performance of the proposed approach, we collect 28 types of typical OTT and non-OTT voice traffic from the experimental 5G network. Experimental results prove the effectiveness and robustness of the proposed approach in encrypted 5G OTT voice traffic identification.
APA, Harvard, Vancouver, ISO, and other styles
24

Liu, Xinlei. "Identification of Encrypted Traffic Using Advanced Mathematical Modeling and Computational Intelligence." Mathematical Problems in Engineering 2022 (August 22, 2022): 1–10. http://dx.doi.org/10.1155/2022/1419804.

Full text
Abstract:
This paper proposed a hybrid approach for the identification of encrypted traffic based on advanced mathematical modeling and computational intelligence. Network traffic identification is the premise and foundation of improving network management, service quality, and application security. It is also the focus of network behavior analysis, network planning and construction, network anomaly detection, and network traffic model research. With the increase in user and service requirements, many applications use encryption algorithms to encrypt traffic during data transmission. As a result, traditional traffic classification methods classify encrypted traffic on the network, which brings great difficulties and challenges to network monitoring and data mining. In our article, a nonlinear modified DBN method is proposed and applied to encrypted traffic identification. Firstly, based on Deep Belief Networks (DBN), this paper introduces the proposed Eodified Elliott (ME)-DBN model, analyzes the function image, and presents the ME-DBN learning algorithm. Secondly, this article designs an encrypted traffic recognition model based on the ME-DBN model. Feature extraction is carried out by training the ME-DBN model, and finally, classification and recognition are carried out by the classifier. The experimental results on the ISCX VPN-non-VPN database show that the MEDBN method proposed in this article can enhance the classification and recognition rate and has better robustness to encrypt traffic recognition from different software.
APA, Harvard, Vancouver, ISO, and other styles
25

Ma, Zhuhong, Kunyang Li, Zongyu Li, and Liu Yao. "Encrypted Traffic Classification Based on a Convolutional Neural Network." Journal of Physics: Conference Series 2400, no. 1 (December 1, 2022): 012056. http://dx.doi.org/10.1088/1742-6596/2400/1/012056.

Full text
Abstract:
Abstract To resolve the issues of low accuracy, weak universality, and easy invasion of privacy in traditional encryption traffic classification methods, an encryption traffic classification method based on a convolutional neural network is offered. Firstly, according to the packet size and time message of the net traffic, the original traffic is transformed into a two-dimensional picture to avoid relying on the packet payload to violate privacy, and then the model is embedded. The Inception module performs feature fusion to improve the classification accuracy. Finally, the average pooling layer and the convolution layer are used to replace the fully connected layer, increasing the calculation speed and avoiding overfitting. Experimental results show that the algorithm achieves an accuracy of more than 95% for application traffic classification tasks.
APA, Harvard, Vancouver, ISO, and other styles
26

Ha, Joonseo, and Heejun Roh. "Experimental Evaluation of Malware Family Classification Methods from Sequential Information of TLS-Encrypted Traffic." Electronics 10, no. 24 (December 20, 2021): 3180. http://dx.doi.org/10.3390/electronics10243180.

Full text
Abstract:
In parallel with the rapid adoption of transport layer security (TLS), malware has utilized the encrypted communication channel provided by TLS to hinder detection from network traffic. To this end, recent research efforts are directed toward malware detection and malware family classification for TLS-encrypted traffic. However, amongst their feature sets, the proposals to utilize the sequential information of each TLS session has not been properly evaluated, especially in the context of malware family classification. In this context, we propose a systematic framework to evaluate the state-of-the-art malware family classification methods for TLS-encrypted traffic in a controlled environment and discuss the advantages and limitations of the methods comprehensively. In particular, our experimental results for the 10 representations and classifier combinations show that the graph-based representation for the sequential information achieves better performance regardless of the evaluated classification algorithms. With our framework and findings, researchers can design better machine learning based classifiers.
APA, Harvard, Vancouver, ISO, and other styles
27

Chengjie GU, Shunyi ZHANG, and Xiaozhen XUE. "Encrypted Internet Traffic Classification Method based on Host Behavior." International Journal of Digital Content Technology and its Applications 5, no. 3 (March 31, 2011): 167–74. http://dx.doi.org/10.4156/jdcta.vol5.issue3.16.

Full text
APA, Harvard, Vancouver, ISO, and other styles
28

Aceto, Giuseppe, Domenico Ciuonzo, Antonio Montieri, and Antonio Pescapé. "DISTILLER: Encrypted traffic classification via multimodal multitask deep learning." Journal of Network and Computer Applications 183-184 (June 2021): 102985. http://dx.doi.org/10.1016/j.jnca.2021.102985.

Full text
APA, Harvard, Vancouver, ISO, and other styles
29

Aceto, Giuseppe, Domenico Ciuonzo, Antonio Montieri, and Antonio Pescapé. "Toward effective mobile encrypted traffic classification through deep learning." Neurocomputing 409 (October 2020): 306–15. http://dx.doi.org/10.1016/j.neucom.2020.05.036.

Full text
APA, Harvard, Vancouver, ISO, and other styles
30

Aceto, Giuseppe, Domenico Ciuonzo, Antonio Montieri, and Antonio Pescapè. "MIMETIC: Mobile encrypted traffic classification using multimodal deep learning." Computer Networks 165 (December 2019): 106944. http://dx.doi.org/10.1016/j.comnet.2019.106944.

Full text
APA, Harvard, Vancouver, ISO, and other styles
31

Casino, Fran, Kim-Kwang Raymond Choo, and Constantinos Patsakis. "HEDGE: Efficient Traffic Classification of Encrypted and Compressed Packets." IEEE Transactions on Information Forensics and Security 14, no. 11 (November 2019): 2916–26. http://dx.doi.org/10.1109/tifs.2019.2911156.

Full text
APA, Harvard, Vancouver, ISO, and other styles
32

Li, Ying, Yi Huang, Suranga Seneviratne, Kanchana Thilakarathna, Adriel Cheng, Guillaume Jourjon, Darren Webb, David B. Smith, and Richard Yi Da Xu. "From traffic classes to content: A hierarchical approach for encrypted traffic classification." Computer Networks 212 (July 2022): 109017. http://dx.doi.org/10.1016/j.comnet.2022.109017.

Full text
APA, Harvard, Vancouver, ISO, and other styles
33

Ren, Guoqiang, Guang Cheng, and Nan Fu. "Accurate Encrypted Malicious Traffic Identification via Traffic Interaction Pattern Using Graph Convolutional Network." Applied Sciences 13, no. 3 (January 23, 2023): 1483. http://dx.doi.org/10.3390/app13031483.

Full text
Abstract:
Telecommuting and telelearning have gradually become mainstream lifestyles in the post-epidemic era. The extensive interconnection of massive terminals gives attackers more opportunities, which brings more significant challenges to network traffic security analysis. The existing attacks, often using encryption technology and distributed attack methods, increase the number and complexity of attacks. However, the traditional methods need more analysis of encrypted malicious traffic interaction patterns and cannot explore the potential correlations of interaction patterns in a macroscopic and comprehensive manner. Anyway, the changes in interaction patterns caused by attacks also need further study. Therefore, to achieve accurate and effective identification of attacks, it is essential to comprehensively describe the interaction patterns of malicious traffic and portray the relations of interaction patterns with the appearance of attacks. We propose a method for classifying attacks based on the traffic interaction attribute graph, named G-TIAG. At first, the G-TIAG studies interaction patterns of traffic describes the construction rule of the graphs and selects the attributive features of nodes in each graph. Then, it uses a convolutional graph network with a GRU and self-attention to classify benign data and different attacks. Our approach achieved the best classification results, with 89% accuracy and F1-Score, 88% recall, respectively, on publicly available datasets. The improvement is about 7% compared to traditional machine learning classification results and about 6% compared to deep learning classification results, which finally successfully achieved the classification of attacks.
APA, Harvard, Vancouver, ISO, and other styles
34

Pathmaperuma, Madushi H., Yogachandran Rahulamathavan, Safak Dogan, and Ahmet M. Kondoz. "Deep Learning for Encrypted Traffic Classification and Unknown Data Detection." Sensors 22, no. 19 (October 9, 2022): 7643. http://dx.doi.org/10.3390/s22197643.

Full text
Abstract:
Despite the widespread use of encryption techniques to provide confidentiality over Internet communications, mobile device users are still susceptible to privacy and security risks. In this paper, a novel Deep Neural Network (DNN) based on a user activity detection framework is proposed to identify fine-grained user activities performed on mobile applications (known as in-app activities) from a sniffed encrypted Internet traffic stream. One of the challenges is that there are countless applications, and it is practically impossible to collect and train a DNN model using all possible data from them. Therefore, in this work, we exploit the probability distribution of a DNN output layer to filter the data from applications that are not considered during the model training (i.e., unknown data). The proposed framework uses a time window-based approach to divide the traffic flow of activity into segments so that in-app activities can be identified just by observing only a fraction of the activity-related traffic. Our tests have shown that the DNN-based framework has demonstrated an accuracy of 90% or above in identifying previously trained in-app activities and an average accuracy of 79% in identifying previously untrained in-app activity traffic as unknown data when this framework is employed.
APA, Harvard, Vancouver, ISO, and other styles
35

Wang, Hong Zhi, and Li Hui Yan. "A New Network Traffic Classification Method Based on Optimized Hadamard Matrix and ECOC-SVM." Advanced Materials Research 989-994 (July 2014): 1895–900. http://dx.doi.org/10.4028/www.scientific.net/amr.989-994.1895.

Full text
Abstract:
The traditional network traffic classification methods have many shortcomings, the classification accuracy is not high, the encrypted traffic cannot be analyzed, and the computational burden is usually large. To overcome above problems, this paper presents a new network traffic classification method based on optimized Hadamard matrix and ECOC. Through restructuring the Hadamard matrix and erasing the interference rows and columns, the ECOC table is optimized while eliminating SVM sample imbalance, and the error correcting ability for classification is reserved. The experiments results show that the proposed method outperform in network traffic classification and improve the classification accuracy.
APA, Harvard, Vancouver, ISO, and other styles
36

Chen, Wenxiong, Feng Lyu, Fan Wu, Peng Yang, Guangtao Xue, and Minglu Li. "Sequential Message Characterization for Early Classification of Encrypted Internet Traffic." IEEE Transactions on Vehicular Technology 70, no. 4 (April 2021): 3746–60. http://dx.doi.org/10.1109/tvt.2021.3063738.

Full text
APA, Harvard, Vancouver, ISO, and other styles
37

Velan, Petr, Milan Čermák, Pavel Čeleda, and Martin Drašar. "A survey of methods for encrypted traffic classification and analysis." International Journal of Network Management 25, no. 5 (July 15, 2015): 355–74. http://dx.doi.org/10.1002/nem.1901.

Full text
APA, Harvard, Vancouver, ISO, and other styles
38

Zhang, Xueqin, Min Zhao, Jiyuan Wang, Shuang Li, Yue Zhou, and Shinan Zhu. "Deep-Forest-Based Encrypted Malicious Traffic Detection." Electronics 11, no. 7 (March 22, 2022): 977. http://dx.doi.org/10.3390/electronics11070977.

Full text
Abstract:
The SSL/TLS protocol is widely used in data encryption transmission. Aiming at the problem of detecting SSL/TLS-encrypted malicious traffic with small-scale and unbalanced training data, a deep-forest-based detection method called DF-IDS is proposed in this paper. According to the characteristics of SSL/TSL protocol, the network traffic was split into sessions according to the 5-tuple information. Each session was then transformed into a two-dimensional traffic image as the input of a deep-learning classifier. In order to avoid information loss and improve the detection efficiency, the multi-grained cascade forest (gcForest) framework was simplified with only cascade structure, which was named cascade forest (CaForest). By integrating random forest and extra trees in the CaForest framework, an end-to-end high-precision detector for small-scale and unbalanced SSL/TSL encrypted malicious traffic was realized. Compared with other deep-learning-based methods, the experimental results showed that the detection rate of DF-IDS was 6.87% to 29.5% higher than that of other methods on a small-scale and unbalanced dataset. The advantage of DF-IDS was more obvious in the multi-classification case.
APA, Harvard, Vancouver, ISO, and other styles
39

Zheng, Juan, Zhiyong Zeng, and Tao Feng. "GCN-ETA: High-Efficiency Encrypted Malicious Traffic Detection." Security and Communication Networks 2022 (January 22, 2022): 1–11. http://dx.doi.org/10.1155/2022/4274139.

Full text
Abstract:
Encrypted network traffic is the principal foundation of secure network communication, and it can help ensure the privacy and integrity of confidential information. However, it hides the characteristics of the data, increases the difficulty of detecting malicious traffic, and protects such malicious behavior. Therefore, encryption alone cannot fundamentally guarantee information security. It is also necessary to monitor traffic to detect malicious actions. At present, the more commonly used traffic classification methods are the method based on statistical features and the method based on graphs. However, these two methods are not always reliable when they are applied to the problem of encrypted malicious traffic detection due to their limitations. The former only focuses on the internal information of the network flow itself and ignores the external connections between the network flows. The latter is just the opposite. This paper proposes an encrypted malicious traffic detection method based on a graph convolutional network (GCN) called GCN-ETA, which considers the statistical features (internal information) of network flows and the structural information (external connections) between them. GCN-ETA consists of two parts: a feature extractor that uses an improved GCN and a classifier that uses a decision tree. Improving on the traditional GCN, the effect and speed of encrypted malicious traffic detection can be effectively improved and the deployment of the detection model in the real environment is increased, which provides a reference for the application of GCN in similar scenarios. This method has achieved excellent performance in experiments using real-world encrypted network traffic data for malicious traffic detection, with the accuracy, AUC, and F1-score exceeding 98% and more than 1,300 flows detected per second.
APA, Harvard, Vancouver, ISO, and other styles
40

Sun, Weishi, Yaning Zhang, Jie Li, Chenxing Sun, and Shuzhuang Zhang. "A Deep Learning-Based Encrypted VPN Traffic Classification Method Using Packet Block Image." Electronics 12, no. 1 (December 27, 2022): 115. http://dx.doi.org/10.3390/electronics12010115.

Full text
Abstract:
Network traffic classification has great significance for network security, network management and other fields. However, in recent years, the use of VPN and TLS encryption had presented network traffic classification with new challenges. Due to the great performances of deep learning in image recognition, many solutions have focused on the deep learning-based method and achieved positive results. A traffic classification method based on deep learning is provided in this paper, where the concept of Packet Block is proposed, which is the aggregation of continuous packets in the same direction. The features of Packet Block are extracted from network traffic, and then transformed into images. Finally, convolutional neural networks are used to identify the application type of network traffic. The experiment is conducted using captured OpenVPN dataset and public ISCX-Tor dataset. The results shows that the accuracy is 97.20% in OpenVPN dataset and 93.31% in ISCX-Tor dataset, which is higher than the state-of-the-art methods. This suggests that our approach has the ability to meet the challenges of VPN and TLS encryption.
APA, Harvard, Vancouver, ISO, and other styles
41

Megantara, Achmad, and Tohari Ahmad. "ANOVA-SVM for Selecting Subset Features in Encrypted Internet Traffic Classification." International Journal of Intelligent Engineering and Systems 14, no. 2 (April 30, 2021): 536–46. http://dx.doi.org/10.22266/ijies2021.0430.48.

Full text
APA, Harvard, Vancouver, ISO, and other styles
42

Shapira, Tal, and Yuval Shavitt. "FlowPic: A Generic Representation for Encrypted Traffic Classification and Applications Identification." IEEE Transactions on Network and Service Management 18, no. 2 (June 2021): 1218–32. http://dx.doi.org/10.1109/tnsm.2021.3071441.

Full text
APA, Harvard, Vancouver, ISO, and other styles
43

杨, 瑞鹏. "Encrypted Traffic Classification Based on Graph Embedding and Multimodal Deep Learning." Computer Science and Application 12, no. 05 (2022): 1425–35. http://dx.doi.org/10.12677/csa.2022.125142.

Full text
APA, Harvard, Vancouver, ISO, and other styles
44

Mao, Jiaming, Mingming Zhang, Mu Chen, Lu Chen, Fei Xia, Lei Fan, ZiXuan Wang, and Wenbing Zhao. "Semisupervised Encrypted Traffic Identification Based on Auxiliary Classification Generative Adversarial Network." Computer Systems Science and Engineering 39, no. 3 (2021): 373–90. http://dx.doi.org/10.32604/csse.2021.018086.

Full text
APA, Harvard, Vancouver, ISO, and other styles
45

Sheluhin, Oleg, Vyacheslav Barkov, and Mikhail Polkovnikov. "Classification of Encrypted Mobile App Traffic Using the Machine Learning Method." Voprosy kiberbezopasnosti, no. 4(28) (2018): 21–28. http://dx.doi.org/10.21681/2311-3456-2018-4-21-28.

Full text
APA, Harvard, Vancouver, ISO, and other styles
46

Shen, Meng, Yiting Liu, Liehuang Zhu, Ke Xu, Xiaojiang Du, and Nadra Guizani. "Optimizing Feature Selection for Efficient Encrypted Traffic Classification: A Systematic Approach." IEEE Network 34, no. 4 (July 2020): 20–27. http://dx.doi.org/10.1109/mnet.011.1900366.

Full text
APA, Harvard, Vancouver, ISO, and other styles
47

Iliyasu, Auwal Sani, and Huifang Deng. "Semi-Supervised Encrypted Traffic Classification With Deep Convolutional Generative Adversarial Networks." IEEE Access 8 (2020): 118–26. http://dx.doi.org/10.1109/access.2019.2962106.

Full text
APA, Harvard, Vancouver, ISO, and other styles
48

Fu, Yanjie, Hui Xiong, Xinjiang Lu, Jin Yang, and Can Chen. "Service Usage Classification with Encrypted Internet Traffic in Mobile Messaging Apps." IEEE Transactions on Mobile Computing 15, no. 11 (November 1, 2016): 2851–64. http://dx.doi.org/10.1109/tmc.2016.2516020.

Full text
APA, Harvard, Vancouver, ISO, and other styles
49

Oh, Chaeyeon, Joonseo Ha, and Heejun Roh. "A Survey on TLS-Encrypted Malware Network Traffic Analysis Applicable to Security Operations Centers." Applied Sciences 12, no. 1 (December 24, 2021): 155. http://dx.doi.org/10.3390/app12010155.

Full text
Abstract:
Recently, a majority of security operations centers (SOCs) have been facing a critical issue of increased adoption of transport layer security (TLS) encryption on the Internet, in network traffic analysis (NTA). To this end, in this survey article, we present existing research on NTA and related areas, primarily focusing on TLS-encrypted traffic to detect and classify malicious traffic with deployment scenarios for SOCs. Security experts in SOCs and researchers in academia can obtain useful information from our survey, as the main focus of our survey is NTA methods applicable to malware detection and family classification. Especially, we have discussed pros and cons of three main deployment models for encrypted NTA: TLS interception, inspection using cryptographic functions, and passive inspection without decryption. In addition, we have discussed the state-of-the-art methods in TLS-encrypted NTA for each component of a machine learning pipeline, typically used in the state-of-the-art methods.
APA, Harvard, Vancouver, ISO, and other styles
50

HaoLi. "Traffic classification algorithm using CNN and multi-head attention mechanism for representation learning." Journal of Physics: Conference Series 2258, no. 1 (April 1, 2022): 012001. http://dx.doi.org/10.1088/1742-6596/2258/1/012001.

Full text
Abstract:
Abstract With the development of the times, the demand for privacy and security by people, enterprises and government units has become stronger and stronger, driven by this, encrypted traffic has shown a blowout growth, and the security of traffic has become an issue that cannot be ignored. To solve the traffic classification problem, this paper proposes a new traffic classification algorithm based on convolutional neural network and multi-head attention mechanism. In addition, this paper uses a feature engineering method based on representation learning and proposes a discard threshold to improve the quality of data sets obtained by feature engineering. The experimental results show that the algorithm model and the optimized feature engineering method proposed in this paper have good performance on the traffic classification task.
APA, Harvard, Vancouver, ISO, and other styles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography