Certificate-aware encrypted traffic classification using Second-Order Markov Chain

2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS) Pub Date : 2016-06-20 DOI:10.1109/IWQoS.2016.7590451

Meng Shen, Mingwei Wei, Liehuang Zhu, Mingzhong Wang, Fuliang Li

{"title":"Certificate-aware encrypted traffic classification using Second-Order Markov Chain","authors":"Meng Shen, Mingwei Wei, Liehuang Zhu, Mingzhong Wang, Fuliang Li","doi":"10.1109/IWQoS.2016.7590451","DOIUrl":null,"url":null,"abstract":"With the prosperity of network applications, traffic classification serves as a crucial role in network management and malicious attack detection. The widely used encryption transmission protocols, such as the Secure Socket Layer/Transport Layer Security (SSL/TLS) protocols, leads to the failure of traditional payload-based classification methods. Existing methods for encrypted traffic classification suffer from low accuracy. In this paper, we propose a certificate-aware encrypted traffic classification method based on the Second-Order Markov Chain. We start by exploring reasons why existing methods not perform well, and make a novel observation that certificate packet length in SSL/TLS sessions contributes to application discrimination. To increase the diversity of application fingerprints, we develop a new model by incorporating the certificate packet length clustering into the Second-Order homogeneous Markov chains. Extensive evaluation results show that the proposed method lead to a 30% improvement on average compared with the state-of-the-art method, in terms of classification accuracy.","PeriodicalId":304978,"journal":{"name":"2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS)","volume":"105 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"29","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWQoS.2016.7590451","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 29

Abstract

With the prosperity of network applications, traffic classification serves as a crucial role in network management and malicious attack detection. The widely used encryption transmission protocols, such as the Secure Socket Layer/Transport Layer Security (SSL/TLS) protocols, leads to the failure of traditional payload-based classification methods. Existing methods for encrypted traffic classification suffer from low accuracy. In this paper, we propose a certificate-aware encrypted traffic classification method based on the Second-Order Markov Chain. We start by exploring reasons why existing methods not perform well, and make a novel observation that certificate packet length in SSL/TLS sessions contributes to application discrimination. To increase the diversity of application fingerprints, we develop a new model by incorporating the certificate packet length clustering into the Second-Order homogeneous Markov chains. Extensive evaluation results show that the proposed method lead to a 30% improvement on average compared with the state-of-the-art method, in terms of classification accuracy.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于二阶马尔可夫链的证书感知加密流量分类

随着网络应用的蓬勃发展，流量分类在网络管理和恶意攻击检测中发挥着至关重要的作用。SSL/TLS (Secure Socket Layer/Transport Layer Security)等广泛使用的加密传输协议导致传统的基于有效载荷的分类方法失效。现有的加密流分类方法存在准确率低的问题。本文提出了一种基于二阶马尔可夫链的证书感知加密流量分类方法。我们首先探索现有方法性能不佳的原因，并提出一个新颖的观察，即SSL/TLS会话中的证书数据包长度有助于应用程序区分。为了增加应用指纹的多样性，我们将证书包长度聚类引入到二阶齐次马尔可夫链中，建立了一个新的模型。广泛的评估结果表明，在分类精度方面，与最先进的方法相比，所提出的方法平均提高了30%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS)

自引率

0.00%

发文量