Granular classifier: Building traffic granules for encrypted traffic classification based on granular computing

Abstract

Accurate classification of encrypted traffic plays an important role in network management. However, current methods confronts several problems: inability to characterize traffic that exhibits great dispersion, inability to classify traffic with multi-level features, and degradation due to limited training traffic size. To address these problems, this paper proposes a traffic granularity-based cryptographic traffic classification method, called Granular Classifier (GC). In this paper, a novel Cardinality-based Constrained Fuzzy C-Means (CCFCM) clustering algorithm is proposed to address the problem caused by limited training traffic, considering the ratio of cardinality that must be linked between flows to achieve good traffic partitioning. Then, an original representation format of traffic is presented based on granular computing, named Traffic Granules (TG), to accurately describe traffic structure by catching the dispersion of different traffic features. Each granule is a compact set of similar data with a refined boundary by excluding outliers. Based on TG, GC is constructed to perform traffic classification based on multi-level features. The performance of the GC is evaluated based on real-world encrypted network traffic data. Experimental results show that the GC achieves outstanding performance for encrypted traffic classification with limited size of training traffic and keeps accurate classification in dynamic network conditions.