Encrypted traffic classification based on packet length distribution of sampling sequence

Chang-xi GAO; Ya-biao WU; Cong WANG

Tongxin xuebao (Sep 2015)

Encrypted traffic classification based on packet length distribution of sampling sequence

Chang-xi GAO,
Ya-biao WU,
Cong WANG

Affiliations

Chang-xi GAO
Ya-biao WU
Cong WANG

Journal volume & issue: Vol. 36
pp. 65 – 75

Abstract

Read online

A hypothesis testing-based statistical decision model (HTSDM) for application identification of encrypted traf-fic was presented.HTSDM was based on packet length distribution of deterministic sampling sequence at flow level,which was characterized by packet positions,packet directions,packet sizes,packet arrival continuity and packet arrival order.HTSDM boosted deep packet inspection (DPI) by introducing constraints of packet position and direction as well as inter-flow correlation action.A hybrid method of encrypted traffic classification combining DPI and dynamic flow in-spection (DFI) was proposed based on HTSDM.Experiment results show that this method can effectively identify the unique statistical traffic behavior of encrypted application in flow coordinate space,and achieve high precision,recall and overall accuracy while keeping low false positive rate (FPR) and overall FPR.

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords