FS-Net: A Flow Sequence Network For Encrypted Traffic Classification

With more attention paid to user privacy and communication security, the volume of encrypted traffic rises sharply, which brings a huge challenge to traditional rule-based traffic classification methods. Combining machine learning algorithms and manual-design features has become the mainstream methods to solve this problem. However, these features depend on professional experience heavily, which needs lots of human effort. And these methods divide the encrypted traffic classification problem into piece-wise sub-problems, which could not guarantee the optimal solution. In this paper, we apply the recurrent neural network to the encrypted traffic classification problem and propose the Flow Sequence Network (FS-Net). The FS-Net is an end-to-end classification model that learns representative features from the raw flows, and then classifies them in a unified framework. Moreover, we adopt a multi-layer encoder-decoder structure which can mine the potential sequential characteristics of flows deeply, and import the reconstruction mechanism which can enhance the effectiveness of features. Our comprehensive experiments on the real-world dataset covering 18 applications indicate that FS-Net achieves an excellent performance (99.14% TPR, 0.05% FPR and 0.9906 FTF) and outperforms the state-of-the-art methods. Index Terms–Encrypted Traffic Classification, Recurrent Neural Network, Reconstruction Mechanism

[1]  Siu-Ming Yiu,et al.  MaMPF: Encrypted Traffic Classification Based on Multi-Attribute Markov Probability Fingerprints , 2018, 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS).

[2]  Nitish Srivastava,et al.  Improving neural networks by preventing co-adaptation of feature detectors , 2012, ArXiv.

[3]  Rui Li,et al.  Byte Segment Neural Network for Network Traffic Classification , 2018, 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS).

[4]  Yu Wang,et al.  Semi-supervised Encrypted Traffic Classification Using Composite Features Set , 2012, J. Networks.

[5]  Hui Xiong,et al.  Effective and Real-time In-App Activity Analysis in Encrypted Internet Traffic Streams , 2017, KDD.

[6]  Mauro Conti,et al.  AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[7]  Pavel Celeda,et al.  A survey of methods for encrypted traffic classification and analysis , 2015, Int. J. Netw. Manag..

[8]  Blake Anderson,et al.  Machine Learning for Encrypted Malware Traffic Classification: Accounting for Noisy Labels and Non-Stationarity , 2017, KDD.

[9]  Carey L. Williamson,et al.  Identifying and discriminating between web and peer-to-peer traffic in the network core , 2007, WWW '07.

[10]  Jeffrey Dean,et al.  Distributed Representations of Words and Phrases and their Compositionality , 2013, NIPS.

[11]  Guang Cheng,et al.  WENC: HTTPS Encrypted Traffic Classification Using Weighted Ensemble Learning and Markov Chain , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[12]  Albert Trelis Saiz Independent comparison of popular DPI tools for traffic classification , 2016 .

[13]  Eduardo Rocha,et al.  A Survey of Payload-Based Traffic Classification Approaches , 2014, IEEE Communications Surveys & Tutorials.

[14]  Panayiotis Mavrommatis,et al.  Identifying Known and Unknown Peer-to-Peer Traffic , 2006, Fifth IEEE International Symposium on Network Computing and Applications (NCA'06).

[15]  Yoshua Bengio,et al.  Learning Phrase Representations using RNN Encoder–Decoder for Statistical Machine Translation , 2014, EMNLP.

[16]  Blake Anderson,et al.  Identifying Encrypted Malware Traffic with Contextual Flow Data , 2016, AISec@CCS.

[17]  Liehuang Zhu,et al.  Certificate-aware encrypted traffic classification using Second-Order Markov Chain , 2016, 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS).

[18]  Liehuang Zhu,et al.  Classification of Encrypted Traffic With Second-Order Markov Chains and Application Attribute Bigrams , 2017, IEEE Transactions on Information Forensics and Security.

[19]  Nino Vincenzo Verde,et al.  Analyzing Android Encrypted Network Traffic to Identify User Actions , 2016, IEEE Transactions on Information Forensics and Security.

[20]  Baohua Yang,et al.  Packet Classification Algorithms: From Theory to Practice , 2009, IEEE INFOCOM 2009.

[21]  Dan Zhang,et al.  An efficient feature generation approach based on deep learning and feature selection techniques for traffic classification , 2018, Comput. Networks.

[22]  Sepp Hochreiter,et al.  Self-Normalizing Neural Networks , 2017, NIPS.

[23]  Chen-Nee Chuah,et al.  Self-Learning Peer-to-Peer Traffic Classifier , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[24]  Subharthi Paul,et al.  Deciphering malware’s use of TLS (without decryption) , 2016, Journal of Computer Virology and Hacking Techniques.

[25]  Hui Xiong,et al.  Service Usage Classification with Encrypted Internet Traffic in Mobile Messaging Apps , 2016, IEEE Transactions on Mobile Computing.

[26]  Alex Graves,et al.  Supervised Sequence Labelling with Recurrent Neural Networks , 2012, Studies in Computational Intelligence.

[27]  Andrzej Duda,et al.  Markov chain fingerprinting to classify encrypted traffic , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[28]  Mahdi Jafari Siavoshani,et al.  Deep packet: a novel approach for encrypted traffic classification using deep learning , 2017, Soft Computing.

[29]  Yoshua Bengio,et al.  Learning long-term dependencies with gradient descent is difficult , 1994, IEEE Trans. Neural Networks.

[30]  Mauro Conti,et al.  Robust Smartphone App Identification via Encrypted Network Traffic Analysis , 2017, IEEE Transactions on Information Forensics and Security.

[31]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[32]  Danilo P. Mandic,et al.  Recurrent Neural Networks for Prediction: Learning Algorithms, Architectures and Stability , 2001 .

[33]  Matthew Roughan,et al.  Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification , 2004, IMC '04.

[34]  Gang Xiong,et al.  LaFFT: Length-Aware FFT Based Fingerprinting for Encrypted Network Traffic Classification , 2018, 2018 IEEE Symposium on Computers and Communications (ISCC).