Towards real-time processing for application identification of encrypted traffic

Application identification in the middle is one of key challenges for network operators to manage application based traffic and policy controls in the Internet. However, it is becoming harder according to the increase of end-to-end encrypted traffic in which we hardly read application specific information from packets. We previously proposed a method to identify the application of traffic whenever the traffic is encrypted or not. Our method gives a significant accuracy of identification of encrypted traffic as high as the case when traffic is not encrypted, however, it requires an offline processing to obtain statistics of the whole of flows. A real-time identification is important, but the accuracy is a problem due to unstable information of flow statistics. In this paper we therefore propose an approach to improve the accuracy of identification when we identify the encrypted traffic in real-time. We first clarify the sufficient number of packets required for accurate identification, and then the method to infer the statistics to improve the accuracy even when the obtained number of packets is smaller than the one required. Experimental results have shown that the proposed approach achieves the high accuracy almost the same as in offline method.