Fast Identification Method of Encrypted Traffic Based on Payload Signatures

To solve the difficulty of identifying encrypted traffic,this paper proposes a fast network traffic identification method,which applies traffic payload signatures extraction instead of the deep analysis of full-payload data.This method uses 256-dimensional vector to describe the frequency of the packet payload 256 ASCII bytes occur.It extracts payload signatures based on the mean and variance of the quantitative traffic payload.Then it classifies the network traffic into different applications by using a decision tree model.Experimental results show the proposed method can accurately classify the common encrypted network traffic and detect traffic from some malicious attacks.