IncreAIBMF: Incremental Learning for Encrypted Mobile Application Identification

Mobile application identification, as the fundamental technique in the field of network security and management, suffers from a critical problem, namely ‘encrypted traffic’. The proven methods for encrypted traffic identification have a major drawback, which is new come applications continue to suffer from catastrophic forgetting, a dramatic decrease in overall performance when training with new app classes added incrementally. This is due to the current model requiring the entire dataset, consisting of all the samples from the old and the new classes, to update the model. The updating requirement becomes easily unsustainable as the number of apps grows, To address the issue, we propose IncreAIBMF framework to learn deep neural networks incrementally, using new apps data and only a small exemplar set corresponding to samples from the old apps. The key idea behind IncreAIBMF is an incremental learning framework which possesses new application identification ability by incorporating the cross-distilled loss, which can not only learn the new app classes and also retain the previous knowledge corresponding to the old app classes. Our experiment results show that IncreAIBMF achieves 87.3% on Macro Precision, 87.8% on F1 Score and 88.9% on Macro Recall, respectively, on the real-world traces that consists of 50 mobile applications, supports the early prediction, and is robust to the scale of the app classes. Besides, the basic variant of IncreAIBMF, AIBMF is superior to the state-of-the-art methods in terms of identification performance.

[1]  Zigang Cao,et al.  FS-Net: A Flow Sequence Network For Encrypted Traffic Classification , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[2]  Jérôme François,et al.  Improving SNI-Based HTTPS Security Monitoring , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems Workshops (ICDCSW).

[3]  Pavel Celeda,et al.  A survey of methods for encrypted traffic classification and analysis , 2015, Int. J. Netw. Manag..

[4]  Derek Hoiem,et al.  Learning without Forgetting , 2016, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[5]  Christoph H. Lampert,et al.  iCaRL: Incremental Classifier and Representation Learning , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[6]  Cordelia Schmid,et al.  Incremental Learning of Object Detectors without Catastrophic Forgetting , 2017, 2017 IEEE International Conference on Computer Vision (ICCV).

[7]  Max Welling,et al.  Herding dynamical weights to learn , 2009, ICML '09.

[8]  Ming Zhu,et al.  End-to-end encrypted traffic classification with one-dimensional convolution neural networks , 2017, 2017 IEEE International Conference on Intelligence and Security Informatics (ISI).

[9]  Shie Mannor,et al.  A Tutorial on the Cross-Entropy Method , 2005, Ann. Oper. Res..

[10]  Yongzheng Zhang,et al.  Mobile Application Identification Over HTTPS Traffic Based on Multi-view Features , 2019, 2019 26th International Conference on Telecommunications (ICT).

[11]  Siu-Ming Yiu,et al.  MaMPF: Encrypted Traffic Classification Based on Multi-Attribute Markov Probability Fingerprints , 2018, 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS).

[12]  Lea Skorin-Kapov,et al.  A machine learning approach to classifying YouTube QoE based on encrypted network traffic , 2017, Multimedia Tools and Applications.

[13]  Andrzej Duda,et al.  Markov chain fingerprinting to classify encrypted traffic , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[14]  Liehuang Zhu,et al.  Classification of Encrypted Traffic With Second-Order Markov Chains and Application Attribute Bigrams , 2017, IEEE Transactions on Information Forensics and Security.

[15]  Youki Kadobayashi,et al.  Classification of SSL Servers based on their SSL Handshake for Automated Security Assessment , 2014, 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS).

[16]  Riyad Alshammari,et al.  Machine learning based encrypted traffic classification: Identifying SSH and Skype , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[17]  Cordelia Schmid,et al.  End-to-End Incremental Learning , 2018, ECCV.

[18]  Geoffrey E. Hinton,et al.  Learning representations by back-propagating errors , 1986, Nature.