A Survey on Encrypted Traffic Classification

With the widespread use of encryption techniques in network applications, encrypted network traffic has recently become a great challenge for network management. Studies on encrypted traffic classification not only help to improve the network service quality, but also assist in enhancing network security. In this paper, we first introduce the basic information of encrypted traffic classification, emphasizing the influences of encryption on current classification methodology. Then, we summarize the challenges and recent advances in encrypted traffic classification research. Finally, the paper is ended with some conclusions.

[1]  Sakir Sezer,et al.  Host-Based P2P Flow Identification and Use in Real-Time , 2011, TWEB.

[2]  Vitaly Shmatikov,et al.  The Parrot Is Dead: Observing Unobservable Network Communications , 2013, 2013 IEEE Symposium on Security and Privacy.

[3]  Andrzej Duda,et al.  Classifying service flows in the encrypted skype traffic , 2012, 2012 IEEE International Conference on Communications (ICC).

[4]  Charles V. Wright,et al.  Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis , 2009, NDSS.

[5]  Wolfgang Mühlbauer,et al.  Digging into HTTPS: flow-based classification of webmail traffic , 2010, IMC '10.

[6]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[7]  Dario Rossi,et al.  KISS: Stochastic Packet Inspection , 2009, TMA.

[8]  Michael Langberg,et al.  Realtime Classification for Encrypted Traffic , 2010, SEA.

[9]  Gang Xiong,et al.  Real-Time Detection of Encrypted Thunder Traffic Based on Trustworthy Behavior Association , 2012, ISCTCS.

[10]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[11]  Riyad Alshammari,et al.  A flow based approach for SSH traffic detection , 2007, 2007 IEEE International Conference on Systems, Man and Cybernetics.

[12]  Elena Baralis,et al.  Hierarchical learning for fine grained internet traffic classification , 2012, 2012 8th International Wireless Communications and Mobile Computing Conference (IWCMC).

[13]  Ian Goldberg,et al.  SkypeMorph: protocol obfuscation for Tor bridges , 2012, CCS.

[14]  George Tsirtsis,et al.  Network Address Translation - Protocol Translation (NAT-PT) , 2000, RFC.

[15]  Yueming Lu,et al.  Trustworthy Computing and Services , 2012, Communications in Computer and Information Science.

[16]  Maode Ma,et al.  A VoIP Traffic Identification Scheme Based on Host and Flow Behavior Analysis , 2010, Journal of Network and Systems Management.

[17]  Malcolm I. Heywood,et al.  Genetic optimization and hierarchical clustering applied to encrypted traffic identification , 2011, 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[18]  Matti Hirvonen,et al.  Two-phased method for identifying SSH encrypted application flows , 2011, 2011 7th International Wireless Communications and Mobile Computing Conference.

[19]  Riyad Alshammari,et al.  Machine learning based encrypted traffic classification: Identifying SSH and Skype , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[20]  Thomas Ristenpart,et al.  Protocol misidentification made easy with format-transforming encryption , 2013, CCS.

[21]  Dario Rossi,et al.  Reviewing Traffic Classification , 2013, Data Traffic Monitoring and Analysis.

[22]  Antonio Pescapè,et al.  Issues and future directions in traffic classification , 2012, IEEE Network.

[23]  Dario Rossi,et al.  Abacus: Accurate behavioral classification of P2P-TV traffic , 2011, Comput. Networks.

[24]  Christian Callegari,et al.  Skype-Hunter: A real-time system for the detection and classification of Skype traffic , 2012, Int. J. Commun. Syst..

[25]  Christian Callegari,et al.  DataTraffic Monitoring and Analysis: from measurement, classification, and anomaly detection to quality of experience , 2013 .

[26]  Vinod Yegneswaran,et al.  StegoTorus: a camouflage proxy for the Tor anonymity system , 2012, CCS.

[27]  Michalis Faloutsos,et al.  SubFlow: Towards practical flow-level traffic classification , 2012, 2012 Proceedings IEEE INFOCOM.

[28]  Chadi Barakat,et al.  Using host profiling to refine statistical application identification , 2012, 2012 Proceedings IEEE INFOCOM.

[29]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[30]  Thomas Ristenpart,et al.  Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail , 2012, 2012 IEEE Symposium on Security and Privacy.

[31]  Andrzej Duda,et al.  Markov chain fingerprinting to classify encrypted traffic , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[32]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[33]  Jun Zhang,et al.  Internet traffic clustering with constraints , 2012, 2012 8th International Wireless Communications and Mobile Computing Conference (IWCMC).

[34]  Andrea Baiocchi,et al.  From ideality to practicability in statistical packet features masking , 2012, 2012 8th International Wireless Communications and Mobile Computing Conference (IWCMC).

[35]  Antonio Pescapè,et al.  Early Classification of Network Traffic through Multi-classification , 2011, TMA.