DISTILLER: Encrypted traffic classification via multimodal multitask deep learning

Abstract Traffic classification, i.e. the inference of applications and/or services from their network traffic, represents the workhorse for service management and the enabler for valuable profiling information. The growing trend toward encrypted protocols and the fast-evolving nature of network traffic are obsoleting the traffic-classification design solutions based on payload-inspection or machine learning. Conversely, deep learning is currently foreseen as a viable means to design traffic classifiers based on automatically-extracted features. These reflect the complex patterns distilled from the multifaceted (encrypted) traffic, that implicitly carries information in “multimodal” fashion, and can be also used in application scenarios with diversified network visibility for (simultaneously) tackling multiple classification tasks. To this end, in this paper a novel multimodal multitask deep learning approach for traffic classification is proposed, leading to the Distiller classifier. The latter is able to capitalize traffic-data heterogeneity (by learning both intra- and inter-modality dependencies), overcome performance limitations of existing (myopic) single-modal deep learning-based traffic classification proposals, and simultaneously solve different traffic categorization problems associated to different providers’ desiderata. Based on a public dataset of encrypted traffic, we evaluate Distiller in a fair comparison with state-of-the-art deep learning architectures proposed for encrypted traffic classification (and based on single-modality philosophy). Results show the gains of our proposal over both multitask extensions of single-task baselines and native multitask architectures.

[1]  Ming Zhu,et al.  End-to-end encrypted traffic classification with one-dimensional convolution neural networks , 2017, 2017 IEEE International Conference on Intelligence and Security Informatics (ISI).

[2]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[3]  Wei Lin,et al.  Traffic Identification of Mobile Apps Based on Variational Autoencoder Network , 2017, 2017 13th International Conference on Computational Intelligence and Security (CIS).

[4]  Chase Cotton,et al.  An investigation on information leakage of DNS over TLS , 2019, CoNEXT.

[5]  Xin Liu,et al.  Multitask Learning for Network Traffic Classification , 2019, 2020 29th International Conference on Computer Communications and Networks (ICCCN).

[6]  Mahdi Jafari Siavoshani,et al.  Deep packet: a novel approach for encrypted traffic classification using deep learning , 2017, Soft Computing.

[7]  Zhigang Lu,et al.  CETAnalytics: Comprehensive effective traffic information analytics for encrypted traffic classification , 2020, Comput. Networks.

[8]  Stuart E. Dreyfus,et al.  On complexity analysis of supervised MLP-learning for algorithmic comparisons , 2001, IJCNN'01. International Joint Conference on Neural Networks. Proceedings (Cat. No.01CH37222).

[9]  Antonio Pescapè,et al.  K-Dimensional Trees for Continuous Traffic Classification , 2010, TMA.

[10]  Miaowen Wen,et al.  Design of Multi-Carrier LBT for LAA&WiFi Coexistence in Unlicensed Spectrum , 2020, IEEE Network.

[11]  Christine Schiltz,et al.  MaGrid: A Language-Neutral Early Mathematical Training and Learning Application , 2018, Int. J. Emerg. Technol. Learn..

[12]  P. Davidovits Friction , 2019, Physics in Biology and Medicine.

[13]  Giuseppe Aceto,et al.  Mobile Encrypted Traffic Classification Using Deep Learning: Experimental Evaluation, Lessons Learned, and Challenges , 2019, IEEE Transactions on Network and Service Management.

[14]  Antonio Pescapè,et al.  Issues and future directions in traffic classification , 2012, IEEE Network.

[15]  Giuseppe Piro,et al.  Multi-Task Learning at the Mobile Edge: An Effective Way to Combine Traffic Classification and Prediction , 2020, IEEE Transactions on Vehicular Technology.

[16]  J. Burrell,et al.  Friction, snake oil, and weird countries: Cybersecurity systems could deepen global inequality through regional blocking , 2019, Big Data & Society.

[17]  Mauro Conti,et al.  Robust Smartphone App Identification via Encrypted Network Traffic Analysis , 2017, IEEE Transactions on Information Forensics and Security.

[18]  Ke Xu,et al.  ID-Based SDN for the Internet of Things , 2020, IEEE Network.

[19]  Giuseppe Aceto,et al.  MIMETIC: Mobile encrypted traffic classification using multimodal deep learning , 2019, Comput. Networks.

[20]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[21]  He Huang,et al.  Automatic Multi-task Learning System for Abnormal Network Traffic Detection , 2018, Int. J. Emerg. Technol. Learn..

[22]  Ali A. Ghorbani,et al.  Characterization of Encrypted and VPN Traffic using Time-related Features , 2016, ICISSP.

[23]  Sheng Wu,et al.  Identification of Encrypted Traffic Through Attention Mechanism Based Long Short Term Memory , 2019, IEEE Transactions on Big Data.

[24]  Nguyen Quang Uy,et al.  A Deep Learning Based Method for Handling Imbalanced Problem in Network Traffic Classification , 2017, SoICT.

[25]  Hani Hagras,et al.  Toward Human-Understandable, Explainable AI , 2018, Computer.

[26]  Zigang Cao,et al.  FS-Net: A Flow Sequence Network For Encrypted Traffic Classification , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[27]  Giuseppe Aceto,et al.  Anonymity Services Tor, I2P, JonDonym: Classifying in the Dark (Web) , 2020, IEEE Transactions on Dependable and Secure Computing.

[28]  Yi Zeng,et al.  $Deep-Full-Range$ : A Deep Learning Based Network Encrypted Traffic Classification and Intrusion Detection Framework , 2019, IEEE Access.

[29]  Antonio Pescapè,et al.  Multi-classification approaches for classifying mobile app traffic , 2018, J. Netw. Comput. Appl..

[30]  Amir Houmansadr,et al.  On the Importance of Encrypted-SNI (ESNI) to Censorship Circumvention , 2019, FOCI @ USENIX Security Symposium.

[31]  Jaime Lloret,et al.  Network Traffic Classifier With Convolutional and Recurrent Neural Networks for Internet of Things , 2017, IEEE Access.

[32]  Juhan Nam,et al.  Multimodal Deep Learning , 2011, ICML.

[33]  Yulei Wu,et al.  Encrypted traffic classification based on Gaussian mixture models and Hidden Markov Models , 2020, J. Netw. Comput. Appl..

[34]  Yong Liao,et al.  SAMPLES: Self Adaptive Mining of Persistent LExical Snippets for Classifying Mobile Application Traffic , 2015, MobiCom.

[35]  Giuseppe Aceto,et al.  Toward effective mobile encrypted traffic classification through deep learning , 2020, Neurocomputing.

[36]  Antonio Pescapè,et al.  Identification of Traffic Flows Hiding behind TCP Port 80 , 2010, 2010 IEEE International Conference on Communications.

[37]  Renata Teixeira,et al.  Early application identification , 2006, CoNEXT '06.

[38]  Wenzhong Li,et al.  App trajectory recognition over encrypted internet traffic based on deep neural network , 2020, Comput. Networks.

[39]  Ke Xu,et al.  Optimizing Feature Selection for Efficient Encrypted Traffic Classification: A Systematic Approach , 2020, IEEE Network.

[40]  Jingyu Wang,et al.  Common Knowledge Based and One-Shot Learning Enabled Multi-Task Traffic Classification , 2019, IEEE Access.

[41]  Ameet Talwalkar,et al.  Paleo: A Performance Model for Deep Neural Networks , 2016, ICLR.

[42]  Graham W. Taylor,et al.  Deep Multimodal Learning: A Survey on Recent Advances and Trends , 2017, IEEE Signal Processing Magazine.

[43]  Sebastian Ruder,et al.  An Overview of Multi-Task Learning in Deep Neural Networks , 2017, ArXiv.

[44]  Di Wu,et al.  Multi-Task Network Anomaly Detection using Federated Learning , 2019, SoICT.