TY - GEN
T1 - Certificate-aware encrypted traffic classification using Second-Order Markov Chain
AU - Shen, Meng
AU - Wei, Mingwei
AU - Zhu, Liehuang
AU - Wang, Mingzhong
AU - Li, Fuliang
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/10/13
Y1 - 2016/10/13
N2 - With the prosperity of network applications, traffic classification serves as a crucial role in network management and malicious attack detection. The widely used encryption transmission protocols, such as the Secure Socket Layer/Transport Layer Security (SSL/TLS) protocols, leads to the failure of traditional payload-based classification methods. Existing methods for encrypted traffic classification suffer from low accuracy. In this paper, we propose a certificate-aware encrypted traffic classification method based on the Second-Order Markov Chain. We start by exploring reasons why existing methods not perform well, and make a novel observation that certificate packet length in SSL/TLS sessions contributes to application discrimination. To increase the diversity of application fingerprints, we develop a new model by incorporating the certificate packet length clustering into the Second-Order homogeneous Markov chains. Extensive evaluation results show that the proposed method lead to a 30% improvement on average compared with the state-of-the-art method, in terms of classification accuracy.
AB - With the prosperity of network applications, traffic classification serves as a crucial role in network management and malicious attack detection. The widely used encryption transmission protocols, such as the Secure Socket Layer/Transport Layer Security (SSL/TLS) protocols, leads to the failure of traditional payload-based classification methods. Existing methods for encrypted traffic classification suffer from low accuracy. In this paper, we propose a certificate-aware encrypted traffic classification method based on the Second-Order Markov Chain. We start by exploring reasons why existing methods not perform well, and make a novel observation that certificate packet length in SSL/TLS sessions contributes to application discrimination. To increase the diversity of application fingerprints, we develop a new model by incorporating the certificate packet length clustering into the Second-Order homogeneous Markov chains. Extensive evaluation results show that the proposed method lead to a 30% improvement on average compared with the state-of-the-art method, in terms of classification accuracy.
UR - http://www.scopus.com/inward/record.url?scp=85009783365&partnerID=8YFLogxK
U2 - 10.1109/IWQoS.2016.7590451
DO - 10.1109/IWQoS.2016.7590451
M3 - Conference contribution
AN - SCOPUS:85009783365
T3 - 2016 IEEE/ACM 24th International Symposium on Quality of Service, IWQoS 2016
BT - 2016 IEEE/ACM 24th International Symposium on Quality of Service, IWQoS 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 24th IEEE/ACM International Symposium on Quality of Service, IWQoS 2016
Y2 - 20 June 2016 through 21 June 2016
ER -