Skip to main content
SpringerLink
Log in

A Lightweight Encrypted Network Traffic Classification Method Based on Protocol Field and K-Nearest Neighbor

  • Conference paper
  • First Online:
Proceedings of the 12th International Conference on Computer Engineering and Networks (CENet 2022)

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 961))

Included in the following conference series:

  • 1462 Accesses

Abstract

Encrypted traffic classification is a crucial issue to be addressed with popularization and application of encryption protocols in the network. How to identify and classify encrypted traffic with high efficiency and accuracy has attracted increasing attention for reasons of network management and security. Although many deep learning methods have been reported, high complexity cannot satisfy the real-time classification requirement because of hardware and training costs. In this paper, we propose a lightweight traffic classification method for Transport Layer Security (TLS) protocol based on the Relative Distinguished Name (RDN) field information and k-nearest neighbor (KNN). A specific application is firstly identified by RDN field of TLS handshake messages. Secondly, KNN algorithm is used to classify flows of the same application into different service categories based on carefully selected spatial-temporal features. The effectiveness of the proposed method is well supported by detailed analysis. The experimental results demonstrate the good performance with high speed and precisions of 98.68%, 96.25%, 98.87%, 95.93% for VoIP, Chat, Streaming, File, respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 329.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Wang, M., et al.: CENTIME: a direct comprehensive traffic features extraction for encrypted traffic classification. In: 2021 IEEE 6th International Conference on Computer and Communication Systems (ICCCS), pp. 490–498 (2021)

    Google Scholar 

  2. Rezaei, S., Kroencke, B., Liu, X.: Large-scale mobile app identification using deep learning. IEEE Access 8, 348–362 (2020)

    Article  Google Scholar 

  3. Dong, C., et al.: CETAnalytics: comprehensive effective traffic information analytics for encrypted traffic classification. Comput. Netw. 176, 107258 (2020)

    Article  Google Scholar 

  4. Wang, W., et al.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI) (2017)

    Google Scholar 

  5. Rasteh, A., et al.: Encrypted Internet traffic classification using a supervised Spiking Neural Network. arXiv preprint arXiv:2101.09818 (2021)

  6. Usama, M., et al.: Unsupervised machine learning for networking: techniques applications and research challenges. IEEE Access 7, 65579–65615 (2019)

    Article  Google Scholar 

  7. Zhang, Y., et al.: STNN: a novel TLS/SSL encrypted traffic classification system based on stereo transform neural network. In: 2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS) (2019)

    Google Scholar 

  8. Kohout, J., et al.: Learning communication patterns for malware discovery in HTTPs data. Expert Syst. Appl. 101, 129–142 (2018)

    Article  Google Scholar 

  9. Lotfollahi, M., et al.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft. Comput. 24(3), 1999–2012 (2019)

    Google Scholar 

  10. Rezaei, S., Liu, X.: Deep learning for encrypted traffic classification: an overview. IEEE Commun. Mag. 57(5), 76–81 (2019)

    Google Scholar 

  11. Pacheco, F., et al.: Towards the deployment of machine learning solutions in network traffic classification: a systematic survey. IEEE Commun. Surv. Tutor. 21(2), 1988–2014 (2019)

    Article  Google Scholar 

  12. Ma, C., Du, X., Cao, L.: Improved KNN algorithm for fine-grained classification of encrypted network flow. Electronics 9(2), 324 (2020)

    Google Scholar 

  13. Hejun, Z., Liehuang, Z.: Encrypted network behaviors identification based on dynamic time warping and k-nearest neighbor. Clust. Comput. 22(2), 2571–2580 (2017)

    Google Scholar 

  14. Shbair, W.M., et al.: Efficiently bypassing SNI-based HTTPS filtering. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015)

    Google Scholar 

  15. McGaughey, D., et al.: A systematic approach of feature selection for encrypted network traffic classification. In: 2018 Annual IEEE International Systems Conference (SysCon) (2018)

    Google Scholar 

  16. Draper-Gil, G., et al.: Characterization of encrypted and vpn traffic using time-related. In: Proceedings of the 2nd international conference on information systems security and privacy (ICISSP) (2016)

    Google Scholar 

  17. Gómez, S.E., et al.: Ensemble network traffic classification: algorithm comparison and novel ensemble scheme proposal. Comput. Netw. 127, 68–80 (2017)

    Article  Google Scholar 

  18. Sun, G., et al.: Internet traffic classification based on incremental support vector machines. Mob. Netw. Appl. 23(4), 789–796 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. China Telecom Corporation Limited Research Institute, Guangzhou, China

    Jiayuan Hu & Huahong Zhu

  2. The University of Queensland, Brisbane, Australia

    Rui Zhang

Authors
  1. Jiayuan Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Huahong Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rui Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jiayuan Hu .

Editor information

Editors and Affiliations

  1. School of Computer and Software, Nanjing University of Information Science and Technology, Nanjing, Jiangsu, China

    Qi Liu

  2. School of Computing, Edinburgh Napier University, Edinburgh, UK

    Xiaodong Liu

  3. School of Computer Science and Technology, Hainan University, Haikou, Hainan, China

    Jieren Cheng

  4. School of Electrical Engineering, University of Jinan, Jinan, Shandong, China

    Tao Shen

  5. School of Computer Engineering, Nanjing Institute of Technology, Nanjing, Jiangsu, China

    Yuan Tian

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hu, J., Zhu, H., Zhang, R. (2022). A Lightweight Encrypted Network Traffic Classification Method Based on Protocol Field and K-Nearest Neighbor. In: Liu, Q., Liu, X., Cheng, J., Shen, T., Tian, Y. (eds) Proceedings of the 12th International Conference on Computer Engineering and Networks. CENet 2022. Lecture Notes in Electrical Engineering, vol 961. Springer, Singapore. https://doi.org/10.1007/978-981-19-6901-0_26

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-6901-0_26

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-6900-3

  • Online ISBN: 978-981-19-6901-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation