research-article

A CNN Based Encrypted Network Traffic Classifier

Authors:

Zhe HouAuthors Info & Claims

ACSW '22: Proceedings of the 2022 Australasian Computer Science Week

February 2022

Pages 74 - 83

https://doi.org/10.1145/3511616.3513101

Published: 21 March 2022 Publication History

Abstract

Internet encryption ensures security by improving privacy between sender and receiver. The unstructured form of encrypted data creates a problem of poor traffic classification for security systems. Recent developments using Artificial Intelligence to address this problem left issues like model simplicity, complexity, imbalanced dataset etc, unaddressed. Overfitting, underfitting and ultimately poor classification are outcomes of poorly designed models. This paper applies deep learning to the problem of traffic classification. An eleven layered Convolutional Neural Network (CNN) is designed and trained with a range of images generated from the metadata of encrypted traffic. At its core, the design is simple and deals with overfitting. The proposed model is assessed with the standard metrics, accuracy, precision, recall and score, then compared to a baseline model. The model is trained and tested for seven classification problems, using three encryption types (https, vpn, tor). For all classification tasks, the model achieved accuracies ranging from 91% - 99%, which is an indication of optimum generalization strength. Our model outperformed the baseline model which had accuracies ranging from 67.6% - 99%, an indication of poor generalization strength.

References

[1]

Google Transparency Report, (2021). HTTPS encryption on the web. Google. https://transparencyreport.google.com/https?hl=en

[2]

Nie, S., Jiang, L., Sun, H., Ma, C., Liang, Y., Zhou, Y., & Zuo, Y. (2020). Network traffic classification model based on multi-task learning. Journal of Physics. Conference Series, (1693) 012097. (p 2) http://

[3]

Australian Cyber Security Centre (ACSC). Annual Cyber Threat Report 2020-21. Retrieved October 22, 2021, from https://www.cyber.gov.au/acsc/view-all-content/reports-andstatistics/acsc-annual-cyber-threat-report-2020-21

[4]

Vu, L., Thuy, H. V., Nguyen, Q. U., Ngoc, T. N., Nguyen, D. N., Hoang, D. T., & Dutkiewicz, E. (2018). Time series analysis for encrypted traffic classification: A deep learning approach. 2018 18th International Symposium on Communications and Information Technologies (ISCIT), (pp 121–126). https://

[5]

Shapira, T., & Shavitt, Y. (2019). FlowPic: Encrypted internet traffic classification is as easy as image recognition. IEEE INFOCOM 2019 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), (pp 680–687). https://

[6]

Wang, W., Zhu, M., Wang, J., Zeng, X., & Yang, Z. (2017). End-to-end encrypted traffic classification with one-dimensional convolution neural networks. 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 43–48. http://

Digital Library

[7]

Rasteh, A., Delpech, F., Aguilar-Melchor, C., Zimmer, R., Shouraki, S. B., & Masquelier, T. (2021). Encrypted Internet traffic classification using a supervised Spiking Neural Network. In arXiv [cs.LG]. (pp 5–19). http://arxiv.org/abs/2101.09818

[8]

Lu, B., Luktarhan, N., Ding, C., & Zhang, W. (2021). ICLSTM: Encrypted traffic service identification based on Inception-LSTM neural network. Symmetry, 13(6), 1080. (pp 4–14). https:// doi.org/10.3390/sym13061080

[9]

Hu, F., Zhang, S., Lin, X., Wu, L., Liao, N., & Song, Y. (2021). Network traffic classification model based on attention mechanism and spatiotemporal features. In Research Square. (pp 7–28). https://doi.org/10.21203/rs.3.rs-353938/v1

[10]

Bayat, N., Jackson, W., & Liu, D. (2021). Deep learning for network traffic classification. In arXiv [cs.NI]. 1-10. http://arxiv.org/abs/2106.12693

[11]

LeCun, Y., Boser, B., Denker, J. S., Howard, R. E., Habbard, W., Jackel, L. D., & Henderson, D. (1989). Handwritten digit recognition with a backpropagation network. In Advances in neural information processing systems (NIPS) 2. 396–404. Morgan Kaufmann. http://doi/10.5555/109230.109279

[12]

Simonyan, K. and Zisserman, A. (2015) Very Deep Convolutional Networks for Large-Scale Image Recognition. The 3rd International Conference on Learning Representations (ICLR2015), 3-6. https://arxiv.org/abs/1409.1556

[13]

Richter, M.L., Byttner, W., Krumnack, U., Schallner, L., & Shenk, J. (2021). Size Matters. 4-6. ArXiv, abs/2102.01582.

[14]

Mao, J., Zhang, M., Chen, M., Chen, L., Xia, F. (2021). Semi supervised Encrypted Traffic Identification Based on Auxiliary Classification Generative Adversarial Network. Computer Systems Science and Engineering, 39(3), 373–390. http://

[15]

Boureau, Y., Ponce, J., Lecu, Y., (2010). A Theoretical Analysis of Feature Pooling in Visual Recognition. Conference: Proceedings of the 27th International Conference on Machine Learning (ICML-10), 6-7. https://dl.acm.org/doi/10.5555/3104322.3104338

[16]

Wu, H., and Gu, X., (2015). Towards Dropout Training for Convolutional Neural Networks. Neural Networks (71), 8-10.

[17]

VishnuPriya., Singh, H. K., SivaChaitanyaPrasad., & JaiSivaSai. (2021). RNN-LSTM based deep learning model for tor traffic classification. Cyber-Physical Systems, 1–18. https://doi.org/10.1080/23335777.2021.1924284

[18]

Hodo, E., Bellekens, X., Iorkyase, E., Hamilton, A., Tachtatzis, C., & Atkinson, R. (2017). Machine learning approach for detection of nonTor traffic. Information 2018, 9(9), 231. http://arxiv.org/abs/1708.08725

[19]

Yamansavascilar, B., Guvensan, M. A., Yavuz, A. G., & Karsligil, M. E. (2017). Application identification via network traffic classification. 2017 International Conference on Computing, Networking and Communications (ICNC), 843–848. http://

[20]

Draper-Gil, G., Lashkari, A. H., Mamun, M. S. I., and Ghorbani, A. A. (2016). “Characterization of encrypted and vpn traffic using time-related features,” in Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, INSTICC. SciTePress, 2016, pp. 407–414.

[21]

TensorFlow. (n.d.). Tensorflow.Org. Retrieved October 18, 2021, from https://www.tensorflow.org/

[22]

WatchGuard threat lab reports 91.5% of malware arrived over encrypted connections in Q2 2021. (n.d.). Watchguard.Com; WatchGuard Technologies. Retrieved November 17, 2021, from https://www.watchguard.com/wgrd-news/press-releases/watchguardthreat-lab-reports-915-malware-arrived-over-encrypted

[23]

Goodfellow, I., Bengio, Y., Courville, A. (2016). Deep Learning. Adaptive computation and machine learning. MIT Press. ISBN: 9780262035613

Digital Library

[24]

ImageNet. (n.d.). Image-Net.Org. Retrieved November 17, 2021, from https://www.image-net.org/challenges/LSVRC/2014/

[25]

Shorten, C., Khoshgoftaar, T.M. A survey on Image Data Augmentation for Deep Learning. J Big Data 6, 60 (2019). 7-11 .https://doi.org/10.1186/s40537-019-0197-0

[26]

Sarker, I. H. (2021). Deep learning: A comprehensive overview on techniques, taxonomy, applications and research directions. In Preprints. https://doi.org/10.20944/preprints202108.0060.v1

[27]

UNB, 2016. www.unb.ca.(n.d.). VPN 2016 UNB. http://www.unb.ca/cic/datasets/vpn.html

[28]

UNB, (2017). www.unb.ca.(n.d.). Tor 2017. http://www.unb.ca/cic/datasets/tor.html

[29]

Chollet, F., (2015 ). Keras: Deep Learning for humans. (n.d.). https://github.com/fchollet/ker

Cited By

Alqahtany SSyed T(2024)Integrating Blockchain and Deep Learning for Enhanced Mobile VPN Forensics: A Comprehensive FrameworkApplied Sciences10.3390/app1411442114:11(4421)Online publication date: 23-May-2024
https://doi.org/10.3390/app14114421
Merlin CPaulraj GJebadurai ISharon E(2024)Hyper Parameter Optimization for Ensemble Techniques in Classifying QUIC Traffic2024 International Conference on Cognitive Robotics and Intelligent Systems (ICC - ROBINS)10.1109/ICC-ROBINS60238.2024.10534007(621-626)Online publication date: 17-Apr-2024
https://doi.org/10.1109/ICC-ROBINS60238.2024.10534007
Pal SVangala AJadidi ZHou ZDas A(2023)Security, Privacy and Trust for the Metaverse of Things2023 IEEE International Conference on Metaverse Computing, Networking and Applications (MetaCom)10.1109/MetaCom57706.2023.00039(146-150)Online publication date: Jun-2023
https://doi.org/10.1109/MetaCom57706.2023.00039
Show More Cited By

Index Terms

A CNN Based Encrypted Network Traffic Classifier

Index terms have been assigned to the content through auto-classification.

Recommendations

Ore Image Classification Based on Improved CNN
Abstract
The identification of ore deposits is an important technical task in mining and excavation. However, conventional techniques are time-consuming and tedious. Therefore, data augmentation and transfer learning were used in this topic to ...
Read More
Zeekflow+: A Deep LSTM Autoencoder with Integrated Random Forest Classifier for Binary and Multi-class Classification in Network Traffic Data
PETRA '24: Proceedings of the 17th International Conference on PErvasive Technologies Related to Assistive Environments

This work proposes Zeekflow+, a Deep LSTM Autoencoder (AE) architecture with integrated Random Forest (RF) classifier for effective binary & multi-class classification of network traffic data. The Deep LSTM AE is used to extract underlying patterns ...
Read More
Combining raw data and engineered features for optimizing encrypted and compressed internet of things traffic classification
Abstract
The Internet of Things (IoT) is used in many fields that generate sensitive data, such as healthcare and surveillance. The increased reliance on IoT raised serious information security concerns. As IoT traffic is often compressed to optimize ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSW '22: Proceedings of the 2022 Australasian Computer Science Week

February 2022

260 pages

ISBN:9781450396066

DOI:10.1145/3511616

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 March 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ACSW 2022

ACSW 2022: Australasian Computer Science Week 2022

February 14 - 18, 2022

Brisbane, Australia

Acceptance Rates

Overall Acceptance Rate 61 of 141 submissions, 43%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
293
Total Downloads

Downloads (Last 12 months)98
Downloads (Last 6 weeks)16

Other Metrics

View Author Metrics

Citations

Cited By

Alqahtany SSyed T(2024)Integrating Blockchain and Deep Learning for Enhanced Mobile VPN Forensics: A Comprehensive FrameworkApplied Sciences10.3390/app1411442114:11(4421)Online publication date: 23-May-2024
https://doi.org/10.3390/app14114421
Merlin CPaulraj GJebadurai ISharon E(2024)Hyper Parameter Optimization for Ensemble Techniques in Classifying QUIC Traffic2024 International Conference on Cognitive Robotics and Intelligent Systems (ICC - ROBINS)10.1109/ICC-ROBINS60238.2024.10534007(621-626)Online publication date: 17-Apr-2024
https://doi.org/10.1109/ICC-ROBINS60238.2024.10534007
Pal SVangala AJadidi ZHou ZDas A(2023)Security, Privacy and Trust for the Metaverse of Things2023 IEEE International Conference on Metaverse Computing, Networking and Applications (MetaCom)10.1109/MetaCom57706.2023.00039(146-150)Online publication date: Jun-2023
https://doi.org/10.1109/MetaCom57706.2023.00039
Cullen DHalladay JBriner NBasnet RBergen JDoleck T(2022)Evaluation of Synthetic Data Generation Techniques in the Domain of Anonymous Traffic ClassificationIEEE Access10.1109/ACCESS.2022.322850710(129612-129625)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3228507

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents