Premium
A survey of methods for encrypted traffic classification and analysis
Author(s) -
Velan Petr,
Čermák Milan,
Čeleda Pavel,
Drašar Martin
Publication year - 2015
Publication title -
international journal of network management
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.373
H-Index - 28
eISSN - 1099-1190
pISSN - 1055-7148
DOI - 10.1002/nem.1901
Subject(s) - encryption , computer science , traffic classification , payload (computing) , categorization , protocol (science) , data mining , internet traffic , feature (linguistics) , the internet , artificial intelligence , computer network , world wide web , medicine , linguistics , philosophy , alternative medicine , pathology , network packet
Summary With the widespread use of encrypted data transport, network traffic encryption is becoming a standard nowadays. This presents a challenge for traffic measurement, especially for analysis and anomaly detection methods, which are dependent on the type of network traffic. In this paper, we survey existing approaches for classification and analysis of encrypted traffic. First, we describe the most widespread encryption protocols used throughout the Internet. We show that the initiation of an encrypted connection and the protocol structure give away much information for encrypted traffic classification and analysis. Then, we survey payload and feature‐based classification methods for encrypted traffic and categorize them using an established taxonomy. The advantage of some of described classification methods is the ability to recognize the encrypted application protocol in addition to the encryption protocol. Finally, we make a comprehensive comparison of the surveyed feature‐based classification methods and present their weaknesses and strengths. Copyright © 2015 John Wiley & Sons, Ltd.