Open AccessPractical evaluation of encrypted traffic classification based on a combined method of entropy estimation and neural networks
Author(s) -
Zhou Kun,
Wang Wenyong,
Wu Chenhuang,
Hu Teng
Publication year - 2020
Publication title -
etri journal
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.295
H-Index - 46
eISSN - 2233-7326
pISSN - 1225-6463
DOI - 10.4218/etrij.2019-0190
Subject(s) - encryption , computer science , artificial neural network , data mining , naive bayes classifier , traffic classification , support vector machine , entropy (arrow of time) , plaintext , network packet , entropy estimation , traffic analysis , artificial intelligence , machine learning , computer network , estimator , statistics , mathematics , physics , quantum mechanics
Encrypted traffic classification plays a vital role in cybersecurity as network traffic encryption becomes prevalent. First, we briefly introduce three traffic encryption mechanisms: IPsec, SSL/TLS, and SRTP. After evaluating the performances of support vector machine, random forest, naïve Bayes, and logistic regression for traffic classification, we propose the combined approach of entropy estimation and artificial neural networks. First, network traffic is classified as encrypted or plaintext with entropy estimation. Encrypted traffic is then further classified using neural networks. We propose using traffic packet’s sizes, packet's inter‐arrival time, and direction as the neural network's input. Our combined approach was evaluated with the dataset obtained from the Canadian Institute for Cybersecurity. Results show an improved precision (from 1 to 7 percentage points), and some application classification metrics improved nearly by 30 percentage points.