Novel HTTPS classifier driven by packet bursts, flows, and machine learning

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F21%3A10133378" target="_blank" >RIV/63839172:_____/21:10133378 - isvavai.cz</a>

Nalezeny alternativní kódy

RIV/68407700:21240/21:00353112

Výsledek na webu

<a href="http://dx.doi.org/10.23919/CNSM52442.2021.9615561" target="_blank" >http://dx.doi.org/10.23919/CNSM52442.2021.9615561</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.23919/CNSM52442.2021.9615561" target="_blank" >10.23919/CNSM52442.2021.9615561</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Novel HTTPS classifier driven by packet bursts, flows, and machine learning

Popis výsledku v původním jazyce

Encryption of network traffic recently starts to cover remaining readable information, which is heavily used by current monitoring systems; thus, it is time to focus on novel methods of encrypted traffic analysis and classification. The aim of this paper is to define a new network traffic characteristic called Sequence of packet Burst Length and Time (SBLT), which was inspired by existing approaches and definitions. Contrary to other works, SBLT is feasible even for high-speed backbone networks as a part of IP flow data. The advantage of SBLT features is shown using a machine learning classification model for HTTPS traffic types as an example. This paper presents the definition of SBLT, proposes a new annotated public dataset of HTTPS traffic with 5 categories, and evaluates the developed classifier reaching accuracy over 99 %. This classifier can help analysts to deal with a huge amount of encrypted traffic and maintain situational awareness.

Název v anglickém jazyce

Novel HTTPS classifier driven by packet bursts, flows, and machine learning

Popis výsledku anglicky

Encryption of network traffic recently starts to cover remaining readable information, which is heavily used by current monitoring systems; thus, it is time to focus on novel methods of encrypted traffic analysis and classification. The aim of this paper is to define a new network traffic characteristic called Sequence of packet Burst Length and Time (SBLT), which was inspired by existing approaches and definitions. Contrary to other works, SBLT is feasible even for high-speed backbone networks as a part of IP flow data. The advantage of SBLT features is shown using a machine learning classification model for HTTPS traffic types as an example. This paper presents the definition of SBLT, proposes a new annotated public dataset of HTTPS traffic with 5 categories, and evaluates the developed classifier reaching accuracy over 99 %. This classifier can help analysts to deal with a huge amount of encrypted traffic and maintain situational awareness.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20202 - Communication engineering and systems

Projekt

<a href="/cs/project/TH04010073" target="_blank" >TH04010073: Smart ADS</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2021

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 2021 17th International Conference on Network and Service Management

ISBN

978-3-903176-36-2

ISSN

2165-963X

e-ISSN

—

Počet stran výsledku

5

Strana od-do

345-349

Název nakladatele

IEEE

Místo vydání

Piscataway , USA

Místo konání akce

Izmir, Turecko

Datum konání akce

25. 10. 2021

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—