Novel HTTPS classifier driven by packet bursts, flows, and machine learning
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F21%3A10133378" target="_blank" >RIV/63839172:_____/21:10133378 - isvavai.cz</a>
Nalezeny alternativní kódy
RIV/68407700:21240/21:00353112
Výsledek na webu
<a href="http://dx.doi.org/10.23919/CNSM52442.2021.9615561" target="_blank" >http://dx.doi.org/10.23919/CNSM52442.2021.9615561</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.23919/CNSM52442.2021.9615561" target="_blank" >10.23919/CNSM52442.2021.9615561</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Novel HTTPS classifier driven by packet bursts, flows, and machine learning
Popis výsledku v původním jazyce
Encryption of network traffic recently starts to cover remaining readable information, which is heavily used by current monitoring systems; thus, it is time to focus on novel methods of encrypted traffic analysis and classification. The aim of this paper is to define a new network traffic characteristic called Sequence of packet Burst Length and Time (SBLT), which was inspired by existing approaches and definitions. Contrary to other works, SBLT is feasible even for high-speed backbone networks as a part of IP flow data. The advantage of SBLT features is shown using a machine learning classification model for HTTPS traffic types as an example. This paper presents the definition of SBLT, proposes a new annotated public dataset of HTTPS traffic with 5 categories, and evaluates the developed classifier reaching accuracy over 99 %. This classifier can help analysts to deal with a huge amount of encrypted traffic and maintain situational awareness.
Název v anglickém jazyce
Novel HTTPS classifier driven by packet bursts, flows, and machine learning
Popis výsledku anglicky
Encryption of network traffic recently starts to cover remaining readable information, which is heavily used by current monitoring systems; thus, it is time to focus on novel methods of encrypted traffic analysis and classification. The aim of this paper is to define a new network traffic characteristic called Sequence of packet Burst Length and Time (SBLT), which was inspired by existing approaches and definitions. Contrary to other works, SBLT is feasible even for high-speed backbone networks as a part of IP flow data. The advantage of SBLT features is shown using a machine learning classification model for HTTPS traffic types as an example. This paper presents the definition of SBLT, proposes a new annotated public dataset of HTTPS traffic with 5 categories, and evaluates the developed classifier reaching accuracy over 99 %. This classifier can help analysts to deal with a huge amount of encrypted traffic and maintain situational awareness.
Klasifikace
Druh
D - Stať ve sborníku
CEP obor
—
OECD FORD obor
20202 - Communication engineering and systems
Návaznosti výsledku
Projekt
<a href="/cs/project/TH04010073" target="_blank" >TH04010073: Smart ADS</a><br>
Návaznosti
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Ostatní
Rok uplatnění
2021
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název statě ve sborníku
Proceedings of the 2021 17th International Conference on Network and Service Management
ISBN
978-3-903176-36-2
ISSN
2165-963X
e-ISSN
—
Počet stran výsledku
5
Strana od-do
345-349
Název nakladatele
IEEE
Místo vydání
Piscataway , USA
Místo konání akce
Izmir, Turecko
Datum konání akce
25. 10. 2021
Typ akce podle státní příslušnosti
WRD - Celosvětová akce
Kód UT WoS článku
—