Encrypted traffic classification: the QUIC case

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F23%3A10133605" target="_blank" >RIV/63839172:_____/23:10133605 - isvavai.cz</a>

Nalezeny alternativní kódy

RIV/68407700:21240/23:00367475

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/10199052" target="_blank" >https://ieeexplore.ieee.org/document/10199052</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.23919/TMA58422.2023.10199052" target="_blank" >10.23919/TMA58422.2023.10199052</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Encrypted traffic classification: the QUIC case

Popis výsledku v původním jazyce

The QUIC protocol is a new reliable and secure transport protocol that is an alternative to TLS over TCP. However, compared to TLS, QUIC obfuscates the connection hand-shake and the server name indication domain, making a simple inspection more challenging. The classification of QUIC traffic has also received less attention than that of TLS. In this work, we present a comprehensive study aiming to explore the challenges of QUIC traffic classification. We selected three models: 1) multi-modal CNN, 2) LighGBM, and 3) IP-based classifier, and evaluated their properties using a large one-month CESNET-QUIC22 dataset with 102 web service labels. The developed classifiers reached up to 88% accuracy and set the new baseline in fine-grained QUIC service classification. Moreover, the real nature of the dataset and its long time span allowed us to collect a number of insights and measure the classifiers&apos; performance in the presence of data drift.

Název v anglickém jazyce

Encrypted traffic classification: the QUIC case

Popis výsledku anglicky

The QUIC protocol is a new reliable and secure transport protocol that is an alternative to TLS over TCP. However, compared to TLS, QUIC obfuscates the connection hand-shake and the server name indication domain, making a simple inspection more challenging. The classification of QUIC traffic has also received less attention than that of TLS. In this work, we present a comprehensive study aiming to explore the challenges of QUIC traffic classification. We selected three models: 1) multi-modal CNN, 2) LighGBM, and 3) IP-based classifier, and evaluated their properties using a large one-month CESNET-QUIC22 dataset with 102 web service labels. The developed classifiers reached up to 88% accuracy and set the new baseline in fine-grained QUIC service classification. Moreover, the real nature of the dataset and its long time span allowed us to collect a number of insights and measure the classifiers&apos; performance in the presence of data drift.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20202 - Communication engineering and systems

Projekt

<a href="/cs/project/VJ02010024" target="_blank" >VJ02010024: Analýza šifrovaného provozu pomocí síťových toků</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Network Traffic Measurement and Analysis Conference (TMA), 2023 7th

ISBN

978-3-903176-58-4

ISSN

—

e-ISSN

—

Počet stran výsledku

10

Strana od-do

—

Název nakladatele

IEEE

Místo vydání

Piscataway , USA

Místo konání akce

Napoli, Itálie

Datum konání akce

26. 6. 2023

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—