| Summary: | As an essential function of encrypted Internet traffic analysis, encrypted traffic service classification can support both coarse-grained network service traffic management and security supervision. However, the traditional plaintext-based Deep Packet Inspection (DPI) method cannot be applied to such a classification. Moreover, machine learning-based existing methods encounter two problems during feature selection: complex feature overcost processing and Transport Layer Security (TLS) version discrepancy. In this paper, we consider differences between encryption network protocol stacks and propose a composite deep learning-based method in multiprotocol environments using a sliding multiple Protocol Data Unit (multiPDU) length sequence as features by fully utilizing the Markov property in a multiPDU length sequence and maintaining suitability with a TLS-1.3 environment. Control experiments show that both Length-Sensitive (LS) composite deep learning model using a capsule neural network and LS-long short time memory achieve satisfactory effectiveness in F1-score and performance. Owing to faster feature extraction, our method is suitable for actual network environments and superior to state-of-the-art methods.
|
|---|