Length matters: Scalable fast encrypted internet traffic service classification based on multiple protocol data unit length sequence with composite deep learning
As an essential function of encrypted Internet traffic analysis, encrypted traffic service classification can support both coarse-grained network service traffic management and security supervision. However, the traditional plaintext-based Deep Packet Inspection (DPI) method cannot be applied to suc...
Main Authors: | , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
KeAi Communications Co., Ltd.
2022-06-01
|
Series: | Digital Communications and Networks |
Subjects: | |
Online Access: | http://www.sciencedirect.com/science/article/pii/S2352864821000699 |
_version_ | 1811333014776446976 |
---|---|
author | Zihan Chen Guang Cheng Ziheng Xu Shuyi Guo Yuyang Zhou Yuyu Zhao |
author_facet | Zihan Chen Guang Cheng Ziheng Xu Shuyi Guo Yuyang Zhou Yuyu Zhao |
author_sort | Zihan Chen |
collection | DOAJ |
description | As an essential function of encrypted Internet traffic analysis, encrypted traffic service classification can support both coarse-grained network service traffic management and security supervision. However, the traditional plaintext-based Deep Packet Inspection (DPI) method cannot be applied to such a classification. Moreover, machine learning-based existing methods encounter two problems during feature selection: complex feature overcost processing and Transport Layer Security (TLS) version discrepancy. In this paper, we consider differences between encryption network protocol stacks and propose a composite deep learning-based method in multiprotocol environments using a sliding multiple Protocol Data Unit (multiPDU) length sequence as features by fully utilizing the Markov property in a multiPDU length sequence and maintaining suitability with a TLS-1.3 environment. Control experiments show that both Length-Sensitive (LS) composite deep learning model using a capsule neural network and LS-long short time memory achieve satisfactory effectiveness in F1-score and performance. Owing to faster feature extraction, our method is suitable for actual network environments and superior to state-of-the-art methods. |
first_indexed | 2024-04-13T16:46:41Z |
format | Article |
id | doaj.art-9bcd5892b42a48d281aaef9adf80b88d |
institution | Directory Open Access Journal |
issn | 2352-8648 |
language | English |
last_indexed | 2024-04-13T16:46:41Z |
publishDate | 2022-06-01 |
publisher | KeAi Communications Co., Ltd. |
record_format | Article |
series | Digital Communications and Networks |
spelling | doaj.art-9bcd5892b42a48d281aaef9adf80b88d2022-12-22T02:39:04ZengKeAi Communications Co., Ltd.Digital Communications and Networks2352-86482022-06-0183289302Length matters: Scalable fast encrypted internet traffic service classification based on multiple protocol data unit length sequence with composite deep learningZihan Chen0Guang Cheng1Ziheng Xu2Shuyi Guo3Yuyang Zhou4Yuyu Zhao5School of Cyber Science and Engineering, Southeast University, Nanjing, 211189, China; Key Laboratory of Computer Network and Information Integration, Ministry of Education, Nanjing, 211189, China; Purple Mountain Laboratories, Nanjing, 211111, ChinaSchool of Cyber Science and Engineering, Southeast University, Nanjing, 211189, China; Key Laboratory of Computer Network and Information Integration, Ministry of Education, Nanjing, 211189, China; Purple Mountain Laboratories, Nanjing, 211111, China; Corresponding author.School of Cyber Science and Engineering, Southeast University, Nanjing, 211189, China; Key Laboratory of Computer Network and Information Integration, Ministry of Education, Nanjing, 211189, ChinaSchool of Cyber Science and Engineering, Southeast University, Nanjing, 211189, China; Key Laboratory of Computer Network and Information Integration, Ministry of Education, Nanjing, 211189, ChinaSchool of Cyber Science and Engineering, Southeast University, Nanjing, 211189, China; Key Laboratory of Computer Network and Information Integration, Ministry of Education, Nanjing, 211189, China; Purple Mountain Laboratories, Nanjing, 211111, ChinaSchool of Cyber Science and Engineering, Southeast University, Nanjing, 211189, China; Key Laboratory of Computer Network and Information Integration, Ministry of Education, Nanjing, 211189, China; Purple Mountain Laboratories, Nanjing, 211111, ChinaAs an essential function of encrypted Internet traffic analysis, encrypted traffic service classification can support both coarse-grained network service traffic management and security supervision. However, the traditional plaintext-based Deep Packet Inspection (DPI) method cannot be applied to such a classification. Moreover, machine learning-based existing methods encounter two problems during feature selection: complex feature overcost processing and Transport Layer Security (TLS) version discrepancy. In this paper, we consider differences between encryption network protocol stacks and propose a composite deep learning-based method in multiprotocol environments using a sliding multiple Protocol Data Unit (multiPDU) length sequence as features by fully utilizing the Markov property in a multiPDU length sequence and maintaining suitability with a TLS-1.3 environment. Control experiments show that both Length-Sensitive (LS) composite deep learning model using a capsule neural network and LS-long short time memory achieve satisfactory effectiveness in F1-score and performance. Owing to faster feature extraction, our method is suitable for actual network environments and superior to state-of-the-art methods.http://www.sciencedirect.com/science/article/pii/S2352864821000699Encrypted internet trafficEncrypted traffic service classificationMultiPDU length sequenceLength sensitive composite deep learningTLS-1.3 |
spellingShingle | Zihan Chen Guang Cheng Ziheng Xu Shuyi Guo Yuyang Zhou Yuyu Zhao Length matters: Scalable fast encrypted internet traffic service classification based on multiple protocol data unit length sequence with composite deep learning Digital Communications and Networks Encrypted internet traffic Encrypted traffic service classification MultiPDU length sequence Length sensitive composite deep learning TLS-1.3 |
title | Length matters: Scalable fast encrypted internet traffic service classification based on multiple protocol data unit length sequence with composite deep learning |
title_full | Length matters: Scalable fast encrypted internet traffic service classification based on multiple protocol data unit length sequence with composite deep learning |
title_fullStr | Length matters: Scalable fast encrypted internet traffic service classification based on multiple protocol data unit length sequence with composite deep learning |
title_full_unstemmed | Length matters: Scalable fast encrypted internet traffic service classification based on multiple protocol data unit length sequence with composite deep learning |
title_short | Length matters: Scalable fast encrypted internet traffic service classification based on multiple protocol data unit length sequence with composite deep learning |
title_sort | length matters scalable fast encrypted internet traffic service classification based on multiple protocol data unit length sequence with composite deep learning |
topic | Encrypted internet traffic Encrypted traffic service classification MultiPDU length sequence Length sensitive composite deep learning TLS-1.3 |
url | http://www.sciencedirect.com/science/article/pii/S2352864821000699 |
work_keys_str_mv | AT zihanchen lengthmattersscalablefastencryptedinternettrafficserviceclassificationbasedonmultipleprotocoldataunitlengthsequencewithcompositedeeplearning AT guangcheng lengthmattersscalablefastencryptedinternettrafficserviceclassificationbasedonmultipleprotocoldataunitlengthsequencewithcompositedeeplearning AT zihengxu lengthmattersscalablefastencryptedinternettrafficserviceclassificationbasedonmultipleprotocoldataunitlengthsequencewithcompositedeeplearning AT shuyiguo lengthmattersscalablefastencryptedinternettrafficserviceclassificationbasedonmultipleprotocoldataunitlengthsequencewithcompositedeeplearning AT yuyangzhou lengthmattersscalablefastencryptedinternettrafficserviceclassificationbasedonmultipleprotocoldataunitlengthsequencewithcompositedeeplearning AT yuyuzhao lengthmattersscalablefastencryptedinternettrafficserviceclassificationbasedonmultipleprotocoldataunitlengthsequencewithcompositedeeplearning |