Encrypted traffic classification based on packet length distribution of sampling sequence

Encrypted traffic classification based on packet length distribution of sampling sequence

A hypothesis testing-based statistical decision model (HTSDM) for application identification of encrypted traf-fic was presented.HTSDM was based on packet length distribution of deterministic sampling sequence at flow level,which was characterized by packet positions,packet directions,packet sizes,p...

Full description

Saved in:
Bibliographic Details
Main Authors: Chang-xi GAO, Ya-biao WU, Cong WANG
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2015-09-01
Series:Tongxin xuebao
Subjects:
encrypted traffic classification
application identification
deep packet inspection
dynamic flow inspection
hybrid method
Online Access:http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2015171/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A hypothesis testing-based statistical decision model (HTSDM) for application identification of encrypted traf-fic was presented.HTSDM was based on packet length distribution of deterministic sampling sequence at flow level,which was characterized by packet positions,packet directions,packet sizes,packet arrival continuity and packet arrival order.HTSDM boosted deep packet inspection (DPI) by introducing constraints of packet position and direction as well as inter-flow correlation action.A hybrid method of encrypted traffic classification combining DPI and dynamic flow in-spection (DFI) was proposed based on HTSDM.Experiment results show that this method can effectively identify the unique statistical traffic behavior of encrypted application in flow coordinate space,and achieve high precision,recall and overall accuracy while keeping low false positive rate (FPR) and overall FPR.
ISSN:1000-436X

Similar Items