Encrypted traffic classification based on packet length distribution of sampling sequence
A hypothesis testing-based statistical decision model (HTSDM) for application identification of encrypted traf-fic was presented.HTSDM was based on packet length distribution of deterministic sampling sequence at flow level,which was characterized by packet positions,packet directions,packet sizes,p...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2015-09-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2015171/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539684771037184 |
|---|---|
| author | Chang-xi GAO Ya-biao WU Cong WANG |
| author_facet | Chang-xi GAO Ya-biao WU Cong WANG |
| author_sort | Chang-xi GAO |
| collection | DOAJ |
| description | A hypothesis testing-based statistical decision model (HTSDM) for application identification of encrypted traf-fic was presented.HTSDM was based on packet length distribution of deterministic sampling sequence at flow level,which was characterized by packet positions,packet directions,packet sizes,packet arrival continuity and packet arrival order.HTSDM boosted deep packet inspection (DPI) by introducing constraints of packet position and direction as well as inter-flow correlation action.A hybrid method of encrypted traffic classification combining DPI and dynamic flow in-spection (DFI) was proposed based on HTSDM.Experiment results show that this method can effectively identify the unique statistical traffic behavior of encrypted application in flow coordinate space,and achieve high precision,recall and overall accuracy while keeping low false positive rate (FPR) and overall FPR. |
| format | Article |
| id | doaj-art-c1ec72d6f8be4dc6bf6724f4055dfe49 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2015-09-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-c1ec72d6f8be4dc6bf6724f4055dfe492025-01-14T06:53:31ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2015-09-0136657559695405Encrypted traffic classification based on packet length distribution of sampling sequenceChang-xi GAOYa-biao WUCong WANGA hypothesis testing-based statistical decision model (HTSDM) for application identification of encrypted traf-fic was presented.HTSDM was based on packet length distribution of deterministic sampling sequence at flow level,which was characterized by packet positions,packet directions,packet sizes,packet arrival continuity and packet arrival order.HTSDM boosted deep packet inspection (DPI) by introducing constraints of packet position and direction as well as inter-flow correlation action.A hybrid method of encrypted traffic classification combining DPI and dynamic flow in-spection (DFI) was proposed based on HTSDM.Experiment results show that this method can effectively identify the unique statistical traffic behavior of encrypted application in flow coordinate space,and achieve high precision,recall and overall accuracy while keeping low false positive rate (FPR) and overall FPR.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2015171/encrypted traffic classificationapplication identificationdeep packet inspectiondynamic flow inspectionhybrid method |
| spellingShingle | Chang-xi GAO Ya-biao WU Cong WANG Encrypted traffic classification based on packet length distribution of sampling sequence Tongxin xuebao encrypted traffic classification application identification deep packet inspection dynamic flow inspection hybrid method |
| title | Encrypted traffic classification based on packet length distribution of sampling sequence |
| title_full | Encrypted traffic classification based on packet length distribution of sampling sequence |
| title_fullStr | Encrypted traffic classification based on packet length distribution of sampling sequence |
| title_full_unstemmed | Encrypted traffic classification based on packet length distribution of sampling sequence |
| title_short | Encrypted traffic classification based on packet length distribution of sampling sequence |
| title_sort | encrypted traffic classification based on packet length distribution of sampling sequence |
| topic | encrypted traffic classification application identification deep packet inspection dynamic flow inspection hybrid method |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2015171/ |
| work_keys_str_mv | AT changxigao encryptedtrafficclassificationbasedonpacketlengthdistributionofsamplingsequence AT yabiaowu encryptedtrafficclassificationbasedonpacketlengthdistributionofsamplingsequence AT congwang encryptedtrafficclassificationbasedonpacketlengthdistributionofsamplingsequence |