A new classification method for encrypted internet traffic using machine learning
Yıl: 2021 Cilt: 29 Sayı: 5 Sayfa Aralığı: 2450 - 2468 Metin Dili: İngilizce DOI: 10.3906/elk-2011-31 İndeks Tarihi: 24-06-2022
A new classification method for encrypted internet traffic using machine learning
Öz: The rate of internet usage in the world is over 62% and this rate is increasing day by day. With this increase,
it becomes important to ensure the confidentiality of the information in the traffic flowing over the internet. Encryption
algorithms and protocols are used for this purpose. This situation, which is beneficial for normal users, is also used
by attackers to hide. Cyber attackers or hackers gain the ability to bypass security precautions such as IDS/IPS and
antivirus systems with using encrypted traffic. Since payload analysis cannot be performed without deciphering the
encrypted traffic, existing commercial security solutions fall short in this situation. In this study, it is aimed to classify
the network traffic by analysing the outgoing and incoming data over the encrypted traffic using extreme gradient
boosting (XGBoost), decision tree and random forest classification methods. Thus, without deciphering, it is possible
to classify packets passing through encrypted traffic using some metadata like size and duration and to take precautions
against attacks. ISCX VPN-NonVPN dataset was used to test the proposed model in this study. With the created
framework, encrypted traffic was classified with a high success rate and 94.53% success was achieved by using the
XGBoost classification method.
Anahtar Kelime: Belge Türü: Makale Makale Türü: Araştırma Makalesi Erişim Türü: Erişime Açık
- [1] Brissaud P, François J, Chrisment I, Cholez T, Bettan O. Transparent and Service-Agnostic Monitoring of Encrypted Web Traffic. IEEE Transactions on Network and Service Management 2019; 16 (3): 842-856. doi: 10.1109/TNSM.2019.2933155
- [2] Devi TR. Importance of cryptography in network security. In: International Conference on Communication Systems and Network Technologies; Gwalior, India; 2013. pp. 462-467. doi: 10.1109/CSNT.2013.102
- [3] Nguyen NH. SSL/TLS Interception Challenge from the Shadow to the Light. Rockville, MD, USA: The SANS Institute (SANS Information Security Reading Room), 2019.
- [4] Radivilova T, Kirichenko L, Ageyev D, Tawalbeh M, Bulakh V. Decrypting SSL/TLS traffic for hidden threats detection. In: IEEE 9th International Conference on Dependable Systems, Services and Technologies; Kiev, Ukraine; 2018. pp. 143-146. doi: 10.1109/DESSERT.2018.8409116
- [5] Wood D, Stoss V, Chan-Lizardo L, Papacostas GS, Stinson ME. Virtual private networks. In: International Conference on Private Switching Systems and Networks; London, UK; 1988. pp. 132-136.
- [6] Mao H, Zhu L, Qin H. A Comparative research on SSL VPN and IPSec VPN. In: 8th International Conference on Wireless Communications, Networking and Mobile Computing; Shanghai, China; 2012. pp. 1-4. doi: 10.1109/WiCOM.2012.6478270
- [7] Piscitello D, Chapin AL. Open Systems Networking: Tcp/Ip and Osi. Reading, MA, USA: Addison-Wesley, 1993.
- [8] Stanton R. Securing VPNs: comparing SSL and IPsec. Computer Fraud & Security; 2005 (9): 17-19. doi: 10.1016/S1361-3723(05)70254-2
- [9] El-Maghraby RT, Elazim NMA, Bahaa-Eldin AM. A survey on deep packet inspection. In: 12th International Conference on Computer Engineering and Systems; Cairo, Egypt; 2017. pp. 188-197. doi: 10.1109/ICCES.2017.8275301
- [10] Alshammari R, Zincir-Heywood AN. Machine learning based encrypted traffic classification: identifying SSH and Skype. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications; Ottawa, ON, Canada; 2009. pp. 1-8. doi: 10.1109/CISDA.2009.5356534
- [11] Di Mauro M, Longo M. Revealing encrypted WebRTC traffic via machine learning tools. In: 12th International Joint Conference on e-Business and Telecommunications; Colmar, France; 2015. pp. 259-266.
- [12] Draper-Gil G, Lashkari AH, Mamun MSI, Ghorbani AA. Characterization of encrypted and VPN traffic using time-related features. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy; Rome, Italy; pp. 407-414. doi: 10.5220/0005740704070414
- [13] Seddigh N, Nandy B, Bennett D, Ren Y, Dolgikh S et al. A framework & system for classification of encrypted network traffic using machine Learning. In: 15th International Conference on Network and Service Management; Halifax, NS, Canada; 2019. pp. 1-5. doi: 10.23919/CNSM46954.2019.9012662
- [14] Caicedo-Muñoz JA, Espino AL, Corrales JC, Rendón A.QoS-Classifier for VPN and Non-VPN traffic based on time-related features.Computer Networks 2018; 144: 271-279. doi: 10.1016/j.comnet.2018.08.008
- [15] Saqib NA, Shakeel Y, Khan MA, Mahmood H, Zia M. An effective empirical approach to VoIP traffic classification. Turkish Journal of Electrical Engineering & Computer Sciences 2017; 25 (2): 888-900. doi: 10.3906/elk-1501-126
- [16] Zhang Y, Zhao S, Zhang J, Ma X, Huang F. STNN: a novel TLS/SSL encrypted traffic classification system based on stereo transform neural network. In: IEEE 25th International Conference on Parallel and Distributed Systems; Tianjin, China; 2019. pp. 907-910. doi: 10.1109/ICPADS47876.2019.00133
- [17] Chari M, Srinidhi H, Somu TE. Network traffic classification by packet length signature extraction. In: IEEE International WIE Conference on Electrical and Computer Engineering; Bangalore, India; 2019. pp. 1-4. doi: 10.1109/WIECON-ECE48653.2019.9019918
- [18] Pradhan A, Behera S, Dash R. Hybrid RBFN based encrypted SSH traffic classification. In: 5th International Conference on Signal Processing and Integrated Networks; Noida, India; 2018. pp. 264-269. doi: 10.1109/SPIN.2018.8474059
- [19] Yang Y, Kang C, Gou G, Li Z, Xiong G. TLS/SSL encrypted traffic classification with autoencoder and convolutional neural network. In: IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems; Exeter, UK; 2018. pp. 362-369. doi: 10.1109/HPCC/SmartCity/DSS.2018.00079
- [20] Al-Obaidy F, Momtahen S, Hossain MF, Mohammadi F. Encrypted traffic classification based ML for identifying different social media applications. In: IEEE Canadian Conference of Electrical and Computer Engineering; Edmonton, AB, Canada; 2019. pp. 1-5. doi: 10.1109/CCECE.2019.8861934
- [21] Khatouni AS, Zincir-Heywood N. Integrating machine learning with off-the-shelf traffic flow features for HTTP/HTTPS traffic classification. In: IEEE Symposium on Computers and Communications; Barcelona, Spain; 2019. pp. 1-7. doi: 10.1109/ISCC47284.2019.8969578
- [22] Chawla NV, Bowyer KW, Hall LO, Kegelmeyer WP. SMOTE: synthetic minority over-sampling technique. Journal of Artificial Intelligence Research 2002; 16: 321-357. doi: 10.1613/jair.953
- [23] Quinlan JR. Induction of decision trees. Machine Learning 1986; 1: 81-106. doi: 10.1007/BF00116251
- [24] Breiman L. Random forests. Machine Learning 2001; 45: 5-32. doi: 10.1023/A:1010933404324
- [25] Sukhpreet SD, Abdullah-Al N, Robert A. Effective intrusion detection system using XGBoost. Information 2018; 9 (7): 1-24. doi: 10.3390/info9070149.
- [26] Huajun C, Ranjin D, Zhen L, Huan X. Android Malware classification using XGBoost based on Images. In: IEEE 4th Information Technology and Mechatronics Engineering Conference Patterns; Chongqing, China; 2018. pp. 1358- 1362. doi: 10.1109/ITOEC.2018.8740537
- [27] Di W, Peiqi G, Peng W. Malware detection based on cascading XGBoost and cost sensitive. In: International Conference on Computer Communication and Network Security; Xi’an, China; 2020. pp. 201-205. doi: 10.1109/CCNS50731.2020.00051
- [28] Zhuo C, Fu J, Yijun C, Xin G, Weirong L, Jun P. XGBoost Classifier for DDoS attack detection and analysis in SDN-based cloud. In: IEEE International Conference on Big Data and Smart Computing; Shanghai; 2018. pp. 251-256. doi: 10.1109/BigComp.2018.00044
- [29] Chen T, Guestrin C. XGBoost: a scalable tree boosting system. In: KDD 2016: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining; San Francisco, CA, USA; 2016. pp. 785-794. doi: 10.1145/2939672.2939785
- [30] Jiong W, Boquan L, Yuwei Z. XGBoost-Based Android Malware Detection. In: 13th International Conference on Computational Intelligence and Security (CIS); Hong Kong, China; 2017. pp. 268-272. doi: 10.1109/CIS.2017.00065
- [31] Uddin MF. Addressing accuracy paradox using enhanched weighted performance metric in machine learning. In: Sixth HCT Information Technology Trends; Ras Al Khaimah, United Arab Emirates; 2019. pp. 319-324. doi: 10.1109/ITT48889.2019.9075071
- [32] Powers DMW. Evaluation: From Precision, Recall and F-Factor to ROC, Informedness, Markedness & Correlation. Adelaide, Australia: Technical Report School of Informatics and Engineering, Flinders University, 2007.
- [33] Göksel U, Mustafa A, İbrahim AD, Murat D. Perimeter network security solutions: a survey. In: 3rd International Symposium on Multidisciplinary Studies and Innovative Technologies; Ankara, Turkey; 2019. pp. 1-6. doi: 10.1109/ISMSIT.2019.8932821
| APA | UĞURLU M, Dogru I, ARSLAN R (2021). A new classification method for encrypted internet traffic using machine learning . , 2450 - 2468. 10.3906/elk-2011-31 |
| Chicago | UĞURLU MESUT,Dogru Ibrahım Alper,ARSLAN Recep Sinan A new classification method for encrypted internet traffic using machine learning . (2021): 2450 - 2468. 10.3906/elk-2011-31 |
| MLA | UĞURLU MESUT,Dogru Ibrahım Alper,ARSLAN Recep Sinan A new classification method for encrypted internet traffic using machine learning . , 2021, ss.2450 - 2468. 10.3906/elk-2011-31 |
| AMA | UĞURLU M,Dogru I,ARSLAN R A new classification method for encrypted internet traffic using machine learning . . 2021; 2450 - 2468. 10.3906/elk-2011-31 |
| Vancouver | UĞURLU M,Dogru I,ARSLAN R A new classification method for encrypted internet traffic using machine learning . . 2021; 2450 - 2468. 10.3906/elk-2011-31 |
| IEEE | UĞURLU M,Dogru I,ARSLAN R "A new classification method for encrypted internet traffic using machine learning ." , ss.2450 - 2468, 2021. 10.3906/elk-2011-31 |
| ISNAD | UĞURLU, MESUT vd. "A new classification method for encrypted internet traffic using machine learning ". (2021), 2450-2468. https://doi.org/10.3906/elk-2011-31 |
| APA | UĞURLU M, Dogru I, ARSLAN R (2021). A new classification method for encrypted internet traffic using machine learning . Turkish Journal of Electrical Engineering and Computer Sciences, 29(5), 2450 - 2468. 10.3906/elk-2011-31 |
| Chicago | UĞURLU MESUT,Dogru Ibrahım Alper,ARSLAN Recep Sinan A new classification method for encrypted internet traffic using machine learning . Turkish Journal of Electrical Engineering and Computer Sciences 29, no.5 (2021): 2450 - 2468. 10.3906/elk-2011-31 |
| MLA | UĞURLU MESUT,Dogru Ibrahım Alper,ARSLAN Recep Sinan A new classification method for encrypted internet traffic using machine learning . Turkish Journal of Electrical Engineering and Computer Sciences, vol.29, no.5, 2021, ss.2450 - 2468. 10.3906/elk-2011-31 |
| AMA | UĞURLU M,Dogru I,ARSLAN R A new classification method for encrypted internet traffic using machine learning . Turkish Journal of Electrical Engineering and Computer Sciences. 2021; 29(5): 2450 - 2468. 10.3906/elk-2011-31 |
| Vancouver | UĞURLU M,Dogru I,ARSLAN R A new classification method for encrypted internet traffic using machine learning . Turkish Journal of Electrical Engineering and Computer Sciences. 2021; 29(5): 2450 - 2468. 10.3906/elk-2011-31 |
| IEEE | UĞURLU M,Dogru I,ARSLAN R "A new classification method for encrypted internet traffic using machine learning ." Turkish Journal of Electrical Engineering and Computer Sciences, 29, ss.2450 - 2468, 2021. 10.3906/elk-2011-31 |
| ISNAD | UĞURLU, MESUT vd. "A new classification method for encrypted internet traffic using machine learning ". Turkish Journal of Electrical Engineering and Computer Sciences 29/5 (2021), 2450-2468. https://doi.org/10.3906/elk-2011-31 |
