Entropy Estimation for Real-Time Encrypted Traffic Identification (Short Paper)
نویسندگان
چکیده
This paper describes a novel approach to classify network traffic into encrypted and unencrypted traffic. The classifier is able to operate in real-time as only the first packet of each flow is processed. The main metric used for classification is an estimation of the entropy of the first packet payload. The approach is evaluated based on encrypted ground truth traces and on real network traces. Encrypted traffic such as Skype, or encrypted eDonkey traffic are detected as encrypted with probability higher than 94%. Unencrypted protocols such as SMTP, HTTP, POP3 or FTP are detected as unencrypted with probability higher than 99.9%. The presented approach, named real-time encrypted traffic detector (RTETD), is well suited to operate as pre-filter for advanced classification approaches to enable their applicability on increased bandwidth.
منابع مشابه
Real-Time Detection of Encrypted Traffic based on Entropy Estimation
This thesis investigates the topic of using entropy estimation for traffic classification. A real-time encrypted traffic detector (RT-ETD) which is able to classify traffic in encrypted and unencrypted traffic is proposed. The performance of the RT-ETD is evaluated on ground truth and real network traces. This thesis is opened by some introductory chapters on entropy, pattern recognition, user ...
متن کاملRealtime Encrypted Traffic Identification using Machine Learning
Accurate network traffic identification plays important roles in many areas such as traffic engineering, QoS and intrusion detection etc. The emergence of many new encrypted applications which use dynamic port numbers and masquerading techniques causes the most challenging problem in network traffic identification field. One of the challenging issues for existing traffic identification methods ...
متن کاملMarkovian Delay Prediction-Based Control of Networked Systems
A new Markov-based method for real time prediction of network transmission time delays is introduced. The method considers a Multi-Layer Perceptron (MLP) neural model for the transmission network, where the number of neurons in the input layer is minimized so that the required calculations are reduced and the method can be implemented in the real-time. For this purpose, the Markov process order...
متن کاملClassification of encrypted traffic for applications based on statistical features
Traffic classification plays an important role in many aspects of network management such as identifying type of the transferred data, detection of malware applications, applying policies to restrict network accesses and so on. Basic methods in this field were using some obvious traffic features like port number and protocol type to classify the traffic type. However, recent changes in applicat...
متن کاملFramework for Traffic Pattern Identification: Required Step for Short-term Forecasting
In the world of transport management, the term ‘anticipation’ is gradually replacing ‘reaction’. Indeed, the ability to forecast traffic evolution in a network should ideally form the basis for many traffic management strategies and multiple ITS applications. Real-time prediction capabilities are therefore becoming a concrete need for the management of networks, both for urban and interurban en...
متن کامل