Encrypted traffic classification plays a critical role in network management, providing appropriate Quality-of-Service and Network Intrusion Detection. Conventional port-based deep packet inspection approaches cannot classify encrypted effectively. Methods based on machine learning can by extracting statistical features of the flow. However, they require manual extraction features. Recent studi...

The ability to accurately classify network traffic and to perform timely detection of the presence of unwanted classes of traffic has important implications for network operations and security. In recent years, classification has become more challenging due to applications that use ports that are not wellknown, that overload or masquerade with other applications’ well-known ports, and that may ...

The rapidly growing encrypted traffic hides a large number of malicious behaviours. difficulty collecting and labelling makes the class distribution dataset seriously imbalanced, which leads to poor generalisation ability classification model. To solve this problem, new representation learning method in its diversity enhancement model are proposed, uses images represent samples. First, is trans...

Cyber criminals may abuse open wireless networks or those with weak encryption for cyber crimes. Assume surveillance has identified suspect traffic such as child porn downloading traffic on the Internet. To locate such criminals, law enforcement has to first identify which mobile (MAC) is generating suspect traffic behind a wireless router. The challenge is how to correlate the private wireless...

Network-based Intrusion Detection Systems (NIDSs) monitor network traffic for signs of malicious activities that have the potential to disrupt entire network infrastructures and services. NIDS can only operate when the network traffic is available and can be extracted for analysis. However, with the growing use of encrypted networks such as Virtual Private Networks (VPNs) that encrypt and conce...

In a re-identification attack, an adversary analyzes the sizes of intercepted encrypted VoIP packets to infer characteristics of the underlying audio— for example, the language or individual phrases spoken on the encrypted VoIP call. Traffic morphing has been proposed as a general solution for defending against such attacks. In traffic morphing, the sender pads ciphertext to obfuscate the distr...

Privacy on the Internet has become a priority, and several efforts have been devoted to limit leakage of personal information. Domain names, both in TLS Client Hello DNS traffic, are among last pieces information still visible an observer network. The Encrypted extension for TLS, over HTTPS or QUIC protocols aim further increase network confidentiality by encrypting domain names visited servers...

The widespread deployment of end-to-end encryption protocols such as HTTPS and QUIC has reduced the visibility for operators into traffic on their networks. Network operators need the visibility to monitor and mitigate Quality of Experience (QoE) impairments in popular applications such as video streaming. To address this problem, we propose a machine learning based approach to monitor QoE metr...