A Survey of Methods for Encrypted Traffic Classification and Analysis
| Authors | |
|---|---|
| Year of publication | 2015 |
| Type | Article in Periodical |
| Magazine / Source | International Journal of Network Management |
| MU Faculty or unit | |
| Citation | |
| Web | |
| Doi | http://dx.doi.org/10.1002/nem.1901 |
| Field | Informatics |
| Keywords | encrypted traffic; monitoring; network; traffic classification; traffic analysis; machine learning; encryption protocols |
| Attached files | |
| Description | With the widespread use of encrypted data transport network traffic encryption is becoming a standard nowadays. This presents a challenge for traffic measurement, especially for analysis and anomaly detection methods which are dependent on the type of network traffic. In this paper, we survey existing approaches for classification and analysis of encrypted traffic. First, we describe the most widespread encryption protocols used throughout the Internet. We show that the initiation of an encrypted connection and the protocol structure give away a lot of information for encrypted traffic classification and analysis. Then, we survey payload and feature-based classification methods for encrypted traffic and categorize them using an established taxonomy. The advantage of some of described classification methods is the ability to recognize the encrypted application protocol in addition to the encryption protocol. Finally, we make a comprehensive comparison of the surveyed feature-based classification methods and present their weaknesses and strengths. |