Classifying encrypted network traffic based on deep learning

Abstract

An enormous IP traffic growth in the last decade has resulted in new requirements regarding network security. With the traffic growth, the cybersecurity is also changing.It is difficult to apply security measures because of the bigger traffic amount and new applications and services. A large percentage of network traffic, as well as network attacks, is encrypted, and it is important to recognize an attack quickly to prevent any damage to the running system. With traditional methods of traffic classification, such as the port-based traffic detection and deep packet inspection, it is very difficult to follow the demand of the modern traffic classification. In this thesis, machine learning is used as a solution to this problem. We developed a machine learning model based on binary classification which is able to detect attacks in encrypted network traffic. Our classification uses a new feature set, which consists of the following: the frame length, the time between packets in the flow and the direction of the flow. These are important features for us because their values do not change in encrypted traffic. The results open new discussions and change the view on today's traffic classification.