Abstract
Mobile application identification, as the fundamental technique in the field of network security and management, suffers from a critical problem, namely ‘encrypted traffic’. The proven methods for encrypted traffic identification have a major drawback, which is new come applications continue to suffer from catastrophic forgetting, a dramatic decrease in overall performance when training with new app classes added incrementally. This is due to the current model requiring the entire dataset, consisting of all the samples from the old and the new classes, to update the model. The updating requirement becomes easily unsustainable as the number of apps grows, To address the issue, we propose IncreAIBMF framework to learn deep neural networks incrementally, using new apps data and only a small exemplar set corresponding to samples from the old apps. The key idea behind IncreAIBMF is an incremental learning framework which possesses new application identification ability by incorporating the cross-distilled loss, which can not only learn the new app classes and also retain the previous knowledge corresponding to the old app classes. Our experiment results show that IncreAIBMF achieves 87.3% on Macro Precision, 87.8% on F1 Score and 88.9% on Macro Recall, respectively, on the real-world traces that consists of 50 mobile applications, supports the early prediction, and is robust to the scale of the app classes. Besides, the basic variant of IncreAIBMF, AIBMF is superior to the state-of-the-art methods in terms of identification performance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The message type of SSL/TLS denotes the semantic information of exchange packet, and there are 16 categories in one typical session, including Change Cipher Spec(20), Alert(21), Handshake(22), Hello Request(22:0), Client Hello(22:1), Server Hello(22:2), Hello Verify Request(22:3), New Session Ticket(22:4), Certificate(22:11), Server Key Exchange(22:12), Certificate Request(22:13), Server Hello Done(22:14), Certificate Verify(22:15), Client Key Exchange(22:16), Finished(22:17), Application Data(23).
- 2.
- 3.
References
The 43th china statistical report on internet develop. Technical report, China Internet Network Information Center, CNNIC (2019)
Alshammari, R., Zincir-Heywood, A.N.: Machine learning based encrypted traffic classification: identifying SSH and skype. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–8. IEEE (2009)
Boer, P.T.D., Kroese, D.P., Mannor, S., Rubinstein, R.Y.: A tutorial on the cross-entropy method. Ann. Oper. Res. 134(1), 19–67 (2005). https://doi.org/10.1007/s10479-005-5724-z
Castro, F.M., Marín-Jiménez, M.J., Guil, N., Schmid, C., Alahari, K.: End-to-end incremental learning. In: Ferrari, V., Hebert, M., Sminchisescu, C., Weiss, Y. (eds.) ECCV 2018. LNCS, vol. 11216, pp. 241–257. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01258-8_15
Hinton, G., Vinyals, O., Dean, J.: Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 (2015)
Korczyński, M., Duda, A.: Markov chain fingerprinting to classify encrypted traffic. In: IEEE INFOCOM 2014-IEEE Conference on Computer Communications, pp. 781–789. IEEE (2014)
Li, Z., Hoiem, D.: Learning without forgetting. IEEE Trans. Pattern Anal. Mach. Intell. 40(12), 2935–2947 (2017)
Liu, C., Cao, Z., Xiong, G., Gou, G., Yiu, S.M., He, L.: MaMPF: encrypted traffic classification based on multi-attribute Markov probability fingerprints. In: IEEE/ACM 26th International Symposium on Quality of Service (IWQoS), pp. 1–10. IEEE (2018)
Liu, C., He, L., Xiong, G., Cao, Z., Li, Z.: FS-Net: a flow sequence network for encrypted traffic classification. In: IEEE INFOCOM 2019-IEEE Conference on Computer Communications, pp. 1171–1179. IEEE (2019)
Orsolic, I., Pevec, D., Suznjevic, M., Skorin-Kapov, L.: A machine learning approach to classifying YouTube QoE based on encrypted network traffic. Multimedia Tools Appl. 76(21), 22267–222301 (2017). https://doi.org/10.1007/s11042-017-4728-4
Pukkawanna, S., Blanc, G., Garcia-Alfaro, J., Kadobayashi, Y., Debar, H.: Classification of SSL servers based on their SSL handshake for automated security assessment. In: Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 30–39. IEEE (2014)
Rebuffi, S.A., Kolesnikov, A., Sperl, G., Lampert, C.H.: iCaRL: incremental classifier and representation learning. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2001–2010 (2017)
Rumelhart, D.E., Hinton, G.E., Williams, R.J.: Learning representations by back-propagating errors. Nature 323(6088), 533 (1986)
Shbair, W.M., Cholez, T., François, J., Chrisment, I.: Improving SNI-based https security monitoring. In: IEEE 36th International Conference on Distributed Computing Systems Workshops (ICDCSW), pp. 72–77. IEEE (2016)
Shen, M., Wei, M., Zhu, L., Wang, M.: Classification of encrypted traffic with second-order Markov chains and application attribute bigrams. IEEE Trans. Inf. Forensics Secur. 12(8), 1830–1843 (2017)
Shmelkov, K., Schmid, C., Alahari, K.: Incremental learning of object detectors without catastrophic forgetting. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 3400–3409 (2017)
Tian, M., Chang, P., Sang, Y., Zhang, Y., Li, S.: Mobile application identification over https traffic based on multi-view features. In: 26th International Conference on Telecommunications (ICT), pp. 73–79. IEEE (2019)
Velan, P., Čermák, M., Čeleda, P., Drašar, M.: A survey of methods for encrypted traffic classification and analysis. Int. J. Network Manage. 25(5), 355–374 (2015)
Wang, W., Zhu, M., Wang, J., Zeng, X., Yang, Z.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: IEEE International Conference on Intelligence and Security Informatics, pp. 43–48 (2017)
Welling, M.: Herding dynamical weights to learn. In: Proceedings of the 26th Annual International Conference on Machine Learning, pp. 1121–1128. ACM (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Sang, Y., Tian, M., Zhang, Y., Chang, P., Zhao, S. (2020). IncreAIBMF: Incremental Learning for Encrypted Mobile Application Identification. In: Qiu, M. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2020. Lecture Notes in Computer Science(), vol 12454. Springer, Cham. https://doi.org/10.1007/978-3-030-60248-2_33
Download citation
DOI: https://doi.org/10.1007/978-3-030-60248-2_33
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-60247-5
Online ISBN: 978-3-030-60248-2
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)