Abstract
At present, encryption technologies are widely applied in the network, providing a lot of opportunities for attackers to hide their command and control activities, and thus encrypted traffic detection technology is one of the important means to prevent malicious attacks in advance. The existing methods based on machine learning cannot get rid of the artificial dependence of feature selection. Moreover, deep learning methods ignore the hierarchical characteristics of traffic. Therefore, we propose a novel deep neural network that combines CapsNet and LSTM to implement a hierarchical encrypted traffic recognition model, Caps-LSTM, which splits the traffic twice and classifies the encrypted traffic hierarchically based on the temporal and spatial characteristics, where CapsNet learns the lower spatial characteristics of the traffic and LSTM learns the upper temporal characteristics of the traffic. Finally, the softmax classifier is used to achieve effective detection of encrypted traffic services and specific application categories. Compared with the existing advanced methods based on the common data set ISCX VPN-nonVPN, the experimental results show that Caps-LSTM is more effective.
This research is supported by National Key Research and Development Program of China (No.2019QY1300), and CCF-NSFOCUS Kun-Peng Scientific Research Foundation (No.2020010), Youth Innovation Promotion Association CAS (No.2021156), the Strategic Priority Research Program of Chinese Academy of Sciences (No.XDC02040100) and National Natural Science Foundation of China (No.61802404). This work is also supported by the Program of Key Laboratory of Network Assessment Technology, the Chinese Academy of Sciences, Program of Beijing Key Laboratory of Network Security and Protection Technology.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Velan, P., Čermák, M., Čeleda, P., Drašar, M.: A survey of methods for encrypted traffic classification and analysis. Int. J. Netw. Manage. 25(5), 355–374 (2015)
Biersack, E., Callegari, C., Matijasevic, M., et al.: Data traffic monitoring and analysis. Lect. Notes Comput. Sci. 5(23), 12561–12570 (2013)
Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: Blindbox: deep packet inspection over encrypted traffic. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pp. 213–226 (2015)
Draper-Gil, G., Lashkari, A.H., Mamun, M.S.I., Ghorbani, A.A.: Characterization of encrypted and vpn traffic using time-related. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP), pp. 407–414 (2016)
Rezaei, S., Liu, X.: Deep learning for encrypted traffic classification: an overview. IEEE Commun. Mag. 57(5), 76–81 (2019)
Sabour, S., Frosst, N., Hinton, G.E. Dynamic routing between capsules. arXiv preprint arXiv:1710.09829 (2017)
Pan, W.B., Cheng, G., Guo, X.J., Huang, S.X.: Review and perspective on encrypted traffic identification research. J. Commun. 37(9), 154 (2016)
Moore, A.W., Papagiannaki, K.: Toward the accurate identification of network applications. In: Dovrolis, C. (ed.) PAM 2005. LNCS, vol. 3431, pp. 41–54. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31966-5_4
Madhukar, A., Williamson, C.: A longitudinal study of p2p traffic classification. In: 14th IEEE International Symposium on Modeling, Analysis, and Simulation, pp. 179–188. IEEE (2006)
Bujlow, T., Carela-Español, V., Barlet-Ros, P.: Independent comparison of popular dpi tools for traffic classification. Comput. Netw. 76, 75–89 (2015)
El-Maghraby, R.T., Abd Elazim, N.M., Bahaa-Eldin, A.M.: A survey on deep packet inspection. In: 2017 12th International Conference on Computer Engineering and Systems (ICCES), pp. 188–197. IEEE (2017)
Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of p2p traffic using application signatures. In: Proceedings of the 13th International Conference on World Wide Web, pp. 512–521 (2004)
Anderson, B., McGrew, D.: Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1723–1732 (2017)
Zander, S., Nguyen, T., Armitage, G.: Automated traffic classification and application identification using machine learning. In: The IEEE Conference on Local Computer Networks 30th Anniversary (LCN 2005), pp. 250–257. IEEE (2005)
Zander, S., Nguyen, T., Armitage, G.: Self-learning IP traffic classification based on statistical flow characteristics. In: Dovrolis, C. (ed.) PAM 2005. LNCS, vol. 3431, pp. 325–328. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31966-5_26
Wang, Z.: The applications of deep learning on traffic identification. BlackHat USA 24(11), 1–10 (2015)
Lotfollahi, M., Jafari Siavoshani, M., Shirali Hossein Zade, R., Saberian, M.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Comput. 24(3), 1999–2012 (2019). https://doi.org/10.1007/s00500-019-04030-2
Lopez-Martin, M., Carro, B., Sanchez-Esguevillas, A., Lloret, J.: Network traffic classifier with convolutional and recurrent neural networks for internet of things. IEEE Access 5, 18042–18050 (2017)
Yong Zhang, X., Chen, L.J., Wang, X., Guo, D.: Network intrusion detection: based on deep hierarchical network and original flow data. IEEE Access 7, 37004–37016 (2019)
Cui, S., Jiang, B., Cai, Z., Lu, Z., Liu, S., Liu, J.: A session-packets-based encrypted traffic classification using capsule neural networks. In: 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), pp. 429–436. IEEE (2019)
Gers, F.A., Schmidhuber, J., Cummins, F.: Learning to forget: continual prediction with lstm (1999)
Powers, D.M.W.: Evaluation: from precision, recall and f-measure to roc, informedness, markedness and correlation. arXiv preprint arXiv:2010.16061 (2020)
Wang, W., Zhu, M., Wang, J., Zeng, X., Yang, Z.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 43–48. IEEE (2017)
Zou, Z., Ge, J., Zheng, H., Wu, Y., Han, C., Yao, Z.: Encrypted traffic classification with a convolutional long short-term memory neural network. In: 2018 IEEE 20th International Conference on High Performance Computing and Communications, IEEE 16th International Conference on Smart City, IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), pp. 329–334. IEEE (2018)
Zhiyong, B., Zhou, B., Cheng, P., Zhang, K., Ling, Z.-H.: Encrypted network traffic classification using deep and parallel network-in-network models. IEEE Access 8, 132950–132959 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Tang, J. et al. (2021). Caps-LSTM: A Novel Hierarchical Encrypted VPN Network Traffic Identification Using CapsNet and LSTM. In: Lu, W., Sun, K., Yung, M., Liu, F. (eds) Science of Cyber Security. SciSec 2021. Lecture Notes in Computer Science(), vol 13005. Springer, Cham. https://doi.org/10.1007/978-3-030-89137-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-89137-4_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89136-7
Online ISBN: 978-3-030-89137-4
eBook Packages: Computer ScienceComputer Science (R0)