Skip to main content
SpringerLink
Log in
Book cover

International Conference on Science of Cyber Security

SciSec 2021: Science of Cyber Security pp 154–170Cite as

Multi-granularity Mobile Encrypted Traffic Classification Based on Fusion Features

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13005))

Abstract

The prosperity and development of mobile network makes mobile applications inseparable from people’s life. Although the encryption of mobile communication traffic protects the privacy of users to a certain extent, it also brings great challenges to network management and supervision. At present, many researches use machine learning or deep learning to classify encrypted traffic, but most of them only focus on single granularity classification task. Moreover, the method of multi granularity classification is more artificial, which cannot fully mine the effective information of multi granularity encrypted traffic classification. In this paper, we propose fusion feature based model, an end-to-end framework, which can automatically generate distinguishing fingerprints at three different granularities: app, in-app activity, and app-activity. Specifically, we use 1D-CNN to extract the spatial characteristics of the first packet payloads, and bidirectional LSTM to learn the timing characteristics of the packet length sequences and the packet direction sequences. Extensive experiments based on real-world encrypted mobile traffic show that, the proposed model achieves the best results in the multi-granularity classification task of mobile encrypted traffic, compared with the four state-of-the-art methods. Our work can provide an effective solution for the hierarchical and refined management of mobile networks.

This work was partially supported by the National Key Special Project of China (Grant No. 2020YFB1820105).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Aceto, G., Ciuonzo, D., Montieri, A., Pescapé, A.: Mobile encrypted traffic classification using deep learning. In: 2018 Network Traffic Measurement and Analysis Conference (TMA), pp. 1–8. IEEE (2018)

    Google Scholar 

  2. Aceto, G., Ciuonzo, D., Montieri, A., Pescapé, A.: Multi-classification approaches for classifying mobile app traffic. J. Netw. Comput. Appl. 103, 131–145 (2018)

    Article  Google Scholar 

  3. Aceto, G., Ciuonzo, D., Montieri, A., Pescapé, A.: Mobile encrypted traffic classification using deep learning: Experimental evaluation, lessons learned, and challenges. IEEE Trans. Netw. Serv. Manage. 16(2), 445–458 (2019)

    Article  Google Scholar 

  4. Alcock, S., Nelson, R.: Measuring the accuracy of open-source payload-based traffic classifiers using popular internet applications. In: 38th Annual IEEE Conference on Local Computer Networks-Workshops, pp. 956–963. IEEE (2013)

    Google Scholar 

  5. Anderson, B., McGrew, D.: Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1723–1732 (2017)

    Google Scholar 

  6. Callado, A., et al.: A survey on internet traffic identification. IEEE Commun. Surv. Tutorials 11(3), 37–52 (2009)

    Article  Google Scholar 

  7. Casino, F., Choo, K.K.R., Patsakis, C.: Hedge: efficient traffic classification of encrypted and compressed packets. IEEE Trans. Inf. Forensics Secur. 14(11), 2916–2926 (2019)

    Article  Google Scholar 

  8. Conti, M., Mancini, L.V., Spolaor, R., Verde, N.V.: Analyzing android encrypted network traffic to identify user actions. IEEE Trans. Inf. Forensics Secur. 11(1), 114–125 (2015)

    Article  Google Scholar 

  9. Dierks, T., Rescorla, E.: The transport layer security (tls) protocol version 1.2 (2008)

    Google Scholar 

  10. Dubin, R., Dvir, A., Pele, O., Hadar, O.: I know what you saw last minute–encrypted http adaptive video streaming title classification. IEEE Trans. Inf. Forensics Secur. 12(12), 3039–3049 (2017)

    Article  Google Scholar 

  11. Finsterbusch, M., Richter, C., Rocha, E., Muller, J.A., Hanssgen, K.: A survey of payload-based traffic classification approaches. IEEE Commun. Surv. Tutorials 16(2), 1135–1156 (2013)

    Article  Google Scholar 

  12. Freier, A., Karlton, P., Kocher, P.: The secure sockets layer (SSL) protocol version 3.0. Tech. rep., RFC 6101 (2011)

    Google Scholar 

  13. Fu, Y., Xiong, H., Lu, X., Yang, J., Chen, C.: Service usage classification with encrypted internet traffic in mobile messaging apps. IEEE Trans. Mob. Comput. 15(11), 2851–2864 (2016)

    Article  Google Scholar 

  14. Gong, S.: A collaborative filtering recommendation algorithm based on user clustering and item clustering. J. Softw. 5(7), 745–752 (2010)

    Article  Google Scholar 

  15. Hou, C., Shi, J., Kang, C., Cao, Z., Gang, X.: Classifying user activities in the encrypted wechat traffic. In: 2018 IEEE 37th International Performance Computing and Communications Conference (IPCCC), pp. 1–8. IEEE (2018)

    Google Scholar 

  16. Jamdagni, A., Tan, Z., He, X., Nanda, P., Liu, R.P.: Repids: a multi tier real-time payload-based intrusion detection system. Comput. Netw. 57(3), 811–824 (2013)

    Article  Google Scholar 

  17. Kim, S.M., Goo, Y.H., Kim, M.S., Choi, S.G., Choi, M.J.: A method for service identification of SSL/TLS encrypted traffic with the relation of session ID and server IP. In: 2015 17th Asia-Pacific Network Operations and Management Symposium (APNOMS), pp. 487–490. IEEE (2015)

    Google Scholar 

  18. Korczyński, M., Duda, A.: Markov chain fingerprinting to classify encrypted traffic. In: IEEE INFOCOM 2014-IEEE Conference on Computer Communications, pp. 781–789. IEEE (2014)

    Google Scholar 

  19. Li, D., Li, W., Wang, X., Nguyen, C.T., Lu, S.: App trajectory recognition over encrypted internet traffic based on deep neural network. Comput. Netw. 179, 107372 (2020)

    Article  Google Scholar 

  20. Liu, C., He, L., Xiong, G., Cao, Z., Li, Z.: Fs-net: a flow sequence network for encrypted traffic classification. In: IEEE INFOCOM 2019-IEEE Conference on Computer Communications, pp. 1171–1179. IEEE (2019)

    Google Scholar 

  21. Liu, J., Fu, Y., Ming, J., Ren, Y., Sun, L., Xiong, H.: Effective and real-time in-app activity analysis in encrypted internet traffic streams. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 335–344 (2017)

    Google Scholar 

  22. Lotfollahi, M., Siavoshani, M.J., Zade, R.S.H., Saberian, M.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Comput. 24(3), 1999–2012 (2020)

    Article  Google Scholar 

  23. Mamun, M.S.I., Ghorbani, A.A., Stakhanova, N.: An entropy based encrypted traffic classifier. In: Qing, S., Okamoto, E., Kim, K., Liu, D. (eds.) ICICS 2015. LNCS, vol. 9543, pp. 282–294. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29814-6_23

    Chapter  Google Scholar 

  24. McPherson, J., Ma, K.L., Krystosk, P., Bartoletti, T., Christensen, M.: Portvis: a tool for port-based detection of security events. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 73–81 (2004)

    Google Scholar 

  25. Niu, W., Zhuo, Z., Zhang, X., Du, X., Yang, G., Guizani, M.: A heuristic statistical testing based approach for encrypted network traffic identification. IEEE Trans. Veh. Technol. 68(4), 3843–3853 (2019)

    Article  Google Scholar 

  26. Rezaei, S., Kroencke, B., Liu, X.: Large-scale mobile app identification using deep learning. IEEE Access 8, 348–362 (2019)

    Article  Google Scholar 

  27. Roughan, M., Sen, S., Spatscheck, O., Duffield, N.: Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 135–148 (2004)

    Google Scholar 

  28. Shen, M., Wei, M., Zhu, L., Wang, M., Li, F.: Certificate-aware encrypted traffic classification using second-order Markov chain. In: 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS), pp. 1–10. IEEE (2016)

    Google Scholar 

  29. Sirinam, P., Imani, M., Juarez, M., Wright, M.: Deep fingerprinting: undermining website fingerprinting defenses with deep learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1928–1943 (2018)

    Google Scholar 

  30. Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Appscanner: automatic fingerprinting of smartphone apps from encrypted network traffic. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 439–454. IEEE (2016)

    Google Scholar 

  31. Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Robust smartphone app identification via encrypted network traffic analysis. IEEE Trans. Inf. Forensics Secur. 13(1), 63–78 (2017)

    Article  Google Scholar 

  32. Wang, C., et al.: Fingerprinting encrypted voice traffic on smart speakers with deep learning. In: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 254–265 (2020)

    Google Scholar 

  33. Wang, J., Cao, Z., Kang, C., Xiong, G.: User behavior classification in encrypted cloud camera traffic. In: 2019 IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE (2019)

    Google Scholar 

  34. Wang, W., Zhu, M., Wang, J., Zeng, X., Yang, Z.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 43–48. IEEE (2017)

    Google Scholar 

  35. Yao, H., Liu, C., Zhang, P., Wu, S., Jiang, C., Yu, S.: Identification of encrypted traffic through attention mechanism based long short term memory. IEEE Trans. Big Data (2019)

    Google Scholar 

  36. Yoon, K.: Convolutional neural networks for sentence classification. arXiv (2014)

    Google Scholar 

  37. Yoon, S.H., Park, J.W., Park, J.S., Oh, Y.S., Kim, M.S.: Internet application traffic classification using fixed IP-port. In: Hong, C.S., Tonouchi, T., Ma, Y., Chao, C.S. (eds.) APNOMS 2009. LNCS, vol. 5787, pp. 21–30. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04492-2_3

    Chapter  Google Scholar 

  38. Yu, C., Tian, X., Guo, Y.: Research on user portrait based on behavior-content fusion model. Libr. Inf. Work 62(13), 54–63 (2018)

    Google Scholar 

  39. Zhang, H., Papadopoulos, C., Massey, D.: Detecting encrypted botnet traffic. In: 2013 Proceedings IEEE INFOCOM, pp. 3453–1358. IEEE (2013)

    Google Scholar 

Download references

Acknowledgements

This work was partially supported by the National Key Special Project of China (Grant No. 2020YFB1820105).

Author information

Authors and Affiliations

  1. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Hui Zhang & Yuewen Tan

  2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Hui Zhang, Gaopeng Gou, Gang Xiong, Chang Liu & Yuewen Tan

  3. National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing, China

    Hui Zhang

  4. School of Computer Science and Technology, Beijing Institute of Technology, Beijing, China

    Ke Ye

Authors
  1. Hui Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gaopeng Gou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gang Xiong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yuewen Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ke Ye
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gang Xiong .

Editor information

Editors and Affiliations

  1. Fudan University, Shanghai, China

    Wenlian Lu

  2. George Mason University, Fairfax, VA, USA

    Kun Sun

  3. Computer Science Department, Columbia University, New York, NY, USA

    Moti Yung

  4. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Feng Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, H., Gou, G., Xiong, G., Liu, C., Tan, Y., Ye, K. (2021). Multi-granularity Mobile Encrypted Traffic Classification Based on Fusion Features. In: Lu, W., Sun, K., Yung, M., Liu, F. (eds) Science of Cyber Security. SciSec 2021. Lecture Notes in Computer Science(), vol 13005. Springer, Cham. https://doi.org/10.1007/978-3-030-89137-4_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-89137-4_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-89136-7

  • Online ISBN: 978-3-030-89137-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation