Abstract
The prosperity and development of mobile network makes mobile applications inseparable from people’s life. Although the encryption of mobile communication traffic protects the privacy of users to a certain extent, it also brings great challenges to network management and supervision. At present, many researches use machine learning or deep learning to classify encrypted traffic, but most of them only focus on single granularity classification task. Moreover, the method of multi granularity classification is more artificial, which cannot fully mine the effective information of multi granularity encrypted traffic classification. In this paper, we propose fusion feature based model, an end-to-end framework, which can automatically generate distinguishing fingerprints at three different granularities: app, in-app activity, and app-activity. Specifically, we use 1D-CNN to extract the spatial characteristics of the first packet payloads, and bidirectional LSTM to learn the timing characteristics of the packet length sequences and the packet direction sequences. Extensive experiments based on real-world encrypted mobile traffic show that, the proposed model achieves the best results in the multi-granularity classification task of mobile encrypted traffic, compared with the four state-of-the-art methods. Our work can provide an effective solution for the hierarchical and refined management of mobile networks.
This work was partially supported by the National Key Special Project of China (Grant No. 2020YFB1820105).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Aceto, G., Ciuonzo, D., Montieri, A., Pescapé, A.: Mobile encrypted traffic classification using deep learning. In: 2018 Network Traffic Measurement and Analysis Conference (TMA), pp. 1–8. IEEE (2018)
Aceto, G., Ciuonzo, D., Montieri, A., Pescapé, A.: Multi-classification approaches for classifying mobile app traffic. J. Netw. Comput. Appl. 103, 131–145 (2018)
Aceto, G., Ciuonzo, D., Montieri, A., Pescapé, A.: Mobile encrypted traffic classification using deep learning: Experimental evaluation, lessons learned, and challenges. IEEE Trans. Netw. Serv. Manage. 16(2), 445–458 (2019)
Alcock, S., Nelson, R.: Measuring the accuracy of open-source payload-based traffic classifiers using popular internet applications. In: 38th Annual IEEE Conference on Local Computer Networks-Workshops, pp. 956–963. IEEE (2013)
Anderson, B., McGrew, D.: Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1723–1732 (2017)
Callado, A., et al.: A survey on internet traffic identification. IEEE Commun. Surv. Tutorials 11(3), 37–52 (2009)
Casino, F., Choo, K.K.R., Patsakis, C.: Hedge: efficient traffic classification of encrypted and compressed packets. IEEE Trans. Inf. Forensics Secur. 14(11), 2916–2926 (2019)
Conti, M., Mancini, L.V., Spolaor, R., Verde, N.V.: Analyzing android encrypted network traffic to identify user actions. IEEE Trans. Inf. Forensics Secur. 11(1), 114–125 (2015)
Dierks, T., Rescorla, E.: The transport layer security (tls) protocol version 1.2 (2008)
Dubin, R., Dvir, A., Pele, O., Hadar, O.: I know what you saw last minute–encrypted http adaptive video streaming title classification. IEEE Trans. Inf. Forensics Secur. 12(12), 3039–3049 (2017)
Finsterbusch, M., Richter, C., Rocha, E., Muller, J.A., Hanssgen, K.: A survey of payload-based traffic classification approaches. IEEE Commun. Surv. Tutorials 16(2), 1135–1156 (2013)
Freier, A., Karlton, P., Kocher, P.: The secure sockets layer (SSL) protocol version 3.0. Tech. rep., RFC 6101 (2011)
Fu, Y., Xiong, H., Lu, X., Yang, J., Chen, C.: Service usage classification with encrypted internet traffic in mobile messaging apps. IEEE Trans. Mob. Comput. 15(11), 2851–2864 (2016)
Gong, S.: A collaborative filtering recommendation algorithm based on user clustering and item clustering. J. Softw. 5(7), 745–752 (2010)
Hou, C., Shi, J., Kang, C., Cao, Z., Gang, X.: Classifying user activities in the encrypted wechat traffic. In: 2018 IEEE 37th International Performance Computing and Communications Conference (IPCCC), pp. 1–8. IEEE (2018)
Jamdagni, A., Tan, Z., He, X., Nanda, P., Liu, R.P.: Repids: a multi tier real-time payload-based intrusion detection system. Comput. Netw. 57(3), 811–824 (2013)
Kim, S.M., Goo, Y.H., Kim, M.S., Choi, S.G., Choi, M.J.: A method for service identification of SSL/TLS encrypted traffic with the relation of session ID and server IP. In: 2015 17th Asia-Pacific Network Operations and Management Symposium (APNOMS), pp. 487–490. IEEE (2015)
Korczyński, M., Duda, A.: Markov chain fingerprinting to classify encrypted traffic. In: IEEE INFOCOM 2014-IEEE Conference on Computer Communications, pp. 781–789. IEEE (2014)
Li, D., Li, W., Wang, X., Nguyen, C.T., Lu, S.: App trajectory recognition over encrypted internet traffic based on deep neural network. Comput. Netw. 179, 107372 (2020)
Liu, C., He, L., Xiong, G., Cao, Z., Li, Z.: Fs-net: a flow sequence network for encrypted traffic classification. In: IEEE INFOCOM 2019-IEEE Conference on Computer Communications, pp. 1171–1179. IEEE (2019)
Liu, J., Fu, Y., Ming, J., Ren, Y., Sun, L., Xiong, H.: Effective and real-time in-app activity analysis in encrypted internet traffic streams. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 335–344 (2017)
Lotfollahi, M., Siavoshani, M.J., Zade, R.S.H., Saberian, M.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Comput. 24(3), 1999–2012 (2020)
Mamun, M.S.I., Ghorbani, A.A., Stakhanova, N.: An entropy based encrypted traffic classifier. In: Qing, S., Okamoto, E., Kim, K., Liu, D. (eds.) ICICS 2015. LNCS, vol. 9543, pp. 282–294. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29814-6_23
McPherson, J., Ma, K.L., Krystosk, P., Bartoletti, T., Christensen, M.: Portvis: a tool for port-based detection of security events. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 73–81 (2004)
Niu, W., Zhuo, Z., Zhang, X., Du, X., Yang, G., Guizani, M.: A heuristic statistical testing based approach for encrypted network traffic identification. IEEE Trans. Veh. Technol. 68(4), 3843–3853 (2019)
Rezaei, S., Kroencke, B., Liu, X.: Large-scale mobile app identification using deep learning. IEEE Access 8, 348–362 (2019)
Roughan, M., Sen, S., Spatscheck, O., Duffield, N.: Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 135–148 (2004)
Shen, M., Wei, M., Zhu, L., Wang, M., Li, F.: Certificate-aware encrypted traffic classification using second-order Markov chain. In: 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS), pp. 1–10. IEEE (2016)
Sirinam, P., Imani, M., Juarez, M., Wright, M.: Deep fingerprinting: undermining website fingerprinting defenses with deep learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1928–1943 (2018)
Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Appscanner: automatic fingerprinting of smartphone apps from encrypted network traffic. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 439–454. IEEE (2016)
Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Robust smartphone app identification via encrypted network traffic analysis. IEEE Trans. Inf. Forensics Secur. 13(1), 63–78 (2017)
Wang, C., et al.: Fingerprinting encrypted voice traffic on smart speakers with deep learning. In: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 254–265 (2020)
Wang, J., Cao, Z., Kang, C., Xiong, G.: User behavior classification in encrypted cloud camera traffic. In: 2019 IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE (2019)
Wang, W., Zhu, M., Wang, J., Zeng, X., Yang, Z.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 43–48. IEEE (2017)
Yao, H., Liu, C., Zhang, P., Wu, S., Jiang, C., Yu, S.: Identification of encrypted traffic through attention mechanism based long short term memory. IEEE Trans. Big Data (2019)
Yoon, K.: Convolutional neural networks for sentence classification. arXiv (2014)
Yoon, S.H., Park, J.W., Park, J.S., Oh, Y.S., Kim, M.S.: Internet application traffic classification using fixed IP-port. In: Hong, C.S., Tonouchi, T., Ma, Y., Chao, C.S. (eds.) APNOMS 2009. LNCS, vol. 5787, pp. 21–30. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04492-2_3
Yu, C., Tian, X., Guo, Y.: Research on user portrait based on behavior-content fusion model. Libr. Inf. Work 62(13), 54–63 (2018)
Zhang, H., Papadopoulos, C., Massey, D.: Detecting encrypted botnet traffic. In: 2013 Proceedings IEEE INFOCOM, pp. 3453–1358. IEEE (2013)
Acknowledgements
This work was partially supported by the National Key Special Project of China (Grant No. 2020YFB1820105).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhang, H., Gou, G., Xiong, G., Liu, C., Tan, Y., Ye, K. (2021). Multi-granularity Mobile Encrypted Traffic Classification Based on Fusion Features. In: Lu, W., Sun, K., Yung, M., Liu, F. (eds) Science of Cyber Security. SciSec 2021. Lecture Notes in Computer Science(), vol 13005. Springer, Cham. https://doi.org/10.1007/978-3-030-89137-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-89137-4_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89136-7
Online ISBN: 978-3-030-89137-4
eBook Packages: Computer ScienceComputer Science (R0)