Abstract
With the growing attention to the security and privacy of mobile communications, advanced cryptographic protocols are widely applied to protect information confidentiality and prevent privacy leakage. These cryptographic protocols make it difficult to classify encrypted traffic for network management and intrusion detection. Existing mobile encrypted traffic classification approaches intend to alleviate this problem for TLS 1.2 encrypted traffic through modeling message attributes. However, these approaches are facing tough challenges in classifying TLS 1.3 traffic because most plaintext handshake messages are encrypted in TLS 1.3. To tackle this problem, we propose a mobile encrypted traffic classification approach based on Message Type Inference (MTI). We use a Recurrent Neural Network-Conditional Random Field (RNN-CRF) network to infer the hidden message types of encrypted handshake messages. Moreover, we employ machine learning to integrate three kinds of length features. The experimental results demonstrate that the RNN-CRF network achieves 99.92% message type inference accuracy and 98.96% F1-score on a real-world TLS 1.3 dataset and our proposed approach MTI achieves 96.66% accuracy and 96.64% F1-score on a fourteen application real-world TLS 1.3 dataset. In addition, we compare MTI with existing encrypted traffic classification approaches, which demonstrates MTI performs considerably better than state-of-the-art approaches for TLS 1.3 traffic.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Aceto, G., Ciuonzo, D., Montieri, A., Pescapé, A.: Mobile encrypted traffic classification using deep learning. In: 2018 Network traffic measurement and analysis conference (TMA), pp. 1–8. IEEE (2018)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Chen, T., Guestrin, C.: Xgboost: a scalable tree boosting system. In: Proceedings of the 22Nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 785–794. ACM (2016)
Chen, Y., Zang, T., Zhang, Y., Zhouz, Y., Wang, Y.: Rethinking encrypted traffic classification: a multi-attribute associated fingerprint approach. In: 2019 IEEE 27th International Conference on Network Protocols (ICNP), pp. 1–11. IEEE (2019)
Cho, K., et al.: Learning phrase representations using RNN encoder-decoder for statistical machine translation. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), pp. 1724–1734 (2014)
Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious javascript code. In: Proceedings of the 19th international conference on World wide web, pp. 281–290 (2010)
Dierks, T., Rescorla, E.: The transport layer security (tls) protocol version 1.2. IETF RFC5246 (2008)
Fiedler, M., Hossfeld, T., Tran-Gia, P.: A generic quantitative relationship between quality of experience and quality of service. IEEE Netw. 24(2), 36–41 (2010)
Finsterbusch, M., Richter, C., Rocha, E., Muller, J.A., Hanssgen, K.: A survey of payload-based traffic classification approaches. IEEE Commun. Surv. Tutor. 16(2), 1135–1156 (2013)
Forney, G.D.: The viterbi algorithm. Proc. IEEE 61(3), 268–278 (1973)
Google: Google Online Security Blog: An Update on Android TLS Adoption. https://security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html
Google: HTTPS encryption on the web - Google Transparency Report. https://transparencyreport.google.com/https/overview
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)
Hoffman, P., McManus, P.: Dns queries over https (doh). IETF RFC8484 (2018)
Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., Hoffman, P.: Specification for dns over transport layer security (tls). IETF RFC7858 (2016)
Huang, Z., Xu, W., Yu, K.: Bidirectional lstm-crf models for sequence tagging. arXiv preprint arXiv:1508.01991 (2015)
Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)
Korczyński, M., Duda, A.: Markov chain fingerprinting to classify encrypted traffic. In: 2014 IEEE International Conference on Computer Communications (Infocom), pp. 781–789. IEEE (2014)
Lafferty, J., McCallum, A., Pereira, F.C.: Conditional random fields: probabilistic models for segmenting and labeling sequence data. In: Proceedings of the Eighteenth International Conference on Machine Learning, pp. 282–289. Morgan Kaufmann (2001)
Liu, C., Cao, Z., Xiong, G., Gou, G., Yiu, S.M., He, L.: Mampf: encrypted traffic classification based on multi-attribute markov probability fingerprints. In: 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS), pp. 1–10. IEEE (2018)
Liu, C., He, L., Xiong, G., Cao, Z., Li, Z.: Fs-net: a flow sequence network for encrypted traffic classification. In: 2019 IEEE International Conference on Computer Communications (Infocom), pp. 1–9. IEEE (2019)
Ma, X., Hovy, E.: End-to-end sequence labeling via bi-directional LSTM-CNNS-CRF. arXiv preprint arXiv:1603.01354 (2016)
McCloskey, M., Cohen, N.J.: Catastrophic interference in connectionist networks: the sequential learning problem. In: Psychology of learning and motivation, vol. 24, pp. 109–165. Elsevier (1989)
Qi, Y., Xu, L., Yang, B., Xue, Y., Li, J.: Packet classification algorithms: from theory to practice. In: IEEE INFOCOM 2009, pp. 648–656. IEEE (2009)
Quinlan, J.R.: C4.5: programs for machine learning. Elsevier (2014)
Rescorla, E.: The transport layer security (tls) protocol version 1.3. IETF RFC8446 (2018)
Rumelhart, D.E., Hinton, G.E., Williams, R.J.: Learning representations by back-propagating errors. Nature 323(6088), 533–536 (1986)
Shen, M., Wei, M., Zhu, L., Wang, M.: Classification of encrypted traffic with second-order Markov chains and application attribute bigrams. IEEE Trans. Inf. For. Secur. 12(8), 1830–1843 (2017)
Srivastava, N., Hinton, G., Krizhevsky, A., Sutskever, I., Salakhutdinov, R.: Dropout: a simple way to prevent neural networks from overfitting. J. Mach. Learn. Res. 15(1), 1929–1958 (2014)
Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Robust smartphone app identification via encrypted network traffic analysis. IEEE Trans. Inf. For. Secur. 13(1), 63–78 (2017)
Zhang, J., Li, F., Ye, F., Wu, H.: Autonomous unknown-application filtering and labeling for dl-based traffic classifier update. In: 2020 IEEE International Conference on Computer Communications (Infocom), pp. 1–9. IEEE (2020)
Zhou, P., Qi, Z., Zheng, S., Xu, J., Bao, H., Xu, B.: Text classification improved by integrating bidirectional LSTM with two-dimensional max pooling. arXiv preprint arXiv:1611.06639 (2016)
Acknowledgment
This work is supported by the Strategic Priority Research Program of the Chinese Academy of Sciences (No.XDC02030100), the National Key Research and Development Program of China (Grant No.2018YFB0804704), and the National Natural Science Foundation of China (Grant No.U1736218).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Chen, Y., Zang, T., Zhang, Y., Zhou, Y., Yang, P. (2021). Mobile Encrypted Traffic Classification Based on Message Type Inference. In: Gao, H., Wang, X. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 406. Springer, Cham. https://doi.org/10.1007/978-3-030-92635-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-92635-9_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92634-2
Online ISBN: 978-3-030-92635-9
eBook Packages: Computer ScienceComputer Science (R0)