Skip to main content
SpringerLink
Log in

Encrypted network behaviors identification based on dynamic time warping and k-nearest neighbor

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

In order to solve the problem of encrypted traffic identification, the identification method based on dynamic time warping (DTW) and k-nearest neighbor (KNN) for the encrypted network behaviors was proposed. The method took the encrypted Twitter traffic as an example of research, and a large number of encrypted Twitter network behaviors were deeply analyzed, and then the features representing the encrypted network behaviors were extracted, and the specific encrypted network behavior module database based on DTW and KNN were established, and the DTW between the collection data set and the module database were calculated, and then were normalized, and then the encrypted network behaviors were classified by comparing with the preset empirical threshold, and the distance information were also considered by DTW algorithm, at the same time, the influence of TCP retransmission and duplicate ACK packets can be effectively eliminated by the dynamic time warping algorithm. In order to overcome the noise interference of the similar data traffic except the distance information, the similar filtered data packets were classified as the true behavior or the false behavior by KNN algorithm, and then the encrypted network behaviors were identified automatically and in real time, compared with the only correlation coefficient method or only DTW method, the online correct recognition rate by DTW and KNN has been greatly increased and reached to about 93%, and the missed detection rate is almost same with the traditional methods, the experiments and actual project applications showed that the proposed method was effective.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Dainotti, A., Pescape, A., Claffy, K.C.: Issues and future directions in traffic classification. Netw. IEEE. 26(1), 35–40 (2012)

    Google Scholar 

  2. Bartoli, A., Cumar, S., Lorenzo, A.D., Medvet, E.: Compressing regular expression sets for deep packet inspection. Parallel problem solving from nature—PPSN XIII. Springer, New York, pp. 394–403 (2014)

  3. Najam, M., Younis, U., Rasool, R.U.: Speculative parallel pattern matching using stride-k DFA for deep packet inspection. J. Netw. Comput. Appl. 54(C), 78–87 (2015)

    Google Scholar 

  4. Carli, L.D., Sommer, R., Jha, S.: Beyond pattern matching: A concurrency model for stateful deep packet inspection. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, vol. 28, pp. 1378–1390 (2014)

  5. Gebert, S., Pries, R., Heck, K., Heck, K.: Internet access traffic measurement and analysis. In: International Conference on Traffic Monitoring and Analysis, vol. 7189, pp. 29–42. Springer, New York (2012)

  6. Park, J.S., Lee, J.Y., Lee, S.B.: Internet traffic measurement and analysis in a high speed network environment: workload and flow characteristics. J. Commun. Netw. 2(3), 287–296 (2013)

    Google Scholar 

  7. Liu, A.X., Meiners, C.R., Norige, E., Torng, E.: High-speed application protocol parsing and extraction for deep flow inspection. IEEE J. Sel. Areas Commun. 32(10), 1864–1880 (2015)

    Google Scholar 

  8. De Donato, W., Pescapé, A., Dainotti, A.: Traffic identification engine: an open platform for traffic classification. Netw. IEEE 28(2), 56–64 (2014)

    Google Scholar 

  9. Jaiswal, R., Lokhande, S.: Analysis of early traffic processing and comparison of machine learning algorithms for real time internet traffic identification using statistical approach. Advanced Computing, Networking and Informatics, vol. 2, pp. 191–221. Springer, New York (2014)

  10. Alshammari, R., Zincir-Heywood, A.N.: How robust can a machine learning approach be for classifying encrypted VOIP? J. Netw. Syst. Manag. 23(4), 830–869 (2015)

    Google Scholar 

  11. Zhu, H.J., Zhu, L.H.: Automatic identification method of twitter encryption network behavior. Comput. Eng. 41(12), 166–170 (2015)

    Google Scholar 

  12. Xie, X.R.: Computer network. Electronic Industry Press, Beijing (2013)

    Google Scholar 

  13. Thankappan, M.: Network forensic investigation of HTTPS protocol. International Journal of Engineering Research (2014)

  14. Wang, Y.X., Jiang, B.L., Wang, C.Y.: Probability theory, stochastic process and mathematical statistics. Beijing University of Posts and Telecommunications Press, Beijing (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Beijing Institute of Technology, Beijing, 100081, China

    Zhu Hejun & Zhu Liehuang

  2. Esafenet Corp, Building A, No. 39, Xi’erqi Street, Haidian District, Beijing, 100085, China

    Zhu Hejun

Authors
  1. Zhu Hejun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhu Liehuang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhu Liehuang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hejun, Z., Liehuang, Z. Encrypted network behaviors identification based on dynamic time warping and k-nearest neighbor. Cluster Comput 22 (Suppl 2), 2571–2580 (2019). https://doi.org/10.1007/s10586-017-1329-y

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-017-1329-y

Keywords

Search

Navigation