Abstract
In order to solve the problem of encrypted traffic identification, the identification method based on dynamic time warping (DTW) and k-nearest neighbor (KNN) for the encrypted network behaviors was proposed. The method took the encrypted Twitter traffic as an example of research, and a large number of encrypted Twitter network behaviors were deeply analyzed, and then the features representing the encrypted network behaviors were extracted, and the specific encrypted network behavior module database based on DTW and KNN were established, and the DTW between the collection data set and the module database were calculated, and then were normalized, and then the encrypted network behaviors were classified by comparing with the preset empirical threshold, and the distance information were also considered by DTW algorithm, at the same time, the influence of TCP retransmission and duplicate ACK packets can be effectively eliminated by the dynamic time warping algorithm. In order to overcome the noise interference of the similar data traffic except the distance information, the similar filtered data packets were classified as the true behavior or the false behavior by KNN algorithm, and then the encrypted network behaviors were identified automatically and in real time, compared with the only correlation coefficient method or only DTW method, the online correct recognition rate by DTW and KNN has been greatly increased and reached to about 93%, and the missed detection rate is almost same with the traditional methods, the experiments and actual project applications showed that the proposed method was effective.
Similar content being viewed by others
References
Dainotti, A., Pescape, A., Claffy, K.C.: Issues and future directions in traffic classification. Netw. IEEE. 26(1), 35–40 (2012)
Bartoli, A., Cumar, S., Lorenzo, A.D., Medvet, E.: Compressing regular expression sets for deep packet inspection. Parallel problem solving from nature—PPSN XIII. Springer, New York, pp. 394–403 (2014)
Najam, M., Younis, U., Rasool, R.U.: Speculative parallel pattern matching using stride-k DFA for deep packet inspection. J. Netw. Comput. Appl. 54(C), 78–87 (2015)
Carli, L.D., Sommer, R., Jha, S.: Beyond pattern matching: A concurrency model for stateful deep packet inspection. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, vol. 28, pp. 1378–1390 (2014)
Gebert, S., Pries, R., Heck, K., Heck, K.: Internet access traffic measurement and analysis. In: International Conference on Traffic Monitoring and Analysis, vol. 7189, pp. 29–42. Springer, New York (2012)
Park, J.S., Lee, J.Y., Lee, S.B.: Internet traffic measurement and analysis in a high speed network environment: workload and flow characteristics. J. Commun. Netw. 2(3), 287–296 (2013)
Liu, A.X., Meiners, C.R., Norige, E., Torng, E.: High-speed application protocol parsing and extraction for deep flow inspection. IEEE J. Sel. Areas Commun. 32(10), 1864–1880 (2015)
De Donato, W., Pescapé, A., Dainotti, A.: Traffic identification engine: an open platform for traffic classification. Netw. IEEE 28(2), 56–64 (2014)
Jaiswal, R., Lokhande, S.: Analysis of early traffic processing and comparison of machine learning algorithms for real time internet traffic identification using statistical approach. Advanced Computing, Networking and Informatics, vol. 2, pp. 191–221. Springer, New York (2014)
Alshammari, R., Zincir-Heywood, A.N.: How robust can a machine learning approach be for classifying encrypted VOIP? J. Netw. Syst. Manag. 23(4), 830–869 (2015)
Zhu, H.J., Zhu, L.H.: Automatic identification method of twitter encryption network behavior. Comput. Eng. 41(12), 166–170 (2015)
Xie, X.R.: Computer network. Electronic Industry Press, Beijing (2013)
Thankappan, M.: Network forensic investigation of HTTPS protocol. International Journal of Engineering Research (2014)
Wang, Y.X., Jiang, B.L., Wang, C.Y.: Probability theory, stochastic process and mathematical statistics. Beijing University of Posts and Telecommunications Press, Beijing (2010)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Hejun, Z., Liehuang, Z. Encrypted network behaviors identification based on dynamic time warping and k-nearest neighbor. Cluster Comput 22 (Suppl 2), 2571–2580 (2019). https://doi.org/10.1007/s10586-017-1329-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-017-1329-y