Seeing Traffic Paths: Encrypted Traffic Classification With Path Signature Features

Shi Jie Xu, Guang Gang Geng*, Xiao Bo Jin*, Dong Jie Liu, Jian Weng

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

18 Citations (Scopus)

Abstract

Although many network traffic protection methods have been developed to protect user privacy, encrypted traffic can still reveal sensitive user information with sophisticated analysis. In this paper, we propose ETC-PS, a novel encrypted traffic classification method with path signature. We first construct the traffic path with a session packet length sequence to represent the interactions between the client and the server. Then, path transformations are conducted to exhibit its structure and obtain different information. A multiscale path signature is finally computed as a kind of distinctive feature to train the traditional machine learning classifier, which achieves highly robust accuracy and low training overhead. Six publicly available datasets with different traffic types of HTTPS/1, HTTPS/2, QUIC, VPN, non-VPN, Tor, and non-Tor are used to conduct closed-world and open-world evaluations to verify the effectiveness of ETC-PS. The experimental results demonstrate that ETC-PS is superior to the state-of-the-art methods in terms of accuracy, f1 score, time complexity, and stability.

Original languageEnglish
Pages (from-to)2166-2181
Number of pages16
JournalIEEE Transactions on Information Forensics and Security
Volume17
DOIs
Publication statusPublished - 2022

Keywords

  • Encrypted traffic classification
  • machine learning
  • path signature feature

Fingerprint

Dive into the research topics of 'Seeing Traffic Paths: Encrypted Traffic Classification With Path Signature Features'. Together they form a unique fingerprint.

Cite this