Loading…
Encrypted traffic classification based on Gaussian mixture models and Hidden Markov Models
To protect user privacy (e.g., IP address and sensitive data in a packet), many traffic protection methods, like traffic obfuscation and encryption technologies, are introduced. However, these methods have been used by attackers to transmit malicious traffic, posing a serious threat to network secur...
Saved in:
| Published in: | Journal of network and computer applications 2020-09, Vol.166, p.102711, Article 102711 |
|---|---|
| Main Authors: | , , , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c300t-c033079ac5bff07ad9dbc02846c6a47354aa12e4ef0223d24d9214116e0fb5863 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c300t-c033079ac5bff07ad9dbc02846c6a47354aa12e4ef0223d24d9214116e0fb5863 |
| container_end_page | |
| container_issue | |
| container_start_page | 102711 |
| container_title | Journal of network and computer applications |
| container_volume | 166 |
| creator | Yao, Zhongjiang Ge, Jingguo Wu, Yulei Lin, Xiaosheng He, Runkang Ma, Yuxiang |
| description | To protect user privacy (e.g., IP address and sensitive data in a packet), many traffic protection methods, like traffic obfuscation and encryption technologies, are introduced. However, these methods have been used by attackers to transmit malicious traffic, posing a serious threat to network security. To enhance network traffic supervision, this paper proposes a new traffic classification model based on Gaussian mixture models and hidden Markov models, named MGHMM. To evaluate the effectiveness of the proposed model, we first classify protocols and identify the obfuscated traffic by experiments. Then, we compare the classification performance of MGHMM with that of the latest Vector Quantiser-based traffic classification algorithm. On the basis of the experiment, the relation between the classification and the number of hidden Markov states, and the number of mixture of Gaussian distributions required to describe the hidden states, are analyzed.
•Only need inter-packet time and packet size for traffic classification.•Analyze the discrete distribution and timing pattern of the flow features.•Perform well in traffic classification at multiple traffic levels.•Obtain the best classification results with minimal resource overhead. |
| doi_str_mv | 10.1016/j.jnca.2020.102711 |
| format | article |
| fullrecord | <record><control><sourceid>elsevier_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1016_j_jnca_2020_102711</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S1084804520301855</els_id><sourcerecordid>S1084804520301855</sourcerecordid><originalsourceid>FETCH-LOGICAL-c300t-c033079ac5bff07ad9dbc02846c6a47354aa12e4ef0223d24d9214116e0fb5863</originalsourceid><addsrcrecordid>eNp9kMtKA0EURBtRMEZ_wFX_wMTbj3mBGwkxERLc6MZNc6cf0GPSE7onwfy9M4lrV7eooorLIeSRwYwBK57aWRs0zjjw0eAlY1dkwqDOsyqv-fWoK5lVIPNbcpdSCwCFrMWEfC2Cjqd9bw3tIzrnNdVbTMkPCnvfBdpgGsJBLPEw-Bjozv_0h2jprjN2mygGQ1feGBvoBuN3d6Sbc3BPbhxuk334u1Py-br4mK-y9fvybf6yzrQA6DMNQkBZo84b56BEU5tGA69koQuUpcglIuNWWgecC8OlqTmTjBUWXJNXhZgSftnVsUspWqf20e8wnhQDNdJRrRrpqJGOutAZSs-X0vCoPXobVdLeBm2Nj1b3ynT-v_ov7CRuVQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Encrypted traffic classification based on Gaussian mixture models and Hidden Markov Models</title><source>ScienceDirect Freedom Collection</source><creator>Yao, Zhongjiang ; Ge, Jingguo ; Wu, Yulei ; Lin, Xiaosheng ; He, Runkang ; Ma, Yuxiang</creator><creatorcontrib>Yao, Zhongjiang ; Ge, Jingguo ; Wu, Yulei ; Lin, Xiaosheng ; He, Runkang ; Ma, Yuxiang</creatorcontrib><description>To protect user privacy (e.g., IP address and sensitive data in a packet), many traffic protection methods, like traffic obfuscation and encryption technologies, are introduced. However, these methods have been used by attackers to transmit malicious traffic, posing a serious threat to network security. To enhance network traffic supervision, this paper proposes a new traffic classification model based on Gaussian mixture models and hidden Markov models, named MGHMM. To evaluate the effectiveness of the proposed model, we first classify protocols and identify the obfuscated traffic by experiments. Then, we compare the classification performance of MGHMM with that of the latest Vector Quantiser-based traffic classification algorithm. On the basis of the experiment, the relation between the classification and the number of hidden Markov states, and the number of mixture of Gaussian distributions required to describe the hidden states, are analyzed.
•Only need inter-packet time and packet size for traffic classification.•Analyze the discrete distribution and timing pattern of the flow features.•Perform well in traffic classification at multiple traffic levels.•Obtain the best classification results with minimal resource overhead.</description><identifier>ISSN: 1084-8045</identifier><identifier>EISSN: 1095-8592</identifier><identifier>DOI: 10.1016/j.jnca.2020.102711</identifier><language>eng</language><publisher>Elsevier Ltd</publisher><subject>Encrypted traffic ; Gaussian mixture model ; Hidden Markov model ; Traffic classification</subject><ispartof>Journal of network and computer applications, 2020-09, Vol.166, p.102711, Article 102711</ispartof><rights>2020 Elsevier Ltd</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c300t-c033079ac5bff07ad9dbc02846c6a47354aa12e4ef0223d24d9214116e0fb5863</citedby><cites>FETCH-LOGICAL-c300t-c033079ac5bff07ad9dbc02846c6a47354aa12e4ef0223d24d9214116e0fb5863</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,778,782,27907,27908</link.rule.ids></links><search><creatorcontrib>Yao, Zhongjiang</creatorcontrib><creatorcontrib>Ge, Jingguo</creatorcontrib><creatorcontrib>Wu, Yulei</creatorcontrib><creatorcontrib>Lin, Xiaosheng</creatorcontrib><creatorcontrib>He, Runkang</creatorcontrib><creatorcontrib>Ma, Yuxiang</creatorcontrib><title>Encrypted traffic classification based on Gaussian mixture models and Hidden Markov Models</title><title>Journal of network and computer applications</title><description>To protect user privacy (e.g., IP address and sensitive data in a packet), many traffic protection methods, like traffic obfuscation and encryption technologies, are introduced. However, these methods have been used by attackers to transmit malicious traffic, posing a serious threat to network security. To enhance network traffic supervision, this paper proposes a new traffic classification model based on Gaussian mixture models and hidden Markov models, named MGHMM. To evaluate the effectiveness of the proposed model, we first classify protocols and identify the obfuscated traffic by experiments. Then, we compare the classification performance of MGHMM with that of the latest Vector Quantiser-based traffic classification algorithm. On the basis of the experiment, the relation between the classification and the number of hidden Markov states, and the number of mixture of Gaussian distributions required to describe the hidden states, are analyzed.
•Only need inter-packet time and packet size for traffic classification.•Analyze the discrete distribution and timing pattern of the flow features.•Perform well in traffic classification at multiple traffic levels.•Obtain the best classification results with minimal resource overhead.</description><subject>Encrypted traffic</subject><subject>Gaussian mixture model</subject><subject>Hidden Markov model</subject><subject>Traffic classification</subject><issn>1084-8045</issn><issn>1095-8592</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><recordid>eNp9kMtKA0EURBtRMEZ_wFX_wMTbj3mBGwkxERLc6MZNc6cf0GPSE7onwfy9M4lrV7eooorLIeSRwYwBK57aWRs0zjjw0eAlY1dkwqDOsyqv-fWoK5lVIPNbcpdSCwCFrMWEfC2Cjqd9bw3tIzrnNdVbTMkPCnvfBdpgGsJBLPEw-Bjozv_0h2jprjN2mygGQ1feGBvoBuN3d6Sbc3BPbhxuk334u1Py-br4mK-y9fvybf6yzrQA6DMNQkBZo84b56BEU5tGA69koQuUpcglIuNWWgecC8OlqTmTjBUWXJNXhZgSftnVsUspWqf20e8wnhQDNdJRrRrpqJGOutAZSs-X0vCoPXobVdLeBm2Nj1b3ynT-v_ov7CRuVQ</recordid><startdate>20200915</startdate><enddate>20200915</enddate><creator>Yao, Zhongjiang</creator><creator>Ge, Jingguo</creator><creator>Wu, Yulei</creator><creator>Lin, Xiaosheng</creator><creator>He, Runkang</creator><creator>Ma, Yuxiang</creator><general>Elsevier Ltd</general><scope>AAYXX</scope><scope>CITATION</scope></search><sort><creationdate>20200915</creationdate><title>Encrypted traffic classification based on Gaussian mixture models and Hidden Markov Models</title><author>Yao, Zhongjiang ; Ge, Jingguo ; Wu, Yulei ; Lin, Xiaosheng ; He, Runkang ; Ma, Yuxiang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c300t-c033079ac5bff07ad9dbc02846c6a47354aa12e4ef0223d24d9214116e0fb5863</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Encrypted traffic</topic><topic>Gaussian mixture model</topic><topic>Hidden Markov model</topic><topic>Traffic classification</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Yao, Zhongjiang</creatorcontrib><creatorcontrib>Ge, Jingguo</creatorcontrib><creatorcontrib>Wu, Yulei</creatorcontrib><creatorcontrib>Lin, Xiaosheng</creatorcontrib><creatorcontrib>He, Runkang</creatorcontrib><creatorcontrib>Ma, Yuxiang</creatorcontrib><collection>CrossRef</collection><jtitle>Journal of network and computer applications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Yao, Zhongjiang</au><au>Ge, Jingguo</au><au>Wu, Yulei</au><au>Lin, Xiaosheng</au><au>He, Runkang</au><au>Ma, Yuxiang</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Encrypted traffic classification based on Gaussian mixture models and Hidden Markov Models</atitle><jtitle>Journal of network and computer applications</jtitle><date>2020-09-15</date><risdate>2020</risdate><volume>166</volume><spage>102711</spage><pages>102711-</pages><artnum>102711</artnum><issn>1084-8045</issn><eissn>1095-8592</eissn><abstract>To protect user privacy (e.g., IP address and sensitive data in a packet), many traffic protection methods, like traffic obfuscation and encryption technologies, are introduced. However, these methods have been used by attackers to transmit malicious traffic, posing a serious threat to network security. To enhance network traffic supervision, this paper proposes a new traffic classification model based on Gaussian mixture models and hidden Markov models, named MGHMM. To evaluate the effectiveness of the proposed model, we first classify protocols and identify the obfuscated traffic by experiments. Then, we compare the classification performance of MGHMM with that of the latest Vector Quantiser-based traffic classification algorithm. On the basis of the experiment, the relation between the classification and the number of hidden Markov states, and the number of mixture of Gaussian distributions required to describe the hidden states, are analyzed.
•Only need inter-packet time and packet size for traffic classification.•Analyze the discrete distribution and timing pattern of the flow features.•Perform well in traffic classification at multiple traffic levels.•Obtain the best classification results with minimal resource overhead.</abstract><pub>Elsevier Ltd</pub><doi>10.1016/j.jnca.2020.102711</doi></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1084-8045 |
| ispartof | Journal of network and computer applications, 2020-09, Vol.166, p.102711, Article 102711 |
| issn | 1084-8045 1095-8592 |
| language | eng |
| recordid | cdi_crossref_primary_10_1016_j_jnca_2020_102711 |
| source | ScienceDirect Freedom Collection |
| subjects | Encrypted traffic Gaussian mixture model Hidden Markov model Traffic classification |
| title | Encrypted traffic classification based on Gaussian mixture models and Hidden Markov Models |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-16T21%3A39%3A00IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-elsevier_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Encrypted%20traffic%20classification%20based%20on%20Gaussian%20mixture%20models%20and%20Hidden%20Markov%20Models&rft.jtitle=Journal%20of%20network%20and%20computer%20applications&rft.au=Yao,%20Zhongjiang&rft.date=2020-09-15&rft.volume=166&rft.spage=102711&rft.pages=102711-&rft.artnum=102711&rft.issn=1084-8045&rft.eissn=1095-8592&rft_id=info:doi/10.1016/j.jnca.2020.102711&rft_dat=%3Celsevier_cross%3ES1084804520301855%3C/elsevier_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c300t-c033079ac5bff07ad9dbc02846c6a47354aa12e4ef0223d24d9214116e0fb5863%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |