Litcius/Paper detail

Analysis of Encrypted Traffic with time-based features and time frequency analysis

Gianmarco Baldini

202019 citationsDOI

Abstract

The classification of encrypted traffic has received increased attention by the research community in the cyber-security domains and network management domains. Classification of encrypted traffic can also expose privacy threats as the activities of an user can be detected and identified. This paper investigates the novel application of Time Frequency analysis to encrypted traffic classification. Features extracted from encrypted traffic are normalized and transformed to time series on which different time frequency transforms are applied. In particular, the constant-Q transform (CQT), the Continuous Wavelet Transform and the Wigner-Ville distribution are used. Then, different machine learning algorithms are applied to identify the different types of traffic. This approach is validated with the public ISCX VPN-nonVPN traffic dataset with time-based features extracted from the encrypted traffic. The results show the superior classification performance (evaluated using identification, precision and recall metrics) of the time frequency approach across different machine learning algorithms. Because analysis of encrypted traffic can also generate privacy threats, a technique to obfuscate the time based features and reduce the classification performance is also applied and successfully validated.

Topics & Concepts

EncryptionComputer scienceTraffic classificationTraffic analysisData miningTime–frequency analysisIdentification (biology)WaveletWavelet transformPrecision and recallArtificial intelligenceMachine learningPattern recognition (psychology)Computer networkComputer visionBiologyFilter (signal processing)Quality of serviceBotanyInternet Traffic Analysis and Secure E-votingNetwork Security and Intrusion DetectionDigital Media Forensic Detection
Analysis of Encrypted Traffic with time-based features and time frequency analysis | Litcius