A survey of methods for encrypted traffic classification and analysis

被引：262

作者：

Velan, Petr ^{[1
]}

Cermak, Milan ^{[1
]}

Celeda, Pavel ^{[1
]}

Drasar, Martin ^{[1
]}

机构：

[1] Masaryk Univ, Inst Comp Sci, Brno, Czech Republic

来源：

INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT | 2015年 / 25卷 / 05期

关键词：

encrypted traffic; monitoring; network; traffic classification; traffic analysis; machine learning; encryption protocols;

D O I：

10.1002/nem.1901

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

With the widespread use of encrypted data transport, network traffic encryption is becoming a standard nowadays. This presents a challenge for traffic measurement, especially for analysis and anomaly detection methods, which are dependent on the type of network traffic. In this paper, we survey existing approaches for classification and analysis of encrypted traffic. First, we describe the most widespread encryption protocols used throughout the Internet. We show that the initiation of an encrypted connection and the protocol structure give away much information for encrypted traffic classification and analysis. Then, we survey payload and feature-based classification methods for encrypted traffic and categorize them using an established taxonomy. The advantage of some of described classification methods is the ability to recognize the encrypted application protocol in addition to the encryption protocol. Finally, we make a comprehensive comparison of the surveyed feature-based classification methods and present their weaknesses and strengths. Copyright (c) 2015 John Wiley & Sons, Ltd.

引用

页码：355 / 374

页数：20

共 72 条

[1]

Global Internet Phenomena Report 1H 2014, (2014)

[2]

Dainotti A., Pescape A., Claffy K.C., Issues and future directions in traffic classification, Network, IEEE, 26, 1, pp. 35-40, (2012)

[3]

Nguyen T.T.T., Armitage G., A survey of techniques for internet traffic classification using machine learning, Communications Surveys & Tutorials, IEEE, 10, 4, pp. 56-76, (2008)

[4]

Zhang M., John W., Claffy K.C., Brownlee N., State of the art in traffic classification: A research review, Pam '09: 10th International Conference on Passive and Active Measurement, Student Workshop, Seoul, Korea, (2009)

[5]

Callado A., Kamienski C., Szabo G., Gero B., Kelner J., Fernandes S., Sadok D., A survey on internet traffic identification, Communications Surveys & Tutorials, IEEE, 11, 3, pp. 37-52, (2009)

[6]

Finsterbusch M., Richter C., Rocha E., Muller J.-A., Hanssgen K., A survey of payload-based traffic classification approaches, Communications Surveys & Tutorials, IEEE, 16, 2, pp. 1135-1156, (2014)

[7]

Cao Z., Xiong G., Zhao Y., Li Z., Guo L., A survey on encrypted traffic classification, Applications and Techniques in Information Security, pp. 73-81, (2014)

[8]

Khalife J., Hajjar A., Diaz-Verdejo J., A multilevel taxonomy and requirements for an optimal traffic-classification model, International Journal of Network Management, 24, 2, pp. 101-120, (2014)

[9]

ISO/IEC 7498-1:1994 Information Technology - Open Systems Interconnection - Basic Reference Model: The Basic Model, (1994)

[10]

Frankel S.E., Kent K., Lewkowski R., Orebaugh A.D., Ritchey R.W., Sharma S.R., Guide to IPsec VPNs, SP 800-77, National Institute of Standards & Technology, Gaithersburg, MD, United States, (2005)

← 1 2 3 4 5 6 7 8 →