Encrypted Traffic Classification Using Graph Convolutional Networks

Traffic classification plays a vital role in the field of network management and network security. Because of the continuous evolution of new applications and services and the widespread use of encrypted communication technologies, it has become a difficult task. In this paper, we study the classification of encrypted traffic, where the purpose is to firstly distinguish betweenVirtual Private Networks (VPN) and regular encrypted traffic, and then classify the traffic into different traffic categories, such as file, email, etc. The available information in encrypted traffic classification is composed of two parts: the complex traffic-level features and the diverse network-side behaviors. To fully utilize these two parts of information, we propose an approach, called Encrypted Traffic Classification using Graph Convolutional Networks (ETC-GCN), which incorporates traffic-level characteristics with convolutional neural networks (CNN) and network-wide behavior with graph convolutional networks (GCN) in the communication network. We compare the proposed approach with existing start-of-the-art methods on four experiment scenarios, and the results demonstrate that ETC-GCN can improve the classification performance by considering the information of neighbor endpoints that communicated, and the internal features of the traffic together.