FlowPic: A Generic Representation for Encrypted Traffic Classification and Applications Identification

Tal Shapira*, Yuval Shavitt

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


Identifying the type of a network flow or a specific application has many advantages, such as, traffic engineering, or to detect and prevent application or application types that violate the organization's security policy. The use of encryption, such as VPN, makes such identification challenging. Current solutions rely mostly on handcrafted features and then apply supervised learning techniques for the classification. We introduce a novel approach for encrypted Internet traffic classification and application identification by transforming basic flow data into an intuitive picture, a FlowPic, and then using known image classification deep learning techniques, CNNs, to identify the flow category (browsing, chat, video, etc.) and the application in use. We show that our approach can classify traffic with high accuracy, both for a specific application, or a flow category, even for VPN and Tor traffic. Our classifier can even identify with high success new applications that were not part of the training phase for a category, thus, new versions or applications can be categorized without additional training.

Original languageEnglish
Article number9395707
Pages (from-to)1218-1232
Number of pages15
JournalIEEE Transactions on Network and Service Management
Issue number2
StatePublished - Jun 2021


FundersFunder number
Data Science Research Center at Tel-Aviv University
Israeli PMO
Tel Aviv University


    • Internet traffic classification
    • applications identification
    • convolutional neural networks
    • image recognition
    • security management


    Dive into the research topics of 'FlowPic: A Generic Representation for Encrypted Traffic Classification and Applications Identification'. Together they form a unique fingerprint.

    Cite this