TY - JOUR
T1 - FlowPic
T2 - A Generic Representation for Encrypted Traffic Classification and Applications Identification
AU - Shapira, Tal
AU - Shavitt, Yuval
N1 - Publisher Copyright:
© 2004-2012 IEEE.
PY - 2021/6
Y1 - 2021/6
N2 - Identifying the type of a network flow or a specific application has many advantages, such as, traffic engineering, or to detect and prevent application or application types that violate the organization's security policy. The use of encryption, such as VPN, makes such identification challenging. Current solutions rely mostly on handcrafted features and then apply supervised learning techniques for the classification. We introduce a novel approach for encrypted Internet traffic classification and application identification by transforming basic flow data into an intuitive picture, a FlowPic, and then using known image classification deep learning techniques, CNNs, to identify the flow category (browsing, chat, video, etc.) and the application in use. We show that our approach can classify traffic with high accuracy, both for a specific application, or a flow category, even for VPN and Tor traffic. Our classifier can even identify with high success new applications that were not part of the training phase for a category, thus, new versions or applications can be categorized without additional training.
AB - Identifying the type of a network flow or a specific application has many advantages, such as, traffic engineering, or to detect and prevent application or application types that violate the organization's security policy. The use of encryption, such as VPN, makes such identification challenging. Current solutions rely mostly on handcrafted features and then apply supervised learning techniques for the classification. We introduce a novel approach for encrypted Internet traffic classification and application identification by transforming basic flow data into an intuitive picture, a FlowPic, and then using known image classification deep learning techniques, CNNs, to identify the flow category (browsing, chat, video, etc.) and the application in use. We show that our approach can classify traffic with high accuracy, both for a specific application, or a flow category, even for VPN and Tor traffic. Our classifier can even identify with high success new applications that were not part of the training phase for a category, thus, new versions or applications can be categorized without additional training.
KW - Internet traffic classification
KW - applications identification
KW - convolutional neural networks
KW - image recognition
KW - security management
UR - http://www.scopus.com/inward/record.url?scp=85103883073&partnerID=8YFLogxK
U2 - 10.1109/TNSM.2021.3071441
DO - 10.1109/TNSM.2021.3071441
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:85103883073
SN - 1932-4537
VL - 18
SP - 1218
EP - 1232
JO - IEEE Transactions on Network and Service Management
JF - IEEE Transactions on Network and Service Management
IS - 2
M1 - 9395707
ER -