Introduction and justification of importance
Traffic classification is an important task in modern networks, including wireless ones. With the rapidly growing demand for high-speed traffic, it is essential to recognize the different types of applications using them to properly allocate network resources. Accurate traffic classification is essential for complex network management tasks such as Quality of Service, anomaly detection, attack detection, etc. Traffic classification has attracted a lot of interest in both academia and industry related with network management.
An example of the importance of classifying network traffic is the asymmetric architecture of modern network access channels, which was developed on the assumption that customers download more than they download. However, the ubiquity of symmetric demand applications (such as point-to-point applications, VoIP (voice over IP) and video calls) has impacted customer requirements, making the classic asymmetric architecture obsolete. The concept of Quality of Experience plays a key role in such situations. Some applications are insensitive to information latency (text chats, website visits), while video calls and streaming applications (Netflix, Spotify) are often latency critical. Thus, in order to ensure the satisfactory operation of the customer's device,knowledge of the application layer is required to allocate appropriate resources for each application.
Network traffic classification problems
The emergence of new applications and the interactions between various components on the Internet have dramatically increased the complexity and diversity of this network, making traffic classification a complex problem. Following are some of the most important network traffic classification issues.
First, the increased demands on privacy and encryption of user data have dramatically increased the amount of encrypted traffic on the Internet today. The encryption procedure turns the original information into a pseudo-random format in order to complicate its decryption. As a result, encrypted information contains almost no characteristic patterns for identifying network traffic. Consequently, the accurate classification of encrypted traffic has become a real challenge in today's networks.
-, , , , , . , .
, - P2P- (, Torrent-) - . , , . .
: (I) , , (II) (III) . , .
,
. TCP-UDP- , , , . IANA TCP-UDP . — , . - (ACL). . , (NAT), , . , 30% 70% - .
, . , deep packet inspection (DPI), (, ), «» . . , , . 2015 . DPI ([1]) (Sherry et al. 2015), payload , , HTTP Secure (HTTPS) .
, , , , . . 2007 . protocol fingerprints ([2]), . 91% , HTTP, Post Office Protocol 3 (POP3) Simple Mail Transfer Protocol (SMTP). . , (FTP), - (IMAP), SSH TELNET 87%.
, ISCX VPN-nonVPN, . [3] , , , , . . , K- (k-Nearest Neighbours) C4.5. 92% , ( -, , , , VoIP) C4.5. 88% , C4.5 , VPN.
, . , , .
Deep Packet
[4] , , . , “Deep Packet», , (, FTP P2P), , (, BitTorrent Skype). , Deep Packet , VPN- -VPN-. Deep Packet’ , stacked autoencoder (CNN). , , Deep Packet CNN , 0,98 0,94 . Deep Packet, 2020 , UNB ISCX VPN-nonVPN.
[1] Sherry J, Lan C, Popa RA, Ratnasamy S (2015) Blindbox: deep packet inspection over encrypted traffic. ACM SIGCOMM Comput Com- mun Rev ACM 45:213–226
[2] Crotti M, Dusi M, Gringoli F, Salgarelli L (2007) Traffic classification through simple statistical fingerprinting. ACM SIGCOMM Com- put Commun Rev 37(1):5–16
[3] Gil GD, Lashkari AH, Mamun M, Ghorbani AA (2016) Characteriza- tion of encrypted and vpn traffic using time-related features. In: Proceedings of the 2nd international conference on information systems security and privacy (ICISSP 2016), pp 407–414
[4] Lotfollahi, M., Jafari Siavoshani, M., Shirali Hossein Zade, R. et al. Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Comput 24, 1999–2012 (2020).