WENC: HTTPS Encrypted Traffic Classification Using Weighted Ensemble Learning and Markov Chain

Abstract

SSL/TLS protocol is widely used for secure web applications (i.e., HTTPS). Classifying encrypted SSL/TLS based applications is an important but challenging task for network management. Traditional traffic classification methods are incapable of accomplishing this task. Several recently proposed approaches that focused on discriminating defining fingerprints among various SSL/TLS applications have also shown various limitations. In this paper, we design a Weighted ENsemble Classifier (WENC) to tackle these limitations. WENC studies the characteristics of various sub-flows during the HTTPS handshake process and the following data transmission period. To increase the fingerprint recognizability, we propose to establish a second-order Markov chain model with a fingerprint variable jointly considering the packet length and the message type during the process of HTTPS handshake. Furthermore, the series of the packet lengths of application data is modeled as HMM with optimal emission probability. Finally, a weighted ensemble strategy is devised to accommodate the advantages of several approaches as a unified one. Experimental results show that the classification accuracy of the proposed method reaches 90%, with an 11% improvement on average comparing to the state-of-the-art methods.