Identification of User Application by an External Eavesdropper using Machine Learning Analysis on Network Traffic

Abstract

An eavesdropper may infer the computer applications a person uses by collecting and analyzing the network traffic they generate. Such inference may be performed despite applying encryption on the generated packets. In this paper, we investigate the extent of the ability of several machine learning algorithms to perform this privacy breach on the network traffic generated by a user. We measure their accuracy in identifying different applications by analyzing several statistical properties of the generated traffic rather than looking into the encrypted content. We compare the performance of these algorithms and select the one with higher precision; random forest. We also evaluate the application of packet padding to modify the packet length to avoid identification by machine learning algorithms. We test the effect of packet padding on the identification ability of the various machine-learning algorithms. We investigate the performance of the random forest algorithm in detail when applied to intact and padded traffic. We show that padding may decrease the efficacy of a machine-learning algorithm when used for application classification.