PSCM: Towards Practical Encrypted Unknown Protocol Classification

Abstract

Network traffic classification is the basis for network management, Quality of Service and intrusion detection. As the number of Internet applications increases, the variety of unknown protocols grows, posing a significant challenge to network traffic classification. Traditional rule-based traffic classification methods are currently limited by the rise of dynamic ports and encryption protocols. Statistical methods using statistical features have good recognition of protocols with public formats. However, there is no public protocol format for unknown protocols, making it challenging to extract useful features. This paper proposes a practical Probability Statistics and Cluster Merging (PSCM) method to automatically extract encrypted unknown protocol features and map the clustering results to the actual protocols. Experimental results on real-world network traffic show that the method achieves an accuracy of 99.28% and performs well in the sampling scenarios.