VPN-Encrypted Network Traffic Classification Using a Time-Series Approach

IF 4.7 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Network and Service Management Pub Date : 2025-02-20 DOI:10.1109/TNSM.2025.3543903

Jaidip Kotak;Idan Yankelev;Idan Bibi;Yuval Elovici;Asaf Shabtai

{"title":"VPN-Encrypted Network Traffic Classification Using a Time-Series Approach","authors":"Jaidip Kotak;Idan Yankelev;Idan Bibi;Yuval Elovici;Asaf Shabtai","doi":"10.1109/TNSM.2025.3543903","DOIUrl":null,"url":null,"abstract":"Network traffic classification provides value to organizations and Internet service providers (ISPs). The identification of applications or services from network traffic enables organizations to better manage their business, and ISPs to offer services to their users. Given the vast quantity of traffic flowing in and out of organizations, it is impractical to write manual signatures for traffic identification. The effectiveness of machine learning (ML) in the identification of applications or services from network traffic has been demonstrated. Even when network traffic is encrypted, ML algorithms achieve high accuracy in the task of traffic identification based on statistical information and the packets’ headers and payloads. However, existing approaches were shown to be ineffective for VPN-encrypted network traffic. In this study, we propose a novel time-series based approach for the identification of traffic/source applications on VPN-encrypted traffic. We also demonstrate the broad applicability of our proposed approach by evaluating its effectiveness on non-VPN traffic that is encrypted, and on IoT traffic.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"22 2","pages":"2225-2242"},"PeriodicalIF":4.7000,"publicationDate":"2025-02-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network and Service Management","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10896753/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Network traffic classification provides value to organizations and Internet service providers (ISPs). The identification of applications or services from network traffic enables organizations to better manage their business, and ISPs to offer services to their users. Given the vast quantity of traffic flowing in and out of organizations, it is impractical to write manual signatures for traffic identification. The effectiveness of machine learning (ML) in the identification of applications or services from network traffic has been demonstrated. Even when network traffic is encrypted, ML algorithms achieve high accuracy in the task of traffic identification based on statistical information and the packets’ headers and payloads. However, existing approaches were shown to be ineffective for VPN-encrypted network traffic. In this study, we propose a novel time-series based approach for the identification of traffic/source applications on VPN-encrypted traffic. We also demonstrate the broad applicability of our proposed approach by evaluating its effectiveness on non-VPN traffic that is encrypted, and on IoT traffic.

查看原文本刊更多论文

使用时间序列方法进行 VPN 加密网络流量分类

网络流分类为组织和互联网服务提供商（isp）提供了价值。从网络流量中识别应用程序或服务使组织能够更好地管理其业务，并使isp能够向其用户提供服务。考虑到大量的流量流入和流出组织，编写用于流量识别的手动签名是不切实际的。机器学习（ML）在从网络流量中识别应用程序或服务方面的有效性已得到证明。即使在网络流量被加密的情况下，ML算法在基于统计信息和数据包的报头和有效负载的流量识别任务中也能达到很高的准确性。然而，现有的方法对vpn加密的网络流量是无效的。在这项研究中，我们提出了一种新的基于时间序列的方法来识别vpn加密流量上的流量/源应用。我们还通过评估其在加密的非vpn流量和物联网流量上的有效性来证明我们提出的方法的广泛适用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Network and Service Management Computer Science-Computer Networks and Communications

CiteScore

9.30

自引率

15.10%

发文量

325

期刊介绍： IEEE Transactions on Network and Service Management will publish (online only) peerreviewed archival quality papers that advance the state-of-the-art and practical applications of network and service management. Theoretical research contributions (presenting new concepts and techniques) and applied contributions (reporting on experiences and experiments with actual systems) will be encouraged. These transactions will focus on the key technical issues related to: Management Models, Architectures and Frameworks; Service Provisioning, Reliability and Quality Assurance; Management Functions; Enabling Technologies; Information and Communication Models; Policies; Applications and Case Studies; Emerging Technologies and Standards.