Monitoring network traffic to identify content, services, and applications is an active research topic in network traffic control systems. While modern firewalls provide the capability to decrypt packets, this is not appealing for privacy advocates. Hence, identifying any information from encrypted traffic is a challenging task. Nonetheless, previous work has identified machine learning methods that may enable application and service identification. The process involves high level feature extraction from network packet data then training a robust machine learning classifier for traffic identification. We propose a classification technique using an ensemble of deep learning architectures on packet, payload, and inter-arrival time sequences. To our knowledge, this is the first time such deep learning architectures have been applied to the Server Name Indication (SNI) classification problem. Our ensemble model beats the state of the art machine learning methods and our up-to-date model can be found on github: \url{https://github.com/niloofarbayat/NetworkClassification}
翻译:监控网络流量以确定内容、服务和应用是网络交通控制系统的一个积极研究课题。 虽然现代防火墙提供了解密包的能力, 但这不是隐私倡导者的吸引力。 因此, 识别加密流量中的任何信息是一项艰巨的任务。 尽管如此, 先前的工作已经确定了能够应用和服务识别的机器学习方法。 这一过程需要从网络包数据中进行高层次的特征提取, 然后训练一个强大的机器学习分类器进行交通识别。 我们提出一种分类技术, 使用包、 有效载荷和回程间时间序列的深层学习结构组合。 根据我们的知识, 这是首次将这种深层学习结构应用于服务器名称识别( SNI) 的分类问题。 我们的游戏模型打破了艺术机器学习方法的现状, 我们最新的模型可以在 Github 上找到 :\ url{ https://github.com/ nilofarbayat/NetworkClassization}