FlowPic: A Generic Representation for Encrypted Traffic Classification and Applications Identification

• Published in: IEEE eTransactions on network and service management Vol. 18; no. 2; pp. 1218 - 1232
• Main Authors: Shapira, Tal, Shavitt, Yuval
• Format: Journal Article
• Language: English
• Published: New York IEEE 01.06.2021; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: applications identification; Classification; convolutional neural networks; Deep learning; Encryption; Feature extraction; Image classification; image recognition; Internet; Internet traffic classification; Machine learning; Payloads; security management; Social networking (online); Traffic control; Traffic engineering; Training; Virtual private networks
• ISSN: 1932-4537; 1932-4537
• DOI: 10.1109/TNSM.2021.3071441

Identifying the type of a network flow or a specific application has many advantages, such as, traffic engineering, or to detect and prevent application or application types that violate the organization's security policy. The use of encryption, such as VPN, makes such identification challenging. Current solutions rely mostly on handcrafted features and then apply supervised learning techniques for the classification. We introduce a novel approach for encrypted Internet traffic classification and application identification by transforming basic flow data into an intuitive picture, a FlowPic , and then using known image classification deep learning techniques, CNNs, to identify the flow category (browsing, chat, video, etc.) and the application in use. We show that our approach can classify traffic with high accuracy, both for a specific application, or a flow category, even for VPN and Tor traffic. Our classifier can even identify with high success new applications that were not part of the training phase for a category, thus, new versions or applications can be categorized without additional training.