Classification of Traffic Using Neural Networks by Rejecting: a Novel Approach in Classifying VPN Traffic
This addresses the need for accurate VPN traffic classification in network security, but it is incremental as it builds on existing neural network techniques.
The paper tackles the problem of classifying VPN traffic, which is challenging due to encryption, by introducing a cascade neural network method that rejects unrelated features, achieving 95% accuracy on the ISCX VPN-nonVPN dataset, outperforming state-of-the-art models.
In this paper, we introduce a novel end-to-end traffic classification method to distinguish between traffic classes including VPN traffic in three layers of the Open Systems Interconnection (OSI) model. Classification of VPN traffic is not trivial using traditional classification approaches due to its encrypted nature. We utilize two well-known neural networks, namely multi-layer perceptron and recurrent neural network to create our cascade neural network focused on two metrics: class scores and distance from the center of the classes. Such approach combines extraction, selection, and classification functionality into a single end-to-end system to systematically learn the non-linear relationship between input and predicted performance. Therefore, we could distinguish VPN traffics from non-VPN traffics by rejecting the unrelated features of the VPN class. Moreover, we obtain the application type of non-VPN traffics at the same time. The approach is evaluated using the general traffic dataset ISCX VPN-nonVPN, and an acquired dataset. The results demonstrate the efficacy of the framework approach for encrypting traffic classification while also achieving extreme accuracy, $95$ percent, which is higher than the accuracy of the state-of-the-art models, and strong generalization capabilities.