Deep Learning for Network Traffic Classification
This work addresses network traffic classification for privacy-sensitive monitoring, but it is incremental as it builds on existing machine learning methods with a novel deep learning approach.
The paper tackles the problem of identifying applications and services from encrypted network traffic, which is challenging due to privacy concerns, by proposing an ensemble of deep learning architectures on packet, payload, and inter-arrival time sequences, achieving state-of-the-art performance with a model available on GitHub.
Monitoring network traffic to identify content, services, and applications is an active research topic in network traffic control systems. While modern firewalls provide the capability to decrypt packets, this is not appealing for privacy advocates. Hence, identifying any information from encrypted traffic is a challenging task. Nonetheless, previous work has identified machine learning methods that may enable application and service identification. The process involves high level feature extraction from network packet data then training a robust machine learning classifier for traffic identification. We propose a classification technique using an ensemble of deep learning architectures on packet, payload, and inter-arrival time sequences. To our knowledge, this is the first time such deep learning architectures have been applied to the Server Name Indication (SNI) classification problem. Our ensemble model beats the state of the art machine learning methods and our up-to-date model can be found on github: \url{https://github.com/niloofarbayat/NetworkClassification}