Classification of Encrypted Web Traffic Using Machine Learning Algorithms
Abstract
The increasing usage of web services and encrypted network communication makes the network analysis of encrypted web traffic of utmost importance. This research evaluates the feasibility of using ML algorithms to classify web services within encrypted TLS flows. The ML algorithms are compared primarily based on classification accuracy. The runtimes of the classifiers are also considered, as classifiers must be able determine labels quickly in order to be used in near realtime network protection devices. Five ML algorithms are initially considered when analyzing only the first 12 packets: Naive Bayes, NBTree, LibSVM, J4.8, and AdaBoost+J4.8. AdaBoost+J4.8 and J4.8 produce the best accuracies and runtimes and are tested on flowlengths of 1-20 packets. J4.8 reaches a peak accuracy of 97.99% at 14 packets. AdaBoost+J4.8 peaks later at 18 packets with 98.41% accuracy. AdaBoost+J4.8 requires 21.55 microseconds to classify a single flow at peak accuracy, while J4.8 requires only 2.37 microseconds to classify at peak accuracy. The quick runtimes and high accuracies of the J4.8 and AdaBoost+J4.8 indicate that these ML algorithms are good choices for near real-time classification of web services within an encrypted TLS flow.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2013
- Accession Number
- ADA585816
Entities
People
- William C. Barto
Organizations
- Air Force Institute of Technology