A Framework & System for Classification of Encrypted Network Traffic using Machine Learning

Traffic classification solutions are widely used by network operators and law enforcement agencies (LEA) for application identification. Widespread use of encryption reduces the accuracy of traditional traffic classification solutions such as DPI (Deep Packet Inspection). Machine Learning based solutions offer promise to fill the gap. However, enabling such systems to operate accurately in high speed networks remains a challenge. This paper makes multiple contributions. First, we report on the development of MLTAT, a high speed network classification platform which integrates DPI and machine learning and which supports flexible deployment of binary or multi-class classification solutions. Second, we identify a set of robust features which fulfill a dual-constraint - support 10Gbps computation rates and sufficient accuracy in the supervised machine learning models proposed for network traffic classification. Third, we develop a set of labeled data suitable for training the system and a framework for larger scale ground truth generation using co-training. Our findings indicate detection rates around 90% across 8 traffic classes, benchmarked in the system at 10Gbps rates.