CLASSIFICATION FEATURES OF ENCRYPTED NETWORK TRAFFIC
Keywords:
Information security, traffic classification, encrypted traffic, statistical method, application, communication networkAbstract
Currently, there is growing interest in the tasks of efficient packet network management:
quality of service, ensuring information security, optimization of the network hardware and software
resources. All these tasks rely heavily on the analysis and classification of network traffic.
This traffic is heterogeneous, as a rule, has a pulsating nature, difficult to predict and described by
the mathematical apparatus of random processes. At different times, the conditions for passingpackets along the same path can vary significantly. At the same time, a significant number of applications
are appearing requiring latency and jitter. The administration task in this context is to
correctly configure the switching and routing nodes. Traffic classification allows you to identify
packages of various applications and services and ensure their prioritization during transmission
over the network. For example, video conferencing traffic needs to be transmitted first of all, since
it is very sensitive to delays and jitter, data traffic can be transmitted last. The classification of
traffic today is an urgent task both in terms of network administration and in terms of ensuring its
security. Due to the fact that a large number of applications now encrypt the transmitted information
and it is very difficult to view its contents, the traffic classification is of particular interest,
which allows indirect signs to determine anomalies in the network, signs of intrusion. In this paper,
we consider the features of solving the classification problem of encrypted traffic. The aim of
the work is to study the classification features of encrypted traffic using correlation analysis and
an algorithm based on the difference in integral areas. Research Objectives: – develop a traffic
classification algorithm based on correlation and known patterns; – develop an algorithm based
on the difference of the integral areas under the traffic intensity curves; – conduct a practical
study of the accuracy of solving the classification problem. The work considers the classification
of traffic into three groups: audio, video, data. As a result, a sufficient accuracy of the correlation
algorithm in determining audio and data traffic was revealed. To identify video traffic, it is better
to use an algorithm based on the difference of the integral areas under the intensity curves.
