CLASSIFICATION FEATURES OF ENCRYPTED NETWORK TRAFFIC
Abstract
Currently, there is growing interest in the tasks of efficient packet network management:
quality of service, ensuring information security, optimization of the network hardware and software
resources. All these tasks rely heavily on the analysis and classification of network traffic.
This traffic is heterogeneous, as a rule, has a pulsating nature, difficult to predict and described by
the mathematical apparatus of random processes. At different times, the conditions for passingpackets along the same path can vary significantly. At the same time, a significant number of applications
are appearing requiring latency and jitter. The administration task in this context is to
correctly configure the switching and routing nodes. Traffic classification allows you to identify
packages of various applications and services and ensure their prioritization during transmission
over the network. For example, video conferencing traffic needs to be transmitted first of all, since
it is very sensitive to delays and jitter, data traffic can be transmitted last. The classification of
traffic today is an urgent task both in terms of network administration and in terms of ensuring its
security. Due to the fact that a large number of applications now encrypt the transmitted information
and it is very difficult to view its contents, the traffic classification is of particular interest,
which allows indirect signs to determine anomalies in the network, signs of intrusion. In this paper,
we consider the features of solving the classification problem of encrypted traffic. The aim of
the work is to study the classification features of encrypted traffic using correlation analysis and
an algorithm based on the difference in integral areas. Research Objectives: – develop a traffic
classification algorithm based on correlation and known patterns; – develop an algorithm based
on the difference of the integral areas under the traffic intensity curves; – conduct a practical
study of the accuracy of solving the classification problem. The work considers the classification
of traffic into three groups: audio, video, data. As a result, a sufficient accuracy of the correlation
algorithm in determining audio and data traffic was revealed. To identify video traffic, it is better
to use an algorithm based on the difference of the integral areas under the intensity curves.
References
review of network monitoring methods], Aktual'nye voprosy nauki i tekhniki: Sb. statey
[Current issues of science and technology: Collection of articles]. Penza: 2020, pp. 58-61.
2. Boldyrikhin N.V., Korochentsev D.A., Manakova A.N., Kachnov C.A. Osobennosti
ispol'zovaniya dinamicheskikh modeley pri opisanii setevogo oborudovaniya v zadachakh
monitoringa [Features of using dynamic models when describing network equipment in monitoring
tasks], Tr. Severo-Kavkazskogo filiala Moskovskogo tekhnicheskogo universiteta svyazi
i informatiki [Proceedings of the North Caucasus branch of the Moscow technical University
of communications and Informatics]. Rostov-on-Don, 2019, pp. 305-311.
3. Boldyrikhin N.V., Rybalko I.P., Sosnovskiy I.A., Girin I.S. Primenenie dinamicheskikh
modeley pri opisanii setevogo oborudovaniya v zadachakh monitoringa [Application of dynamic
models in the description of network equipment in monitoring tasks], Tr. Severo-
Kavkazskogo filiala Moskovskogo tekhnicheskogo universiteta svyazi i informatiki [Proceedings
of the North Caucasus branch of the Moscow technical University of communications and
Informatics]. Rostov-on-Don, 2017, pp. 70-73.
4. Knosal' V.M., Altunin F.A., Davydov R.V., Boldyrikhin N.V. Analiz matematicheskikh modeley
setey svyazi, ispol'zuemykh v zadachakh monitoringa [Analysis of mathematical models of
communication networks used in monitoring tasks], Tr. Severo-Kavkazskogo filiala
Moskovskogo tekhnicheskogo universiteta svyazi i informatiki [Proceedings of the North Caucasus
branch of the Moscow technical University of communications and Informatics]. Rostov-
on-Don, 2017, pp. 245-248.
5. Bukovshin V.A., Boldyrikhin N.V. Sravnitel'noe issledovanie tekhnologiy analiza intensivnosti
setevogo trafika [Comparative research of technologies for analyzing the intensity of network
traffic], Tr. Severo-Kavkazskogo filiala Moskovskogo tekhnicheskogo universiteta svyazi i
informatiki [Proceedings of the North Caucasus branch of the Moscow technical University of
communications and Informatics]. Rostov-on-Don, 2019, pp. 104-107.
6. Tatarnikova T.M. Statisticheskie metody issledovaniya setevogo trafika [Statistical methods of
network traffic research], Informatsionno-upravlyayushchie sistemy [Information and control
systems], 2018, No. 5 (96), pp. 35-43.
7. Altunin F.A., Knosal' V.M., Davydov R.V., Boldyrikhin N.V. Analiz metodov klassifikatsii
trafika [Analysis methods for traffic classification], Tr. Severo-Kavkazskogo filiala
Moskovskogo tekhnicheskogo universiteta svyazi i informatiki [Proceedings of the North Caucasus
branch of the Moscow technical University of communications and Informatics]. Rostov-
on-Donu, 2017, pp. 23-27.
8. Callado A., Kamienski C., Szabo G., Gero B., Kelner J., Fernandes S., Sadok D. A Survey on
Internet Traffic Identification, Communications Surveys & Tutorials, IEEE, 3rd Quarter 2009,
Vol. 11, Issue 3, pp. 37-52.
9. Risso F., Baldi M., Morandi O., Baldini A., Monclus P. Lightweight, payload-based traffic
classification: An experimental evaluation, in Proc. IEEE ICC, 2008, pp. 5869-5875.
10. Usovik S.V., Voronin A.V. Algoritm klassifikatsii trafika telekommunikatsionnoy seti [The
algorithm for classifying the traffic of a telecommunication network], Informatsionnye sistemy
i tekhnologii [Information systems and technologies], 2011, No. 1 (63), pp. 107-110.
11. Kuz'min V.V. Klassifikatsiya i identifikatsiya trafika v mul'tiservisnoy seti operatora svyazi
[Classification and identification of traffic in the operator's multiservice network],
Sovremennye problemy nauki i obrazovaniya [Modern problems of science and education],
2014, No. 5, pp. 231.
12. Markovich N.M. Analiz video trafika: klassifikatsiya i otsenivanie poter' peredachi [Video
traffic analysis: classification and estimation of transmission losses], Identifikatsiya sistem i
zadachi upravleniya (SICPRO ‘09): Tr. VIII mezhdunarodnoy konferentsii [Identification of
systems and management tasks (SICPRO ‘09): Proceedings of the VIII international conference].
Moscow, 2009, pp. 1035-1058.
13. Boldyrikhin N.V., Altunin F.A. Analiz metodov klassifikatsii trafika pri reshenii zadach
obespecheniya informatsionnoy bezopasnosti setey svyazi [Analysis of traffic classification
methods for solving problems of information security of communication networks], Aktual'nye
problemy nauki i tekhniki: Mater. natsional'noy nauchno-prakticheskoy konferentsii [Actual
problems of science and technology: Materials of the national scientific and practical conference].
Rostov-on-Don, 2019, pp. 356-357.
14. Vasilishin N.S., Ushakov I.A., Kotenko I.V. Issledovanie algoritmov analiza setevogo trafika s
ispol'zovaniem tekhnologiy bol'shikh dannykh dlya obnaruzheniya komp'yuternykh atak [Research
of algorithms for analyzing network traffic using big data technologies for detecting
computer attacks], Alleya nauki [Alley of science], 2018, Vol. 3, No. 6 (22), pp. 1012-1021.
15. Platonova A.V., Belousov A.A. Issledovanie metodov statisticheskogo analiza dlya poiska
anomaliy v setevom trafike [Research of statistical analysis methods for searching for anomalies
in network traffic], XIV Korolevskie chteniya: Cb. trudov mezhdunarodnoy molodezhnoy
nauchnoy konferentsii [XIV Royal readings: proceedings of the international youth scientific
conference]. Samara, 2017, pp. 85-86.
16. Bukovshin V.A., Boldyrikhin N.V. Sovremennye problemy informatsionnoy bezopasnosti
[Modern problems of information security], Sovremennye materialy, tekhnika i tekhnologiya:
Sb. statey [Modern materials, technique and technology: Collection of articles]. Kursk, 2018,
pp. 47-52.
17. Bukovshin V.A., Boldyrikhin N.V. Kiberbezopasnost' kak neot"emlemaya chast'
informatsionnogo mira [Cybersecurity as an integral part of the information world],
Sovremennye materialy, tekhnika i tekhnologiya: Sb. statey [Modern materials, technique and
technology: Collection of articles]. Kursk, 2018, pp. 52-55.
18. Tatarinov A.A., Boldyrikhin N.V. Analiz metodov obnaruzheniya vredonosnogo
programmnogo obespecheniya na osnove povedencheskikh priznakov [Analysis of methods
for detecting malicious software based on behavioral characteristics], Natsional'naya
bezopasnost' Rossii: aktual'nye aspekty: Sb. statey [National security of Russia: current aspects:
Collection of articles]. Saint Petersburg, 2020, pp. 18-22.
19. Tyurin K.A., Boldyrikhin N.V. Algoritm veroyatnostnoy identifikatsii pol'zovateley seti [Algorithm
for probabilistic identification of network users], Molodoy issledovatel' Dona [Young
don Explorer], 2016, No. 2 (2), pp. 81-86.
20. Kharitonova N.V., Negrysheva Ya.V., Boldyrikhin N.V. Ispol'zovanie tekhnologii VPN v
korporativnykh setyakh [Using VPN technology in corporate networks], Tr. Severo-
Kavkazskogo filiala Moskovskogo tekhnicheskogo universiteta svyazi i informatiki [Proceedings
of the North Caucasus branch of the Moscow technical University of communications and
Informatics]. Rostov-on-Don, 2013, pp. 250-252.
21. Asriyants S.V., Seleva A.V., Boldyrikhin N.V. Identifikatsiya ob"ekta nablyudeniya na osnove
istorii ego mestopolozheniy [Identification of an object of observation based on the history of
its locations], Advances in Science and Technology: Sb. statey IX mezhdunarodnoy nauchnoprakticheskoy
konferentsii [Advances in Science and Technology: Collection of articles of the
IX international scientific and practical conference]. Moscow, 2017, pp. 64-67.
