Encrypted Traffic characterization using None Zero payload and Payload Ratio Characteristics

Abstract

Traffic characterization has been the backbone of network maintenance procedures, such as limiting bandwidth for specific services. However, with today's network, traditional techniques fall short. Traffic characterization using machining learning has been intensively researched to alleviate the shortcomings of traditional methods. This paper proposed a Bi-direction Flow Non-zero Payload Flow (BIF-NZPF) data extraction scheme and Bi-direction Flow Payload Ratio feature (BIF-PR) for supervised traditional machine learning. Our approach is measured on a publicly available ISCX VPN-NonVPN dataset to classify 12 types of traffic using precision, recall, and accuracy. BIF-NZPF reduced the obscurity of application characteristics by filtering out TCP configuration packets. BIF-PR further detailed traffic characteristics using payload size distribution characteristics through local and global traffic flow while being lightly coupled with the duration of traffic flow. Lastly, the ISCX-VPN-NonVPN imbalance class issue is alleviated using a boosting ensemble algorithm, which improves performance.