A review on machine learning–based approaches for Internet traffic classification


Traffic classification acquired the interest of the Internet community early on. Different approaches have been proposed to classify Internet traffic to manage both security and Quality of Service (QoS). However, traditional classification approaches consisting of modifying the Transmission Control Protocol/Internet Protocol (TCP/IP) scheme have not been adopted due to their complex management. In addition, port-based methods and deep packet inspection have limitations in dealing with new traffic characteristics (e.g., dynamic port allocation, tunneling, encryption). Conversely, machine learning (ML) solutions effectively classify traffic down to the device type and specific user action. Another research direction aims to anonymize Internet traffic and thwart classification to maintain user privacy. Existing traffic surveys focus on classification and do not consider anonymization. Here, we review the Internet traffic classification and obfuscation techniques, largely considering the ML-based solutions. In addition, this paper presents a comprehensive review of various data representation methods, and the different objectives of Internet traffic classification. Finally, we present the key findings, limitations, and recommendations for future research.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8


  1. 1.

    Leiner BM, Cerf VG, Clark DD, Kahn RE, Kleinrock L, Lynch DC, Postel J, Roberts LG, Wolff S (2009) A brief history of the internet. ACM SIGCOMM Comput Commun Rev 39(5):22–31

    Google Scholar 

  2. 2.

    Salman Ola, Elhajj Imad, Chehab Ali, Kayssi Ayman (2018) Iot survey: an sdn and fog computing perspective. Comput Netw 143:221–246

    Google Scholar 

  3. 3.

    Seddiki MS, Shahbaz M, Donovan S, Grover S, Park M, Feamster N, Song YQ (2014) Flowqos: Qos for the rest of us. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, HotSDN ’14, pp 207–208. ACM, New York

  4. 4.

    Park B, Won Y, Chung J, Kim MS, Hong JWK (2013) Fine-grained traffic classification based on functional separation. Int J Netw Manag 23(5):350–381

    Google Scholar 

  5. 5.

    Aceto G, Dainotti A, De Donato W, Pescapé A (2010) Portload: taking the best of two worlds in traffic classification. In: 2010 INFOCOM IEEE Conference on Computer Communications Workshops, pp 1–5. IEEE

  6. 6.

    Tongaonkar A, Keralapura R, Nucci A (2012) Challenges in network application identification. In LEET

  7. 7.

    Razaghpanah A, Niaki AA, Rodriguez NV, Sundaresan S, Amann J, Gill P (2017) Studying tls usage in android apps. In: Proceedings of the 13th International Conference on Emerging Networking EXperiments and Technologies, coNEXT’17, pp 350–362. ACM, New York

  8. 8.

    Qin D, Yang J, Wang J, Zhang B (2011) Ip traffic classification based on machine learning. In: 2011 IEEE 13th International Conference on Communication Technology, pp 882–886, IEEE

  9. 9.

    Dromard J, Owezarski P, Mozo V, Ordozgoiti A, Vakaruk B (2016) Delivrable algorithms description: Traffic pattern evolution and unsupervised network anomaly detection ontic d4. 2

  10. 10.

    Namdev N, Agrawal S, Silkari S (2015) Recent advancement in machine learning based internet traffic classification. Procedia Computer Science 60:784–791

    Google Scholar 

  11. 11.

    Tabatabaei TS, Adel M, Karray F, Kamel M (2012) Machine learning-based classification of encrypted internet traffic. In: International Workshop on Machine Learning and Data Mining in Pattern Recognition. Springer, Berlin, pp 578–592

  12. 12.

    Cheng G, Hu Y (2018) Encrypted traffic identification based on n-gram entropy and cumulative sum test. In: Proceedings of the 13th International Conference on Future Internet Technologies, pp 9 ACM

  13. 13.

    Niemczyk B, Rao P (2014) Identification over encrypted channels. BlackHat USA

  14. 14.

    Alshammari R, Zincir-Heywood AN (2009) Machine learning based encrypted traffic classification: Identifying ssh and skype. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp 1–8. IEEE

  15. 15.

    Alshammari R, Zincir-Heywood AN (2015) How robust can a machine learning approach be for classifying encrypted voip? J Netw Syst Manag 23(4):830–869

    Google Scholar 

  16. 16.

    Bernaille L, Teixeira R (2007) Early recognition of encrypted applications. In: International Conference on Passive and Active Network Measurement, pp 165–175. Springer, Berlin

  17. 17.

    Cao Z, Xiong G, Zhao Y, Li Z, Guo L (2014) A survey on encrypted traffic classification. In: International Conference on Applications and Techniques in Information Security, pp 73–81. Springer, Berlin

  18. 18.

    Arndt DJ, Zincir-Heywood AN (2011) A comparison of three machine learning techniques for encrypted network traffic analysis. In: 2011 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), pp 107–114. IEEE

  19. 19.

    Gu C, Zhang S, Sun Y (2011) Realtime encrypted traffic identification using machine learning. JSW 6 (6):1009–1016

    Google Scholar 

  20. 20.

    He G, Xu B, Zhang L, Zhu H (2018) Mobile app identification for encrypted network flows by traffic correlation. Int J Distrib Sen Netw 14(12):1550147718817292

    Google Scholar 

  21. 21.

    Zhu H, Zhu L (2017) Encrypted network behaviors identification based on dynamic time warping and k-nearest neighbor. Cluster Computing, pp 1–10

  22. 22.

    Liu J, Fu Y, Ming J, Ren Y, Sun L, Xiong H (2017) Effective and real-time in-app activity analysis in encrypted internet traffic streams. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp 335–344 ACM

  23. 23.

    Lotfollahi M, Siavoshani MJ, Zade RSH, Saberian M (2017) Deep packet: a novel approach for encrypted traffic classification using deep learning, Soft Computing, pp 1–14

  24. 24.

    Mahdavi E, Fanian A, Hassannejad H (2018) Encrypted traffic classification using statistical features. ISeCure 10(1):29–43

    Google Scholar 

  25. 25.

    Wang Q, Yahyavi A, Kemme B, He W (2015) I know what you did on your smartphone: Inferring app usage over encrypted data traffic. In: 2015 IEEE Conference on Communications and Network Security (CNS), pp 433–441. IEEE

  26. 26.

    Xu Q, Liao Y, Miskovic S, Morley ZM, Baldi M, Nucci A, Andrews T (2015) Automatic generation of mobile app signatures from traffic observations. In: 2015 IEEE Conference on Computer Communications (INFOCOM), pp 1481–1489. IEEE

  27. 27.

    Rezaei S, Liu X (2019) Deep learning for encrypted traffic classification: an overview. IEEE communications magazine 57(5):76–81

    Google Scholar 

  28. 28.

    Leroux S, Bohez S, Maenhaut PJ, Meheus N, Simoens P, Dhoedt B (2018) Fingerprinting encrypted network traffic types using machine learning. In: NOMS 2018-2018 IEEE/IFIP Network Operations and Management Symposium, pp 1–5. IEEE

  29. 29.

    Saltaformaggio B, Choi H, Johnson K, Kwon Y, Zhang Q, Zhang X, Xu D, Qian J (2016) Eavesdropping on fine-grained user activities within smartphone apps over encrypted network traffic. In: 10th {USENIX}, Workshop on Offensive Technologies ({WOOT} 16)

  30. 30.

    Taylor VF, Spolaor R, Conti M, Martinovic I (2016) Appscanner: Automatic fingerprinting of smartphone apps from encrypted network traffic. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp 439–454. IEEE

  31. 31.

    Taylor VF, Spolaor R, Conti M, Martinovic I (2017) Robust smartphone app identification via encrypted network traffic analysis. IEEE Transactions on Information Forensics and Security 13(1):63–78

    Google Scholar 

  32. 32.

    Velan P, Čermák M, Čeleda P, drašar M (2015) A survey of methods for encrypted traffic classification and analysis. Int J Netw Manag 25(5):355–374

    Google Scholar 

  33. 33.

    Wang W, Zhu M, Wang J, Zeng X, Zhongzhen Y (2017) End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference On Intelligence and Security Informatics (ISI), pp 43–48. IEEE

  34. 34.

    Fu Y, Xiong H, Lu X, Yang J, Chen C (2016) Service usage classification with encrypted internet traffic in mobile messaging apps. IEEE Trans Mob Comput 15(11):2851–2864

    Google Scholar 

  35. 35.

    Liu Y, Chen J, Chang P, Yun X (2017) A novel algorithm for encrypted traffic classification based on sliding window of flow’s first n packets. In: 2017 2nd IEEE International Conference on Computational Intelligence and Applications (ICCIA), pp 463–470. IEEE

  36. 36.

    Claffy KC (1994) Internet traffic characterization. Department of Computer Science, San Diego

    Google Scholar 

  37. 37.

    Paxson V (1994) Empirically derived analytic models of wide-area tcp connections. IEEE/ACM transactions on Networking 2(4):316–336

    Google Scholar 

  38. 38.

    Dewes C, Wichmann A, Feldmann A (2003) An analysis of internet chat systems. In: Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement, pp 51–64

  39. 39.

    Vpn 2016 datasets research canadian institute for cybersecurity unb. https://www.unb.ca/cic/datasets/vpn.html, (Accessed on 10/02/2019)

  40. 40.

    Tor 2017 datasets research canadian institute for cybersecurity unb. https://www.unb.ca/cic/datasets/tor.html, (Accessed on 10/02/2019)

  41. 41.

    Yamansavascilar B, Amac Guvensan M, Gokhan Yavuz A, Karsligil ME (2017) Application identification via network traffic classification. In: 2017 International Conference on Computing, Networking and Communications (ICNC), pp 843–848. IEEE

  42. 42.

    Huang H, Deng H, Chen J, Han L, Wang W (2018) Automatic multi-task learning system for abnormal network traffic detection. Int J Emerg Technol Learn 13(4):4–20

    Google Scholar 

  43. 43.

    Computer laboratory - data. https://www.cl.cam.ac.uk/research/srg/netos/projects/brasil/data/index.html, (Accessed on 10/02/2019).

  44. 44.

    Moore AW, Zuev D (2005) Internet traffic classification using bayesian analysis techniques. In: ACM SIGMETRICS Performance Evaluation Review, ACM, vol 33, pp 50–60

  45. 45.

    Ertam F, Avci E (2017) A new approach for internet traffic classification: Ga-wk-elm. Measurement 95:135–142

    Google Scholar 

  46. 46.

    Li Z, Yuan R, Guan X (2007) Accurate classification of the internet traffic based on the svm method. In: 2007 IEEE International Conference on Communications, IEEE, pp 1373–1378

  47. 47.

    Cao J, Fang Z, Qu G, Sun H, Zhang D (2017) An accurate traffic classification model based on support vector machines. Int J Netw Manag 27(1):e1962

    Google Scholar 

  48. 48.

    Auld T, Moore AW, Gull SF (2007) Bayesian neural networks for internet traffic classification. IEEE Trans Neur Netw 18(1):223–239

    Google Scholar 

  49. 49.

    Ran J, Kong X, Lin G, Yuan D, Hu H (2017) A self-adaptive network traffic classification system with unknown flow detection. In: 2017 3rd IEEE International Conference on Computer and Communications (ICCC), pp 1215–1220. IEEE

  50. 50.

    Huang S, Chen K, Liu C, Liang A, Guan H (2009) A statistical-feature-based approach to internet traffic classification using machine learning. In: 2009 International Conference on Ultra Modern Telecommunications & Workshops, pp 1–6, IEEE

  51. 51.

    Shi H, Li H, Zhang D, Cheng C, Cao X (2018) An efficient feature generation approach based on deep learning and feature selection techniques for traffic classification. Comput Netw 132:81–98

    Google Scholar 

  52. 52.

    Yuan R, Li Z, Guan X, Xu L (2010) An svm-based machine learning method for accurate internet traffic classification. Inf Syst Front 12(2):149–156

    Google Scholar 

  53. 53.

    Schmidt B, Kountanis D, Al-Fuqaha A (2014) Artificial immune system inspired algorithm for flow-based internet traffic classification. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science, pp 664–667. IEEE

  54. 54.

    Ding Y (2016) Imbalanced network traffic classification based on ensemble feature selection. In: 2016 IEEE International Conference On Signal Processing, Communications and Computing (ICSPCC), pp 1–4. IEEE

  55. 55.

    Sun G, Chen T, Su Y, Li C (2018) Internet traffic classification based on incremental support vector machines. Mobile Networks and Applications 23(4):789–796

    Google Scholar 

  56. 56.

    Huang Y, Li Y, Qiang B (2016) Internet traffic classification based on min-max ensemble feature selection. In: 2016 International Joint Conference on Neural Networks (IJCNN), pp 3485–3492. IEEE

  57. 57.

    Dong S, Zhou DD, Ding W (2012) The study of network traffic identification based on machine learning algorithm. In: 2012 Fourth International Conference on Computational Intelligence and Communication Networks, pp 205–208. IEEE

  58. 58.

    Dashevskiy M, Luo Z (2012) Two methods for reliable classification of network traffic. Progress in Artificial Intelligence 1(3):223–234

    Google Scholar 

  59. 59.

    https://wand.net.nz/old/wand/publications/barcelona-2001.pdf, (Accessed on 10/02/2019)

  60. 60.

    Perera P, Tian YC, Fidge C, Kelly W (2017) A comparison of supervised machine learning algorithms for classification of communications network traffic. In: International Conference on Neural Information Processing, pp 445–454. Springer, Berlin

  61. 61.

    Roughan M, Sen S, Spatscheck O, Duffield N (2004) Class-of-service mapping for qos: a statistical signature-based approach to ip traffic classification. In: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pp 135–148. ACM

  62. 62.

    Erman J, Arlitt M, Mahanti A (2006) Traffic classification using clustering algorithms. In: Proceedings of the 2006 SIGCOMM workshop on Mining network data, pp 281–286. ACM

  63. 63.

    Erman J , Mahanti A, Arlitt M (2006) Qrp05-4: Internet traffic identification using machine learning. In: IEEE Globecom 2006, pp 1–6. IEEE

  64. 64.

    Peng L, Yang B, Chen Y, Chen Z (2016) Effectiveness of statistical features for early stage internet traffic identification. Int J Parallel Prog 44(1):181–197

    Google Scholar 

  65. 65.

    Peng L, Zhang H, Chen Y, Yang B (2017) Imbalanced traffic identification using an imbalanced data gravitation-based classification model. Comput Commun 102:177–189

    Google Scholar 

  66. 66.

    Hernández-Campos F, Nobel AB, Smith FD, Jeffay K (2003) Statistical clustering of internet communication patterns. computing science and statistics, pp. 35

  67. 67.

    Williams N, Zander S, Armitage G (2006) A preliminary performance comparison of five machine learning algorithms for practical ip traffic flow classification. ACM SIGCOMM Computer Communication Review 36(5):5–16

    Google Scholar 

  68. 68.

    McGregor A, Hall M, Lorier P, Brunskill J (2004) Flow clustering using machine learning techniques. In: International workshop on passive and active network measurement, pp 205–214. Springer, Berlin

  69. 69.

    Zander S, Nguyen T, Armitage G (2005) Self-learning ip traffic classification based on statistical flow characteristics. In: International Workshop on Passive and Active Network Measurement, pp 325–328. Springer, Berlin

  70. 70.

    Zander S, Nguyen T, Armitage G (2005) Automated traffic classification and application identification using machine learning. In: The IEEE Conference on Local Computer Networks 30th Anniversary (LCN’05) l, pp 250–257. IEEE

  71. 71.

    Este A, Gringoli F, Salgarelli L (2009) Support vector machines for tcp traffic classification. Comput Netw 53(14):2476–2490

    MATH  Google Scholar 

  72. 72.

    Park J, Tyan HR, Kuo CCJ (2006) Ga-based internet traffic classification technique for qos provisioning. In: 2006 International Conference on Intelligent Information Hiding and Multimedia, pp 251–254. IEEE

  73. 73.

    Dusi M, Gringoli F, Salgarelli L (2008) Ip traffic classification for qos guarantees: The independence of packets. In: 2008 Proceedings of 17th International Conference on Computer Communications and Networks, pp 1–8. IEEE

  74. 74.

    Kim H, Claffy KC, Fomenkov M, Barman D, Faloutsos M, Lee K (2008) Internet traffic classification demystified: myths, caveats, and the best practices. In: Proceedings of the 2008 ACM coNEXT conference, pp 11 ACM

  75. 75.

    mawi.wide.ad.jp. http://mawi.wide.ad.jp/mawi/, (Accessed on 10/02/2019).

  76. 76.

    Carela-Español V, Barlet-Ros P, Bifet A, Fukuda K (2016) A streaming flow-based technique for traffic classification applied to 12 + 1 years of internet traffic. Telecommun Syst 63(2):191–204

    Google Scholar 

  77. 77.

    Mongkolluksamee S, Visoottiviseth V, Fukuda K (2016) Combining communication patterns & traffic patterns to enhance mobile traffic identification performance. J Inform Process 24(2):247–254

    Google Scholar 

  78. 78.

    Allard F, Dubois R, Gompel P, Morel M (2011) Tunneling activities detection using machine learning techniques. J Telecommun Inform Technol 37–42

  79. 79.

    Hui D, Sun GL, Li DD (2013) A hybrid method for network traffic classification. In: proceedings of 2013 2nd International Conference on Measurement Information and Control, IEEE, vol 1, pp 653–656

  80. 80.

    Ghofrani F, Keshavarz-Haddad A, Jamshidi A (2018) A new probabilistic classifier based on decomposable models with application to internet traffic. Pattern Recogn 77:1–11

    Google Scholar 

  81. 81.

    Raveendran R, Menon RR (2016) A novel aggregated statistical feature based accurate classification for internet traffic. In: 2016 International Conference on Data Mining and Advanced Computing (SAPIENCE), pp 225–232. IEEE

  82. 82.

    Wang R, Shi L, Jennings B (2013) Ensemble classifier for traffic in presence of changing distributions. In: 2013 IEEE Symposium on Computers and Communications (ISCC), pp 000629–000635, IEEE

  83. 83.

    Divakaran DM, Su L, Liau YS, Thing VLL (2015) Slic: Self-learning intelligent classifier for network traffic. Comput Netw 91:283–297

    Google Scholar 

  84. 84.

    Chen X, Zhang J, Xiang Y, Zhou W (2013) Traffic identification in semi-known network environment. In: 2013 IEEE 16th International Conference on Computational Science and Engineering, pp 572–579. IEEE

  85. 85.

    Borgnat P, Dewaele G, Fukuda K, Abry P, Cho K (2009) Seven years and one day: Sketching the evolution of internet traffic. In: IEEE INFOCOM 2009, pages 711–719. IEEE

  86. 86.

    Aureli D, Cianfrani A, Diamanti A, Vilchez JMS, Secci S (2020) Going beyond diffserv in ip traffic classification. In: IEEE/IFIP Network Operations and Management Symposium (NOMS)

  87. 87.

    Ibrahim HAH, Al Zuobi ORA, Al-Namari MA, MohamedAli G, Abdalla AAA (2016) Internet traffic classification using machine learning approach: Datasets validation issues. In: 2016 Conference of Basic Sciences and Engineering Studies (SGCAC), pp 158–166. IEEE

  88. 88.

    Mllib — apache spark. https://spark.apache.org/mllib/, (Accessed on 02/16/2020)

  89. 89.

    Apache mahout. https://mahout.apache.org/, (Accessed on 02/16/2020)

  90. 90.

    Home - open source leader in ai and ml. https://www.h2o.ai/, (Accessed on 02/16/2020)

  91. 91.

    Apache samoa. https://samoa.incubator.apache.org/, (Accessed on 02/16/2020)

  92. 92.

    Apache flink 1.4 documentation: Flinkml - machine learning for flink. https://ci.apache.org/projects/flink/flink-docs-release-1.4/dev/libs/ml/, (Accessed on 02/16/2020)

  93. 93.

    Oryx – overview. http://oryx.io/, (Accessed on 02/16/2020)

  94. 94.

    Github - vowpalwabbit/vowpal_wabbit: Vowpal wabbit is a machine learning system which pushes the frontier of machine learning with techniques such as online, hashing, allreduce, reductions, learning2search, active, and interactive learning. https://github.com/VowpalWabbit/vowpal_wabbit, (Accessed on 02/16/2020)

  95. 95.

    Weka 3 - mining big data with open source machine learning software in java. https://www.cs.waikato.ac.nz/ml/weka/bigdata.html, (Accessed on 02/16/2020)

  96. 96.

    Gómez SE, Hernández-Callejo L, Martínez BC, Sánchez-Esguevillas AJ (2019) Exploratory study on class imbalance and solutions for network traffic classification. Neurocomputing 343:100–119

    Google Scholar 

  97. 97.

    Hasibi R, Shokri M, Dehghan M (2019) Augmentation scheme for dealing with imbalanced network traffic classification using deep learning. arXiv:1901.00204

  98. 98.

    Nbar2 or next generation nbar - cisco. https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/network-based-application-recognition-nbar/qa_c67-697963.html, (Accessed on 10/02/2019)

  99. 99.

    Peng L, Zhang H, Yang B, Su M, Chen Y (Dec 2016) On the effectiveness of packet sampling for early stage traffic identification. In: 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). pp 468–473

  100. 100.

    Landset Sara, Khoshgoftaar Taghi M, Richter Aaron N, Hasanin Tawfiq (2015) A survey of open source tools for machine learning with big data in the hadoop ecosystem. J Big Data 2(1):24

    Google Scholar 

  101. 101.

    Maier G, Sommer R, Dreger H, Feldmann A, Paxson V, Schneider F (2008) Enriching network security analysis with time travel. In: Proceedings of the ACM SIGCOMM 2008 conference on Data communication, pp 183–194

  102. 102.

    Dpi engine - r&s® pace 2 — deep packet inspection from ipoque gmbh, a rohde & schwarz company. https://www.ipoque.com/products/dpi-engine-rsrpace-2, (Accessed on 10/02/2019)

  103. 103.

    Github - thomasbhatia/opendpi: Opendpi v.3.10. https://github.com/thomasbhatia/OpenDPI, (Accessed on 10/02/2019)

  104. 104.

    Application layer packet classifier for linux. http://l7-filter.sourceforge.net/, (Accessed on 10/02/2019)

  105. 105.

    Deri L, Martinelli M, Bujlow T, Cardigliano A (2014) ndpi: Open-source high-speed deep packet inspection. In: 2014 International Wireless Communications and Mobile Computing Conference (IWCMC), pp 617–622. IEEE

  106. 106.

    Alcock S, Nelson R (2012) Libprotoident: traffic classification using lightweight packet inspection. WAND Network Research Group, Tech. Rep.

  107. 107.

    Aouini Z, Kortebi A, Ghamri-Doudane Y (2016) Towards understanding residential internet traffic: From packets to services. In: 2016 7th International Conference on the Network of the Future (NOF), pp 1–7. IEEE

  108. 108.

    Dusi M, Gringoli F, Salgarelli L (2011) Quantifying the accuracy of the ground truth associated with internet traffic traces. Comput Netw 55(5):1158–1167

    Google Scholar 

  109. 109.

    Alizadeh H, Zúquete A (2016) Traffic classification for managing applications’ networking profiles. Security and Communication Networks 9(14):2557–2575

    Google Scholar 

  110. 110.

    Coralreef software suite. https://www.caida.org/tools/measurement/coralreef/, (Accessed on 10/02/2019)

  111. 111.

    Dehghani F, Movahhedinia N, Khayyambashi MR, Kianian S (2010) Real-time traffic classification based on statistical and payload content features. In: 2010 2nd international workshop on intelligent systems and applications, pp 1–4. IEEE

  112. 112.

    Le A, Varmarken J, Langhoff S, Shuba A, Gjoka M, Markopoulou A (2015) Antmonitor: A system for monitoring from mobile devices. In: Proceedings of the 2015 ACM SIGCOMM Workshop on Crowdsourcing and Crowdsharing of Big (Internet) Data, pp 15–20 ACM

  113. 113.

    Razaghpanah A, Vallina-Rodriguez N, Sundaresan S, Kreibich C, Gill P, Allman M, Paxson V (2015) Haystack:, A multi-purpose mobile vantage point in user space. arXiv:1510.01419

  114. 114.

    Liu Z, Wang R (2016) Mobilegt: A system to collect mobile traffic trace and build the ground truth. In: 2016 26th International telecommunication networks and applications conference (ITNAC), pp 142–144. IEEE

  115. 115.

    Cisco visual networking index: Forecast and trends, 2017–2022 white paper - cisco. https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/white-paper-c11-741490.html, (Accessed on 10/02/2019)

  116. 116.

    Abdalla BMA, Jamil HA, Hamdan M, Bassi JS, Ismail I, Marsono MN (2017) Multi-stage feature selection for on-line flow peer-to-peer traffic identification. In: Asian simulation conference, pp 509–523. Springer, Berlin

  117. 117.

    Peng L, Zhang H, Yang B, Chen Y (2014) Feature evaluation for early stage internet traffic identification. In: International conference on algorithms and architectures for parallel processing, pp 511–525. Springer, Berlin

  118. 118.

    Aun Y, Manickam S, Karuppayah S (2017) A review on features’ robustness in high diversity mobile traffic classifications. Inter J Commun Netwo Inf Secur 9(2):294

    Google Scholar 

  119. 119.

    Shafiq M, Yu X, Wang D (2017) Robust feature selection for im applications at early stage traffic classification using machine learning algorithms. In: 2017 IEEE 19th international conference on high performance computing and communications; IEEE 15th international conference on smart city; ieee 3rd international conference on data science and systems (HPCC/SmartCity/DSS), pp 239–245. IEEE

  120. 120.

    Dainotti A, Pescapé A, Kim H (2011) Traffic classification through joint distributions of packet-level statistics. In: 2011 IEEE Global Telecommunications conference-GLOBECOM 2011, pp 1–6. IEEE

  121. 121.

    Filiposka S, Mishkovski I (2013) Smartphone user’s traffic characteristics and modelling. Trans Netw Commun 1(1):14–40

    Google Scholar 

  122. 122.

    Karagiannis T, Papagiannaki K, Faloutsos M (2005) Blinc: multilevel traffic classification in the dark. In: ACM SIGCOMM computer communication review. ACM, vol 35, pp 229–240

  123. 123.

    Karagiannis T, Papagiannaki K, Taft N, Faloutsos M (2007) Profiling the end host. In: International Conference on Passive and Active Network Measurement, pp 186–196. Springer, Berlin

  124. 124.

    Cao J, Chen A, Widjaja I, Zhou N (2008) Online identification of applications using statistical behavior analysis. In: IEEE GLOBECOM 2008-2008 IEEE Global Telecommunications Conference, pp 1–6. IEEE

  125. 125.

    Meiss M, Menczer F, Vespignani A (2011) Properties and evolution of internet traffic networks from anonymized flow data. ACM Trans Internet Technol (TOIT) 10(4):15

    Google Scholar 

  126. 126.

    Lee SW, Park JS, Lee HS, Kim MS (2011) A study on smart-phone traffic analysis. In: 2011 13th Asia-Pacific Network Operations and Management Symposium, pp 1–7. IEEE

  127. 127.

    Chung JY, Choi Y, Park B, Hong JWK (2011) Measurement analysis of mobile traffic in enterprise networks. In: 2011 13th Asia-Pacific Network Operations and Management Symposium, pp 1–4. IEEE

  128. 128.

    Mitevski B, Filiposka S (2013) Smartphone traffic review. In: International Conference on ICT Innovations, pp 291–301. Springer, Berlin

  129. 129.

    Okabe T, Kitamura T, Shizuno T (2006) Statistical traffic identification method based on flow-level behavior for fair voip service. In: 1st IEEE workshop on VoIP management and security, 2006., pp 35–40. IEEE

  130. 130.

    Hu Y, Chiu DM, Lui JCS (2008) Application identification based on network behavioral profiles. In: 2008 16th interntional workshop on quality of service, pp 219–228. IEEE

  131. 131.

    Yu K, Liu Y, Qing L, Wang B, Cheng Y (2018) Positive and unlabeled learning for user behavior analysis based on mobile internet traffic data. IEEE Access 6:37568–37580

    Google Scholar 

  132. 132.

    Moore A, Zuev D, Crogan M (2013) Discriminators for use in flow-based classification Technical report

  133. 133.

    Haffner P, Sen S, Spatscheck O, Wang D (2005) Acas: automated construction of application signatures. In: Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data, pp 197–202. ACM

  134. 134.

    Conti M, Mancini LV, Spolaor R, Verde NV (2015) Analyzing android encrypted network traffic to identify user actions. IEEE Trans Inf Forensics Secur 11(1):114–125

    Google Scholar 

  135. 135.

    Acar A, Fereidooni H, Abera T, Sikder AK, Miettinen M, Aksu H, Conti M, Sadeghi AR, Uluagac AS (2018) Peek-a-boo:, I see your smart home activities, even encrypted!. arXiv:1808.02741

  136. 136.

    Xu Q, Andrews T, Liao Y, Miskovic S, Mao ZM, Baldi M, Nucci A (2014) Flowr: a self-learning system for classifying mobileapplication traffic. In: ACM SIGMETRICS Performance Evaluation Review, vol 42, pp 569–570

  137. 137.

    Hur M, Kim MS (2012) Towards smart phone traffic classification. In: 2012 14th Asia-Pacific Network Operations and Management Symposium (APNOMS), pp 1–4. IEEE

  138. 138.

    Murgia A, Ghidini G, Emmons SP, Bellavista P (2016) Lightweight internet traffic classification: A subject-based solution with word embeddings. In: 2016 IEEE International Conference on Smart Computing (SMARTCOMP), pp 1–8. IEEE

  139. 139.

    Gonzalez R, Manco F, Garcia-Duran A, Mendes J, Huici F, Niccolini S, Niepert M (2017) Net2vec:, Deep learning for the network. arXiv:1705.03881

  140. 140.

    Goo YH, Shim KS, Lee SK, Kim MS (2016) Payload signature structure for accurate application traffic classification. In: 2016 18th Asia-pacific network operations and management symposium (APNOMS), pp 1–4. IEEE

  141. 141.

    Nowak J, Korytkowski M, Nowicki R, Scherer R, Siwocha A (2018) Random forests for profiling computer network users. In: International Conference on Artificial Intelligence and Soft Computing, pp 734–739. Springer, Berlin

  142. 142.

    Zhang Z, Zhang Z, Lee PPC, Liu Y, Xie G (2014) Toward unsupervised protocol feature word extraction. IEEE J Sel Area Commun 32(10):1894–1906

    Google Scholar 

  143. 143.

    Maier G, Schneider F, Feldmann A (2010) A first look at mobile hand-held device traffic. In: International Conference on Passive and Active Network Measurement, pp 161–170. Springer, Berlin

  144. 144.

    Chen Z, Yu B, Zhang Y, Zhang J, Xu J (2016) Automatic mobile application traffic identification by convolutional neural networks. In: 2016 IEEE Trustcom/bigdataSE/ISPA, pp 301–307. IEEE

  145. 145.

    Chen Z, He K, Li J, Geng Y (2017) Seq2img: A sequence-to-image based approach towards ip traffic classification using convolutional neural networks. In: 2017 IEEE International Conference on Big Data (Big Data), pp 1271–1276. IEEE

  146. 146.

    Wang W, Sheng Y, Wang J, Zeng X, Ye X, Huang Y, Zhu M (2017) Hast-ids: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6:1792–1806

    Google Scholar 

  147. 147.

    Li Z, Qin Z, Huang Z, Yang X, Ye S (2017) Intrusion detection using convolutional neural networks for representation learning. In: International conference on neural information processing, pp 858–866. Springer

  148. 148.

    Wang Z (2015) The applications of deep learning on traffic identification, BlackHat USA. pp 24

  149. 149.

    Wang W, Zhu M, Zeng X, Ye X, Sheng Y (2017) Malware traffic classification using convolutional neural network for representation learning. In: 2017 International conference on information networking (ICOIN), pp 712–717. IEEE

  150. 150.

    Salman O, Elhajj IH, Chehab A, Kayssi A (2018) A multi-level internet traffic classifier using deep learning. In: 2018 9th International conference on the network of the future (NOF), pp 68–75. IEEE

  151. 151.

    Aceto G, Ciuonzo D, Montieri A, Pescapé A (2018) Mobile encrypted traffic classification using deep learning. In: 2018 Network traffic measurement and analysis conference (TMA), pp 1–8. IEEE

  152. 152.

    Liu Z, Wang R, Japkowicz N, Cai Y, Tang D, Cai X (2019) Mobile app traffic flow feature extraction and selection for improving classification robustness. J Netw Comput Appl 125:190–208

    Google Scholar 

  153. 153.

    Dai S, Tongaonkar A, Wang X, Nucci A, Song D (2013) Networkprofiler: Towards automatic fingerprinting of android apps. In: 2013 Proceedings IEEE INFOCOM, pp 809–817. IEEE

  154. 154.

    Schmidt B, Al-Fuqaha A, Gupta A, Kountanis D (2017) Optimizing an artificial immune system algorithm in support of flow-based internet traffic classification. Appl Soft Comput 54:1–22

    Google Scholar 

  155. 155.

    Mongkolluksamee S, Visoottiviseth V, Fukuda K (2015) Enhancing the performance of mobile traffic identification with communication patterns. In: 2015 IEEE 39th annual computer software and applications conference, IEEE, vol 2, pp 336–345

  156. 156.

    Holeña M, Pulc P, Kopp M Classification methods for internet applications

  157. 157.

    Bishop CM (2006) Pattern recognition and machine learning springer

  158. 158.

    Theodoridis S, Koutroumbas K (2009) Pattern recognition–fourth edition

  159. 159.

    Goodfellow I, Bengio Y, Courville A (2016) Deep learning. book in preparation for mit press. URL< http://www.deeplearningbook.org. pp 1

  160. 160.

    Yuan Z, Wang C (2016) An improved network traffic classification algorithm based on hadoop decision tree. In: IEEE International conference of online analysis and computing science (ICOACS), pp 53–56. IEEE

  161. 161.

    Hu LT, Zhang LJ (2012) Real-time internet traffic identification based on decision tree. In: World Automation Congress 2012, pp 1–3. IEEE

  162. 162.

    Lingyu J, Yang L, Bailing W, Hongri L, Guodong X (2017) A hierarchical classification approach for tor anonymous traffic. In: 2017 IEEE 9th International conference on communication software and networks (ICCSN), pp 239–243. IEEE

  163. 163.

    Dias KL, Pongelupe MA, Caminhas WM, Errico LD (2019) An innovative approach for real-time network traffic classification. Comput Netw 158:143–157

    Google Scholar 

  164. 164.

    Ning J, Yang M, Cheng S, Dong Q, Xiong H (2011) An efficient svm-based method for multi-class network traffic classification. In: 30th IEEE International performance computing and communications conference, pp 1–8. IEEE

  165. 165.

    Hong Y, Huang C, Nandy B, Seddigh N (2015) Iterative-tuning support vector machine for network traffic classification. In: IFIP/IEEE International symposium on integrated network management (IM), pp 458–466. IEEE

  166. 166.

    Sabzekar M, Moghaddam MHY, Naghibzadeh M (2013) Tcp traffic classification using relaxed constraints support vector machines. In: Integration of practice-oriented knowledge technology: Trends and prospectives, pp 129–139. Springer, Berlin

  167. 167.

    Zhou W, Dong L, Bic L, Zhou M, Chen L (2011) Internet traffic classification using feed-forward neural network. In: 2011 International conference on computational problem-solving (ICCP), pp 641–646. IEEE

  168. 168.

    Dong S, Zhou D, Zhou W, Ding W, Gong J (2013) Research on network traffic identification based on improved bp neural network. Appl Math & Inform Sci 7(1):389–398

    Google Scholar 

  169. 169.

    Dong S, Li R (2019) Traffic identification method based on multiple probabilistic neural network model. Neural Comput & Appl 31(2):473–487

    Google Scholar 

  170. 170.

    Smit D, Millar K, Page C, Cheng A, Chew HG, Lim CC (2017) Looking deeper: Using deep learning to identify internet communications traffic. In: 2017 Australasian conference of undergraduate research (ACUR)

  171. 171.

    Liu Y, Zhang S, Bo D, Li X, Yipeng W (2018) A cascade forest approach to application classification of mobile traces. In: 2018 IEEE Wireless Communications and Networking Conference (WCNC), pp 1–6. IEEE

  172. 172.

    Fadlullah ZM, Tang F, Mao B, Kato N, Akashi O, Inoue T, Mizutani K (2017) State-of-the-art deep learning: Evolving machine intelligence toward tomorrow’s intelligent network traffic control systems. IEEE Commun Surv & Tut 19(4):2432–2455

    Google Scholar 

  173. 173.

    Hahn D, Apthorpe N, Feamster N (2018) Detecting compressed cleartext traffic from consumer internet of things devices. arXiv:1805.02722

  174. 174.

    Vinayakumar R, Soman KP, Poornachandran P (2017) Applying convolutional neural network for network intrusion detection. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp 1222–1228. IEEE

  175. 175.

    Zhang C, Patras P, Haddadi H (2019) Deep learning in mobile and wireless networking: A survey. IEEE Communications Surveys & Tutorials

  176. 176.

    Gugelmann D (2017) Deep learning and machine learning for network traffic analysis. SIGS Technology Conference 2017 Hacking Day

  177. 177.

    Lim HK, Kim JB, Heo JS, Kim K, Hong YG, Han YH (2019) Packet-based network traffic classification using deep learning. In: 2019 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), pp 046–051. IEEE

  178. 178.

    Aceto G, Ciuonzo D, Montieri A, Pescapé A (2019) Mobile encrypted traffic classification using deep learning: Experimental evaluation, lessons learned, and challenges. IEEE Trans Netw Serv Manag

  179. 179.

    LeCun Y, Bottou L, Bengio Y, Haffner P, et al. (1998) Gradient-based learning applied to document recognition. Proc IEEE 86(11):2278–2324

    Google Scholar 

  180. 180.

    Krizhevsky A, Sutskever I, Hinton GE (2012) Imagenet classification with deep convolutional neural networks. In: Advances in neural information processing systems, pp 1097–1105

  181. 181.

    Cs231n convolutional neural networks for visual recognition. http://cs231n.github.io/convolutional-networks/, (Accessed on 10/02/2019)

  182. 182.

    Szegedy C, Liu W, Jia Y, Sermanet P, Reed S, Anguelov D, Erhan D, Vanhoucke V, Rabinovich A (2015) Going deeper with convolutions. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp 1–9

  183. 183.

    Rezaei S, Liu X (2018) How to achieve high classification accuracy with just a few labels:, A semi-supervised approach using sampled packets. arXiv:1812.09761

  184. 184.

    Lopez-Martin M, Carro B, Sanchez-Esguevillas A, Lloret J (2017) Network traffic classifier with convolutional and recurrent neural networks for internet of things. IEEE Access 5:18042–18050

    Google Scholar 

  185. 185.

    He K, Zhang X, Ren S, Sun J (2016) Deep residual learning for image recognition. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp 770–778

  186. 186.

    Recurrent neural network - wikipedia. https://en.wikipedia.org/wiki/Recurrent_neural_network, (Accessed on 10/02/2019)

  187. 187.

    Munther A, Othman RR, Alsaadi AS, Mohammed Anbar (2016) A performance study of hidden markov model and random forest in internet traffic classification. In: Information science and applications (ICISA) 2016, pp 319–329. Springer, Berlin

  188. 188.

    Dainotti A, Pescape A, Rossi PSS, Iannello G, Palmieri F, Ventre G (2006) Qrp07-2: An hmm approach to internet traffic modeling. In: IEEE Globecom 2006, pp 1–6. IEEE

  189. 189.

    Maia JEB, Holanda Filho R (2010) Internet traffic classification using a hidden markov model. In: 2010 10th International conference on hybrid intelligent systems, pp 37–42. IEEE

  190. 190.

    Gómez SE, Martínez BC, Sánchez-Esguevillas AJ, Hernández Callejo L (2017) Ensemble network traffic classification: Algorithm comparison and novel ensemble scheme proposal. Comput Netw 127:68–80

    Google Scholar 

  191. 191.

    Wang C, Tongge X, Qin X (2015) Network traffic classification with improved random forest. In: 2015 11th International conference on computational intelligence and security (CIS), pp 78–81. IEEE

  192. 192.

    Sun G, Liang L, Chen T, Xiao F, Lang F (2018) Network traffic classification based on transfer learning. Comput & Electr Eng 69:920–927

    Google Scholar 

  193. 193.

    Shafiq M, Yu X, Wang D (2017) Network traffic classification using machine learning algorithms. In: International conference on intelligent and interactive systems and applications, pp 621–627. Springer, Berlin

  194. 194.

    Michael AKJ, Valla E, Neggatu NS, Moore AW (2017) Network traffic classification via neural Technical report. University of Cambridge, Computer Laboratory

  195. 195.

    Wang B, Zhang J, Zhang Z, Luo W, Xia D (2016) Traffic identification in big internet data. In: Big Data Concepts, Theories, and Applications, pp 129–156. Springer, Berlin

  196. 196.

    Shafiq M, Yu X, Bashir AK, Chaudhry HN, Wang D (2018) A machine learning approach for feature selection traffic classification using security analysis. J Supercomput 74(10):4867–4892

    Google Scholar 

  197. 197.

    Usama M, Qadir J, Raza A, Arif H, Yau KLA, Elkhatib Y, Hussain A, Al-Fuqaha A (2019) Unsupervised machine learning for networking: Techniques, applications and research challenges. IEEE Access 7:65579–65615

    Google Scholar 

  198. 198.

    Kim J, Sim A, Tierney B, Suh S, Kim I (2019) Multivariate network traffic analysis using clustered patterns. Computing 101(4):339–361

    MathSciNet  Google Scholar 

  199. 199.

    Conti M, Mancini LV, Spolaor R, Verde NV (2015) Can’t you hear me knocking: Identification of user actions on android apps via traffic analysis. In: Proceedings of the 5th ACM Conference on data and application security and privacy, pp 297–304 ACM

  200. 200.

    Dewaele G, Himura Y, Borgnat P, Fukuda K, Abry P, Michel O, Fontugne R, Cho K, Esaki H (2010) Unsupervised host behavior classification from connection patterns. Int J Netw Manag 20(5):317–337

    Google Scholar 

  201. 201.

    Erman J, Mahanti A, Arlitt M, Williamson C (2007) Identifying and discriminating between web and peer-to-peer traffic in the network core. In: Proceedings of the 16th International conference on World Wide Web, pp 883–892 ACM

  202. 202.

    Yuan J, Li Z, Yuan R (2008) Information entropy based clustering method for unsupervised internet traffic classification. In: 2008 IEEE International conference on communications, pp 1588–1592. IEEE

  203. 203.

    Yang C, Wang F, Huang B (2009) Internet traffic classification using dbscan. In: 2009 WASE International conference on information engineering, IEEE, vol 2, pp 163–166

  204. 204.

    Zhang J, Qian Z, Shou G, Hu Y (2010) Traffic identification method based on on-line density based spatial clustering algorithm. In: 2010 2nd IEEE International conference on network infrastructure and digital content, pp 270–274. IEEE

  205. 205.

    Bernaille L, Teixeira R, Salamatian K (2006) Early application identification. In: 2006 Proceedings of the ACM coNEXT conference, pp 6. ACM

  206. 206.

    Bernaille L, Teixeira R, Akodkenou I, Soule A, Salamatian K (2006) Traffic classification on the fly. ACM SIGCOMM Comput Commun Rev 36(2):23–26

    Google Scholar 

  207. 207.

    Zhang M, Zhang H, Zhang B, Lu G (2012) Encrypted traffic classification based on an improved clustering algorithm. In: International conference on trustworthy computing and services, pp 124–131. Springer, Berlin

  208. 208.

    Höchst J, Baumgärtner L, Hollick M, Freisleben B (2017) Unsupervised traffic flow classification using a neural autoencoder. In: 2017 IEEE 42Nd Conference on local computer networks (LCN), pp 523–526. IEEE

  209. 209.

    Li D, Zhu Y, Lin W (2017) Traffic identification of mobile apps based on variational autoencoder network. In: 2017 13th International conference on computational intelligence and security (CIS), pp 287–291. IEEE

  210. 210.

    Liu S, Hu J, Hao S, Song T (2016) Improved em method for internet traffic classification. In: 2016 8th International conference on knowledge and smart technology (KST), pp 13–17. IEEE

  211. 211.

    Zhao Y, Chen J, You G, Teng T (2016) Network traffic classification model based on mdl criterion. In: Advanced multimedia and ubiquitous engineering, pp 1–8. Springer, Berlin

  212. 212.

    Wang Y, Xiang Y, Zhang J, Zhou W, Wei G, Yang LT (2013) Internet traffic classification using constrained clustering. IEEE Trans Parall Distr Syst 25(11):2932–2943

    Google Scholar 

  213. 213.

    Laner M, Svoboda P, Rupp M (2014) Detecting m2m traffic in mobile cellular networks. In: IWSSIP 2014 Proceedings, pp 159–162. IEEE

  214. 214.

    Szabó G, Szüle J, Turányi Z, Pongrácz G (2012) Multi-level machine learning traffic classification system. In: The Eleventh International Conference on Networks, pp 69–77

  215. 215.

    Shaikh ZA, Harkut DG (2015) A novel framework for network traffic classification using unknown flow detection. In: 2015 Fifth International conference on communication systems and network technologies, pp 116–121. IEEE

  216. 216.

    Zhang J, Chen X, Xiang Y, Zhou W, Wu J (2015) Robust network traffic classification. IEEE/ACM Trans Netw (TON) 23(4):1257–1270

    Google Scholar 

  217. 217.

    Zhang J, Chen C, Xiang Y, Zhou W (2013) Robust network traffic identification with unknown applications. In: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, pp 405–414 ACM

  218. 218.

    Zhang J, Chen X, Xiang Y, Zhou W (2013) Zero-day traffic identification. In: Cyberspace Safety and Security, pp 213–227. Springer, Berlin

  219. 219.

    Li W, Moore AW (2007) A machine learning approach for efficient traffic classification. In: 2007 15th International symposium on modeling, analysis, and simulation of computer and telecommunication systems, pp 310–317. IEEE

  220. 220.

    Zhang J, Chen C, Xiang Y, Zhou W, Vasilakos AV (2013) An effective network traffic classification method with unknown flow detection. IEEE Trans Netw Serv Manag 10(2):133–147

    Google Scholar 

  221. 221.

    Zhang J, Xiang Y, Zhou W, Wang Y (2013) Unsupervised traffic classification using flow statistical properties and ip packet payload. J Comput Syst Sci 79(5):573–585

    MathSciNet  Google Scholar 

  222. 222.

    Bakhshi T, Ghita B (2016) On internet traffic classification: a two-phased machine learning approach, J Comput Netw Commun, pp 2016

  223. 223.

    Glennan T, Leckie C, Erfani SM (2016) Improved classification of known and unknown network traffic flows using semi-supervised machine learning. In: Australasian conference on information security and privacy, pp 493–501. Springer, Berlin

  224. 224.

    Amaral P, Dinis J, Pinto P, Bernardo L, Tavares J, Mamede HS (2016) Machine learning in software defined networks: Data collection and traffic classification. In: 2016 IEEE 24th International conference on network protocols (ICNP), pp 1–5. IEEE

  225. 225.

    Fahad A, Almalawi A, Tari Z, Alharthi K, Al Qahtani FS, Cheriet M (2019) Semtra: a semi-supervised approach to traffic flow labeling with minimal human effort. Pattern Recogn 91:1–12

    Google Scholar 

  226. 226.

    Rotsos C, Gael JV, Moore AW, Ghahramani Z (2010) Probabilistic graphical models for semi-supervised traffic classification. In: Proceedings of the 6th International wireless communications and mobile computing conference, pp 752–757 ACM

  227. 227.

    Erman J, Mahanti A, Arlitt M, Cohen I, Williamson C (2007) Offline/realtime traffic classification using semi-supervised learning. Perform Eval 64(9-12):1194–1213

    Google Scholar 

  228. 228.

    Gao J, Liang F, Fan W, Sun Y, Han J (2011) A graph-based consensus maximization approach for combining multiple supervised and unsupervised models. IEEE Trans Knowl Data Eng 25(1):15–28

    Google Scholar 

  229. 229.

    Almalawi AM, Fahad A, Tari Z, Cheema MA, Khalil I (2015) k nnvwc: An efficient k-nearest neighbors approach based on various-widths clustering. IEEE Trans Knowl Data Eng 28(1):68–81

    Google Scholar 

  230. 230.

    Vlăduţu A, Comăneci D, Dobre C (2017) Internet traffic classification based on flows’ statistical properties with machine learning. Int J Netw Manag 27(3):e1929

    Google Scholar 

  231. 231.

    Li X, Qi F, Xu D, Qiu K (2011) An internet traffic classification method based on semi-supervised support vector machine. In: 2011 IEEE International conference on communications (ICC), pp 1–5. IEEE

  232. 232.

    Qian F, Hu G, Yao X (2008) Semi-supervised internet network traffic classification using a gaussian mixture model. AEU-Inter J Electr Commun 62(7):557–564

    Google Scholar 

  233. 233.

    Crotti M, Dusi M, Gringoli F, Salgarelli L (2007) Traffic classification through simple statistical fingerprinting. ACM SIGCOMM Comput Commun Rev 37(1):5–16

    Google Scholar 

  234. 234.

    Sun GL, Xue Y, Dong Y, Wang D, Chenglong Li (2010) An novel hybrid method for effectively classifying encrypted traffic. In: 2010 IEEE Global telecommunications conference GLOBECOM 2010, pp 1–5. IEEE

  235. 235.

    Shi H, Li H, Zhang D, Cheng C, Wu W (2017) Efficient and robust feature extraction and selection for traffic classification. Comput Netw 119:1–16

    Google Scholar 

  236. 236.

    Lu CN, Huang CY, Lin YD, Lai YC (2016) High performance traffic classification based on message size sequence and distribution. J Netw Comput Appl 76:60–74

    Google Scholar 

  237. 237.

    Kim J, Hwang J, Kim K (2016) High-performance internet traffic classification using a markov model and kullback-leibler divergence. Mob Inf Syst, 2016

  238. 238.

    Wang Y, Nelson R (2009) Identifying network application layer protocol with machine learning. In: Proc passive and active network measurement (PAM 09), Seoul, Korea

  239. 239.

    Moore AW, Papagiannaki K (2005) Toward the accurate identification of network applications. In: International workshop on passive and active network measurement, pp 41–54. Springer, Berlin

  240. 240.

    Wang P, Lin SC, Lou M (2016) A framework for qos-aware traffic classification using semi-supervised machine learning in sdns. In: 2016 IEEE International conference on services computing (SCC), pp 760–765. IEEE

  241. 241.

    Jiang H, Moore AW, Ge Z, Jin S, Wang J (2007) Lightweight application classification for network management. In: 2007 Proceedings of the SIGCOMM workshop on internet network management, pp 299–304. ACM

  242. 242.

    Chen T, Zeng Y (2009) Classification of traffic flows into qos classes by unsupervised learning and knn clustering. KSII Trans Internet Inform Syst 3(2):134–146

    Google Scholar 

  243. 243.

    Seddiki MS, Shahbaz M, Donovan S, Grover S, Park M, Feamster N, Song YQ (2015) Flowqos: per-flow quality of service for broadband access networks, Technical report, Georgia Institute of Technology

  244. 244.

    Park J, Tyan HR, Kuo CCJ (2006) Internet traffic classification for scalable qos provision. In: 2006 IEEE International conference on multimedia and expo, pp 1221–1224. IEEE

  245. 245.

    Zai-jian W, Dong Y, Shi H, Lingyun Y, Tang P (2016) Internet video traffic classification using qos features. In: 2016 International conference on computing, networking and communications (ICNC), pp 1–5. IEEE

  246. 246.

    Yang J, Zhang S, Zhang X, Liu J, Cheng G (2013) Characterizing smartphone traffic with mapreduce. In: 2013 16th International symposium on wireless personal multimedia communications (WPMC), pp 1–5. IEEE,

  247. 247.

    Seufert M, Casas P, Wehner N, Gang L, Li K (2019) Stream-based machine learning for real-time qoe analysis of encrypted video streaming traffic. In: 2019 22nd Conference on innovation in clouds, internet and networks and workshops (ICIN), pp 76–81. IEEE

  248. 248.

    Bujlow T, Riaz T, Pedersen JM (2012) A method for classification of network traffic based on c5. 0 machine learning algorithm. In: 2012 international conference on computing, networking and communications (ICNC), pp 237–241. IEEE

  249. 249.

    Kortebi A, Aouini Z, Delahaye C, Javaudin JP, Ghamri-Doudane Y (2017) A platform for home network traffic monitoring. In: IFIP/IEEE Symposium on integrated network and service management (IM), pp 895–896. IEEE

  250. 250.

    Iwai T, Nakao A (2016) Adaptive mobile application identification through in-network machine learning. In: 2016 18th Asia-pacific network operations and management symposium (APNOMS), pp 1–6. IEEE

  251. 251.

    Grajzer M, Koziuk M, Szczechowiak P, Pescapé A (2012) multi-classification approach for the detection and identification of ehealth applications. In: 2012 21st International conference on computer communications and networks (ICCCN), pp 1–6. IEEE

  252. 252.

    Valenti S, Rossi D (2011) Identifying key features for p2p traffic classification. In: 2011 IEEE International conference on communications (ICC), pp 1–6. IEEE

  253. 253.

    Baghel SK, Keshav K, Manepalli VR (2012) An investigation into traffic analysis for diverse data applications on smartphones. In: 2012 National conference on communications (NCC), pp 1–5. IEEE

  254. 254.

    Pektaş A (2018) Proposal of machine learning approach for identification of instant messaging applications in raw network traffic. Inter J Intell Syst Appl Eng 6(2):97–102

    Google Scholar 

  255. 255.

    Choi Y, Chung JY, Park B, Hong JWK (2012) Automated classifier generation for application-level mobile traffic identification. In: 2012 IEEE Network operations and management symposium, pp 1075–1081. IEEE

  256. 256.

    Bonfiglio D, Mellia M, Meo M, Ritacca N, Rossi D (2008) Tracking down skype traffic. In: IEEE INFOCOM 2008-The 27th Conference on computer communications, pp 261–265. IEEE

  257. 257.

    Kampeas J, Cohen A, Gurewitz O (2018) Traffic classification based on zero-length packets. IEEE Trans Netw Serv Manag 15(3):1049–1062

    Google Scholar 

  258. 258.

    Aceto G, Ciuonzo D, Montieri A, Pescapé A (2017) Traffic classification of mobile apps through multi-classification. In: GLOBECOM 2017-2017 IEEE Global communications conference, pp 1–6. IEEE

  259. 259.

    Tsompanidis I, Zahran AH, Sreenan CJ (2014) Mobile network traffic: A user behaviour model. In: 2014 7th IFIP Wireless and Mobile Networking Conference (WMNC), pp 1–8. IEEE

  260. 260.

    Vassio L, Drago I, Mellia M (2016) Detecting user actions from http traces: Toward an automatic approach. In: 2016 International Wireless Communications and Mobile Computing Conference (IWCMC), pp 50–55. IEEE

  261. 261.

    Aiolli F, Conti M, Gangwal A, Polato M (2019) Mind your wallet’s privacy: identifying bitcoin wallet apps and user’s actions through network traffic analysis. In: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, pp 1484–1491 ACM

  262. 262.

    Miettinen M, Marchal S, Hafeez I, Asokan N, Sadeghi AR, Tarkoma S (2017) Iot sentinel: Automated device-type identification for security enforcement in iot. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp 2177–2184. IEEE

  263. 263.

    Salman O, Chaddad L, Elhajj IH, Chehab A, Kayssi A (2018) Pushing intelligence to the network edge. In: 2018 Fifth International Conference on Software Defined Systems (SDS), pp 87–92. IEEE

  264. 264.

    Sivanathan A, Gharakheili HH, Loi F, Radford A, Wijenayake C, Vishwanath A, Sivaraman V (2018) Classifying iot devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing

  265. 265.

    Copos B, Levitt K, Bishop M, Rowe J (2016) Is anybody home? inferring activity from smart home network traffic. In: 2016 IEEE Security and Privacy Workshops (SPW), pp 245–251. IEEE

  266. 266.

    Bezawada B, Bachani M, Peterson J, Shirazi H, Ray I, Ray I (2018) Iotsense:, Behavioral fingerprinting of iot devices. arXiv:1804.03852

  267. 267.

    Sciancalepore S, Ibrahim OA, Oligeri G, Di Pietro R (2019) Picking a needle in a haystack:, Detecting drones via network traffic analysis. arXiv:1901.03535

  268. 268.

    Ortiz J, Crawford C, Le F (2019) Devicemien: network device behavior modeling for identifying unknown iot devices. In: Proceedings of the International Conference on Internet of Things Design and Implementation, pp 106–117 ACM

  269. 269.

    Yang K, Li Q, Sun L (2019) Towards automatic fingerprinting of iot devices in the cyberspace. Comput Netw 148:318–327

    Google Scholar 

  270. 270.

    Dabbagh YS, Saad W (2019) Authentication of wireless devices in the internet of things: Learning and environmental effects IEEE Internet of Things Journal

  271. 271.

    Noguchi H, Kataoka M, Yamato Y (2019) Device identification based on communication analysis for the internet of things. IEEE Access 7:52903–52912

    Google Scholar 

  272. 272.

    Salman O, Elhajj IH, Chehab A, Kayssi A A machine learning based framework for iot device identification and abnormal traffic detection. Transactions on Emerging Telecommunications Technologies, 0(0):e3743. e3743 ETT-19-0273.R1.

  273. 273.

    Alipour-Fanid A, Dabaghchian M, Wang N, Wang P, Zhao L, Zeng K (2019) Machine learning-based delay-aware uav detection over encrypted wi-fi traffic. IEEE CNS

  274. 274.

    Le F, Ortiz J, Verma D, Kandlur D (2019) Policy-based identification of iot devices’ vendor and type by dns traffic analysis. In: Policy-Based Autonomic Data Governance, pp 180–201. Springer, Berlin

  275. 275.

    Gopalratnam K, Basu S, Dunagan J, Wang HJ (2006) Automatically extracting fields from unknown network protocols. In: First Workshop on Tackling Computer Systems Problems with Machine Learning Techniques (SysML06)

  276. 276.

    Zhao S, Chen S, Sun Y, Cai Z, Su J (2019) Identifying known and unknown mobile application traffic using a multilevel classifier, Secur Commun Netw pp 2019

  277. 277.

    Kalmanek CR, Misra S, Yang YR (2010) Guide to reliable internet services and applications. Springer Science & Business Media

  278. 278.

    Xie Y, Deng H, Peng L, Chen Z (2018) Accurate identification of internet video traffic using byte code distribution features. In: International Conference on Algorithms and Architectures for Parallel Processing, pages 46–58. Springer, Berlin

  279. 279.

    Canovas A, Jimenez JM, Romero O, Lloret J (2018) Multimedia data flow traffic classification using intelligent models based on traffic patterns. IEEE Netw 32(6):100–107

    Google Scholar 

  280. 280.

    Nguyen TD, Marchal S, Miettinen M, Asokan N, Sadeghi AR (2018) Dïot: a self-learning system for detecting compromised iot devices, CoRR, vol. abs/1804.07474

  281. 281.

    Meidan Y, Bohadana M, Shabtai A, Ochoa M, Tippenhauer NO, Guarnizo JD, Elovici Y (2017) Detection of unauthorized iot devices using machine learning techniques. arXiv:1709.04647

  282. 282.

    Siby S, Maiti RR, Tippenhauer N (2017) Iotscanner:, Detecting and classifying privacy threats in iot neighborhoods. arXiv:1701.05007

  283. 283.

    Kawai H, Ata S, Nakamura N, Oka I (2017) Identification of communication devices from analysis of traffic patterns. In: 2017 13th International Conference on Network and Service Management (CNSM), pp 1–5. IEEE

  284. 284.

    Bai L, Yao L, Kanhere SS, Wang X, Yang Z (2018) Automatic device classification from network traffic streams of internet of things. In: 2018 IEEE 43rd Conference on Local Computer Networks (LCN), pp 1–9. IEEE

  285. 285.

    Robyns P, Marin E, Lamotte W, Quax P, Singelée D, Preneel B (2017) Physical-layer fingerprinting of lora devices using supervised and zero-shot learning. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp 58–63 ACM

  286. 286.

    Das R, Gadre A, Zhang S, Kumar S, Moura JMF (2018) A deep learning approach to iot authentication. In: 2018 IEEE International Conference On Communications (ICC), pp 1–6. IEEE

  287. 287.

    Feamster N, Balazinska M, Harfst G, Balakrishnan H, Karger DR (2002) Infranet: Circumventing web censorship and surveillance. In: In USENIX Security Symposium, pp 247–262

  288. 288.

    Protocol obfuscation - emule wiki. http://wiki.emule-web.de/Protocol_obfuscation, (Accessed on 10/02/2019)

  289. 289.

    Wiley B (2011) Dust: A blocking-resistant internet transport protocol. Technical rep ort. http://blanu. net/Dust. pdf

  290. 290.

    Wang Q, Gong X, Nguyen GTK, Houmansadr A, Borisov N (2012) Censorspoofer: asymmetric communication using ip spoofing for censorship-resistant web browsing. In: Proceedings of the 2012 ACM conference on Computer and communications security, pp 121–132 ACM

  291. 291.

    Weinberg Z, Wang J, Yegneswaran V, Briesemeister L, Cheung S, Wang F, Boneh D (2012) Stegotorus: a camouflage proxy for the tor anonymity system. In: Proceedings of the 2012 ACM conference on Computer and communications security, pp 109–120 ACM

  292. 292.

    Moghaddam HM, Li B, Derakhshani M, Goldberg I (2012) Skypemorph: Protocol obfuscation for tor bridges. In: Proceedings of the 2012 ACM conference on Computer and communications security, pp 97–108 ACM

  293. 293.

    Dyer KP , Coull SE , Ristenpart T, Shrimpton T (2012) Peek-a-boo, i still see you: Why efficient traffic analysis countermeasures fail. In: 2012 IEEE symposium on security and privacy, pp 332–346. IEEE

  294. 294.

    pluggable-transports/obfsproxy - pluggable transport for obfuscated traffic. https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs2/obfs2-protocol-spec.txt, (Accessed on 10/02/2019)

  295. 295.

    Flash proxies. https://crypto.stanford.edu/flashproxy/, (Accessed on 10/02/2019)

  296. 296.

    Winter P, Pulls T, Fuss J (2013) Scramblesuit:, A polymorph network protocol to circumvent censorship. arXiv:1305.3199

  297. 297.

    Houmansadr A, Riedl TJ, Borisov N, Singer AC (2013) I want my voice to be heard: Ip over voice-over-ip for unobservable censorship circumvention. In NDSS

  298. 298.

    obfs3-protocol-spec.txt\obfs3\doc - pluggable-transports/obfsproxy - pluggable transport for obfuscated traffic. https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs3/obfs3-protocol-spec.txt, (Accessed on 10/02/2019)

  299. 299.

    Dyer KP, Coull SE, Ristenpart T, Shrimpton T (2013) Protocol misidentification made easy with format-transforming encryption. In: Proceedings of the ACM SIGSAC conference on Computer & communications security, pp 61–72. ACM

  300. 300.

    doc/meek – tor bug tracker & wiki. https://trac.torproject.org/projects/tor/wiki/doc/meek, (Accessed on 10/16/2019).

  301. 301.

    Gardiner J, Nagaraja S (2014) Blindspot:, Indistinguishable anonymous communications. arXiv:1408.0784

  302. 302.

    Lv J, Zhu C, Tang S, Yang C (2014) Deepflow: Hiding anonymous communication traffic in p2p streaming networks. Wuhan Univ J Nat Sci 19(5):417–425

    Google Scholar 

  303. 303.

    Li S, Schliep M, Hopper N (2014) Facet: Streaming over videoconferencing for censorship circumvention. In: Proceedings of the 13th Workshop on Privacy in the Electronic Society, pp 163–172 ACM

  304. 304.

    Github - yawning/obfs4: The obfourscator (courtesy mirror). https://github.com/Yawning/obfs4, (Accessed on 10/02/2019)

  305. 305.

    Tang Y, Lin P, Luo Z (2015) psobj: Defending against traffic analysis with pseudo-objects. In: International Conference on Network and System Security, pp 96–109. Springer, Berlin

  306. 306.

    Tang Y, Lin P, Luo Z (2014) Obfuscating encrypted web traffic with combined objects. In: International Conference on Information Security Practice and Experience, pp 90–104. Springer, Berlin

  307. 307.

    Li Y, Dai R, Zhang J (2014) Morphing communications of cyber-physical systems towards moving-target defense. In: 2014 IEEE International Conference on Communications (ICC), pp 592–598. IEEE

  308. 308.

    Moore WB, Tan H, Sherr M, Maloof MA (2015) Multi-class traffic morphing for encrypted voip communication. In: International Conference on Financial Cryptography and Data Security, pp 65–85. Springer, Berlin

  309. 309.

    Kohls K, Holz T, Kolossa D, Pöpper C (2016) Skypeline: Robust hidden data transmission for voip. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp 877–888 ACM

  310. 310.

    McPherson R, Houmansadr A, Shmatikov V (2016) Covertcast: Using live streaming to evade internet censorship. Proceedings on Privacy Enhancing Technologies 2016(3):212–225

    Google Scholar 

  311. 311.

    Barradas D, Santos N, Rodrigues L (2017) deltashaper: Enabling unobservable censorship-resistant tcp tunneling over videoconferencing streams. Proceedings on Privacy Enhancing Technologies 2017(4):5–22

    Google Scholar 

  312. 312.

    Li F, Razaghpanah A, Kakhki AM, Niaki AA, Choffnes D, Gill P, Mislove A (2017) lib∙ erate,(n): A library for exposing (traffic-classification) rules and avoiding them efficiently. In: Proceedings of the 2017 Internet Measurement Conference, pp 128–141 ACM

  313. 313.

    Cai X, Nithyanand R, Wang T, Johnson R, Goldberg I (2014) A systematic approach to developing Evaluating website fingerprinting defenses. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp 227–238. ACM

  314. 314.

    Iacovazzi A, Elovici Y (2016) Network flow watermarking: a survey. IEEE Commun Surv & Tut 19(1):512–530

    Google Scholar 

  315. 315.

    Dixon L, Ristenpart T, Shrimpton T (2016) Network traffic obfuscation and automated internet censorship. IEEE Secur & Privacy 14(6):43–53

    Google Scholar 

  316. 316.

    Ghaleb TA (2016) Techniques and countermeasures of website/wireless traffic analysis and fingerprinting. Clust Comput 19(1):427–438

    Google Scholar 

  317. 317.

    Wright CV, Coull SE, Monrose F (2009) Traffic morphing: An efficient defense against statistical traffic analysis. In NDSS, volume 9. Citeseer

  318. 318.

    Rowland CH (1997) Covert channels in the tcp/ip protocol suite. First Monday 2(5)

  319. 319.

    Ahsan K, Kundur D (2002) Practical data hiding in tcp/ip. In: Proc. Workshop on Multimedia Security at ACM Multimedia, volume 2

  320. 320.

    Huang Y, Xiao B, Xiao H (2008) Implementation of covert communication based on steganography. In: 2008 International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp 1512–1515. IEEE

  321. 321.

    Burnett S, Feamster N, Vempala S (2010) Chipping away at censorship firewalls with user-generated content. In: USENIX Security Symposium, pp 463–468. Washington, DC

  322. 322.

    Invernizzi L, Kruegel C, Vigna G (2013) Message in a bottle: Sailing past censorship. In: Proceedings of the 29th Annual Computer Security Applications Conference, pp 39–48 ACM

  323. 323.

    Barradas D, Santos N, Rodrigues L (2018) Effective detection of multimedia protocol tunneling using machine learning. In: 27th {USENIX}, Security Symposium ({USENIX} Security, vol 18, pp 169–185

  324. 324.

    Parchekani A, Naghadeh SN, Shah-Mansouri V (2020) Classification of traffic using neural networks by rejecting:, a novel approach in classifying vpn traffic. arXiv:2001.03665

  325. 325.

    Liu H, Wang Z, Miao F (2014) Concurrent multipath traffic impersonating for enhancing communication privacy. Int J Commun Syst 27(11):2985–2996

    Google Scholar 

  326. 326.

    Hu Y, Li X, Liu J, Ding H, Gong Y, Fang Y (2018) Mitigating traffic analysis attack in smartphones with edge network assistance. In: 2018 IEEE International Conference on Communications (ICC), pp 1–6. IEEE

  327. 327.

    Gokcen Y, Foroushani VA, Zincir Heywood AN (2014) Can we identify nat behavior by analyzing traffic flows?. In: 2014 IEEE Security and Privacy Workshops, pp 132–139. IEEE

  328. 328.

    Dingledine R, Mathewson N, Syverson P (2004) Tor: the second-generation onion router. Technical report, Naval Research Lab Washington DC

    Google Scholar 

  329. 329.

    Saleh S, Qadir J, Ilyas MU (2018) Shedding light on the dark corners of the internet: a survey of tor research. J Netw Comput Appl 114:1–28

    Google Scholar 

  330. 330.

    He G, Yang M, Luo J, Gu X (2015) A novel application classification attack against tor. Concurrency and Computation: Practice and Experience 27(18):5640–5661

    Google Scholar 

  331. 331.

    Hodo E, Bellekens X, Iorkyase E, Hamilton A, Tachtatzis C, Atkinson R (2017) Machine learning approach for detection of nontor traffic. In: Proceedings of the 12th International Conference on Availability, Reliability and Security, pp 85 ACM

  332. 332.

    AlSabah M, Bauer K, Goldberg I (2012) Enhancing tor’s performance using real-time traffic classification. In: Proceedings of the 2012 ACM conference on computer and communications security, pp 73–84. ACM

  333. 333.

    Shahbar K, Zincir-Heywood AN (2014) Benchmarking two techniques for tor classification: Flow level and circuit level classification. In: 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp 1–8. IEEE

  334. 334.

    Shahbar S, Zincir-Heywood AN (2015) Traffic flow analysis of tor pluggable transports. In: 2015 11th International Conference on Network and Service Management (CNSM), pp 178–181. IEEE

  335. 335.

    Shahbar K, Zincir-Heywood AN (2017) An analysis of tor pluggable transports under adversarial conditions. In: 2017 IEEE Symposium Series on Computational Intelligence (SSCI), pp 1–7. IEEE

  336. 336.

    Pescape A, Montieri A, Aceto G, Ciuonzo D (2018) Anonymity services tor, i2p, jondonym: Classifying in the dark (web), IEEE Transactions on Dependable and Secure Computing

  337. 337.

    Montieri A, Ciuonzo D, Bovenzi G, Persico V, Pescapé A (2019) A dive into the dark web: Hierarchical traffic classification of anonymity tools. IEEE Transactions on Network Science and Engineering

  338. 338.

    He G, Yang M, Luo J, Gu X (2014) Inferring application type information from tor encrypted traffic. In: 2014 Second International Conference on Advanced Cloud and Big Data, pp 220–227. IEEE

  339. 339.

    AlSabah M, Goldberg I (2016) Performance and security improvements for tor: a survey. ACM Computing Surveys (CSUR) 49(2):32

    Google Scholar 

  340. 340.

    Matic S, Troncoso C, Caballero J (2017) Dissecting tor bridges: a security evaluation of their private and public infrastructures. In: Network and Distributed Systems Security Symposium, pp 1–15. The Internet Society

  341. 341.

    Qu B, Zhang Z, Guo L, Zhu X, Guo L, Meng D (2012) An empirical study of morphing on network traffic classification. In: 7th International Conference on Communications and Networking in China, pp 227–232. IEEE

  342. 342.

    Qu B, Zhang Z, Zhu X, Meng D (2015) An empirical study of morphing on behavior-based network traffic classification. Secur Commun Netw 8(1):68–79

    Google Scholar 

  343. 343.

    Fu X, Graham B, Bettati R, Zhao W (2003) On effectiveness of link padding for statistical traffic analysis attacks. In: 23rd International Conference on Distributed Computing Systems 2003 Proceedings, pp 340–347. IEEE

  344. 344.

    Iacovazzi A, Baiocchi A (2015) Protecting traffic privacy for massive aggregated traffic. Comput Netw 77:1–17

    Google Scholar 

  345. 345.

    Iacovazzi A, Baiocchi A (2012) Padding and fragmentation for masking packet length statistics. In: International Workshop on Traffic Monitoring and Analysis, pp 85–88. Springer, Berlin

  346. 346.

    Iacovazzi A, Baiocchi A (2013) Investigating the trade-off between overhead and delay for full packet traffic privacy. In: IEEE International Conference on Communications Workshops (ICC), pp 1345–1350. IEEE

  347. 347.

    Iacovazzi A, Baiocchi A (2010) Optimum packet length masking. In: 2010 22nd International Teletraffic Congress (lTC 22), pp 1–8. IEEE

  348. 348.

    Iacovazzi A, Baiocchi A (2013) Internet traffic privacy enhancement with masking: Optimization and tradeoffs. IEEE Trans Parall Distrib Syst 25(2):353–362

    Google Scholar 

  349. 349.

    Wang L, Dyer KP, Akella A, Ristenpart T, Shrimpton T (2015) Seeing through network-protocol obfuscation. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp 57–69 ACM

  350. 350.

    Houmansadr A, Brubaker C, Shmatikov V (2013) The parrot is dead: Observing unobservable network communications. In: 2013 IEEE Symposium on Security and Privacy, pp 65–79. IEEE

  351. 351.

    Yang M, Luo J, Ling Z, Fu X, Yu W (2015) De-anonymizing and countermeasures in anonymous communication networks. IEEE Commun Mag 53(4):60–66

    Google Scholar 

  352. 352.

    Rigaki M, Garcia S (2018) Bringing a gan to a knife-fight: Adapting malware communication to avoid detection. In: 2018 IEEE Security and Privacy Workshops (SPW), pp 70–75. IEEE

  353. 353.

    Ring M, Schlör D, Landes D, Hotho A (2019) Flow-based network traffic generation using generative adversarial networks. Computers & Security 82:156–172

    Google Scholar 

  354. 354.

    Bai Q, Xiong G, Zhao Y (2014) Find behaviors of network evasion and protocol obfuscation using traffic measurement. In: International Conference on Trustworthy Computing and Services, pp 342–349. Springer, Berlin

  355. 355.

    Cao Z, Xiong G, Guo L (2015) Mimichunter: A general passive network protocol mimicry detection framework. In: 2015 IEEE Trustcom/BigDataSE/ISPA, IEEE, vol 1, pp 271–278

  356. 356.

    Dusi M, Crotti M, Gringoli F, Salgarelli L (2009) Tunnel hunter: Detecting application-layer tunnels with statistical fingerprinting. Comput Netw 53(1):81–97

    Google Scholar 

  357. 357.

    Shirey RW (2007) Internet security glossary version 2

  358. 358.

    Stallings W (2006) Cryptography and network security, 4/E pearson education india

  359. 359.

    Sun Q, Simon DR, Wang YM, Russell W, Padmanabhan VN, Qiu L (2002) Statistical identification of encrypted web browsing traffic. In: Proceedings 2002 IEEE Symposium on Security and Privacy, pp 19–30. IEEE

  360. 360.

    Chen S, Wang R, Wang XF, Zhang K (2010) Side-channel leaks in web applications: A reality today, a challenge tomorrow. In: 2010 IEEE Symposium on Security and Privacy, pp 191–206. IEEE

  361. 361.

    Gruteser M, Grunwald D (2005) Enhancing location privacy in wireless lan through disposable interface identifiers: a quantitative analysis. Mobile Netw Appl 10(3):315–325

    Google Scholar 

  362. 362.

    Jiang T, Wang HJ, Hu YC (2007) Preserving location privacy in wireless lans. In: Proceedings of the 5th international conference on Mobile systems, applications and services, pp 246–257 ACM

  363. 363.

    Fan Y, Lin B, Jiang Y, Shen X (2008) An efficient privacy-preserving scheme for wireless link layer security. In: IEEE GLOBECOM 2008-2008 IEEE Global Telecommunications Conference, pp 1–5. IEEE

  364. 364.

    Greenstein B, McCoy D, Pang J, Kohno T, Seshan S, Wetherall D (2008) Improving wireless privacy with an identifier-free link layer protocol. In: Proceedings of the 6th international conference on Mobile systems, applications, and services, pp 40–53 ACM

  365. 365.

    Bauer K, McCoy D, Greenstein B, Grunwald D, Sicker D (2009) Physical layer attacks on unlinkability in wireless lans. In: International Symposium on Privacy Enhancing Technologies Symposium, pp 108–127. Springer, Berlin

  366. 366.

    Hu W, Willkomm D, Abusubaih M, Gross J, Vlantis G, Gerla M, Wolisz A (2007) Dynamic frequency hopping communities for efficient ieee 802.22 operation. IEEE Commun Mag 45(5):80–87

    Google Scholar 

  367. 367.

    Sheth A, Seshan S, Wetherall D (2009) Geo-fencing: Confining wi-fi coverage to physical boundaries. In: International Conference on Pervasive Computing, pp 274–290. Springer, Berlin

  368. 368.

    Martinovic I, Pichota P, Schmitt JB (2009) Jamming for good: a fresh approach to authentic communication in wsns. In: Proceedings of the second ACM conference on Wireless network security, pp 161–168 ACM

  369. 369.

    Lakshmanan S, Tsao CL, Sivakumar R, Sundaresan K (2008) Securing wireless data networks against eavesdropping using smart antennas. In: 2008 The 28th International Conference on Distributed Computing Systems, pp 19–27. IEEE

  370. 370.

    Zhang F, He W, Liu X (2011) Defending against traffic analysis in wireless networks through traffic reshaping. In: 2011 31st International Conference on Distributed Computing Systems, pp 593–602. IEEE

  371. 371.

    Dainotti A, Pescape A, Claffy KC (2012) Issues and future directions in traffic classification. IEEE network 26(1):35–40

    Google Scholar 

  372. 372.

    Al Khater N, Overill RE (2015) Network traffic classification techniques and challenges. In: 2015 Tenth International Conference on Digital Information Management (ICDIM), pp 43–48. IEEE

  373. 373.

    Fernández-Delgado M, Cernadas E, Barro S, Amorim D (2014) Do we need hundreds of classifiers to solve real world classification problems? J Machine Learn Res 15(1):3133–3181

    MathSciNet  MATH  Google Scholar 

  374. 374.

    Crotti M, Gringoli F, Salgarelli L (2009) Impact of asymmetric routing on statistical traffic classification. In: GLOBECOM 2009-2009 IEEE Global Telecommunications Conference, pp 1–8. IEEE

  375. 375.

    Grzenda M (2012) Towards the reduction of data used for the classification of network flows. In: International Conference on Hybrid Artificial Intelligence Systems, pp 68–77. Springer, Berlin

  376. 376.

    De Donato W, Pescapé A, Dainotti A (2014) Traffic identification engine: an open platform for traffic classification. IEEE Netw 28(2):56–64

    Google Scholar 

  377. 377.

    Intelligent networking is all about app development - cisco. https://www.cisco.com/c/en/us/solutions/enterprise-networks/intelligent-network.html, (Accessed on 10/02/2019)

  378. 378.

    Huawei leaps into ai; announces powerful chips and ml framework. https://medium.com/syncedreview/huawei-leaps-into-ai-announces-powerful-chips-and-ml-framework-f9aa6ec87bcb https://medium.com/syncedreview/huawei-leaps-into-ai-announces-powerful-chips-and-ml-framework-f9aa6ec87bcb, (Accessed on 10/02/2019)

  379. 379.

    Machine learning and endpoint security - palo alto networks. https://www.paloaltonetworks.com/resources/whitepapers/machine-learning-endpoint-security, (Accessed on 10/02/2019)

  380. 380.

    Artificial intelligence for smarter cybersecurity — ibm. https://www.ibm.com/security/artificial-intelligence, (Accessed on 10/02/2019)

  381. 381.

    Meo AFMM, Munafo MM, Rossi D (2020) 10-year experience of internet traffic monitoring with tstat

  382. 382.

    Salman O, Elhajj IH, Kayssi A, Chehab A (2020) Denoising adversarial autoencoder for obfuscated traffic detection and recovery. In: Boumerdassi S, Renault É, Mühlethaler P (eds) Machine Learning for Networking. Springer International Publishing, Cham, pp 99–116

  383. 383.

    Grimaudo L, Mellia M, Baralis E (2012) Hierarchical learning for fine grained internet traffic classification. In: 2012 8th International Wireless Communications and Mobile Computing Conference (IWCMC), pp 463–468. IEEE

  384. 384.

    Callado AC, Kamienski CA, Szabó G, Gero BP, Kelner J, Fernandes SFL, Sadok DFH (2009) A survey on internet traffic identification. IEEE Commun Surv & Tut 11(3):37–52

    Google Scholar 

  385. 385.

    Nguyen TTT, Armitage G (2008) A survey of techniques for internet traffic classification using machine learning. IEEE Commun Surv & Tut 10(4):56–76

    Google Scholar 

  386. 386.

    Finsterbusch M, Richter C, Rocha E, Muller JA, Hanssgen K (2013) A survey of payload-based traffic classification approaches. IEEE Commun Surv & Tut 16(2):1135–1156

    Google Scholar 

  387. 387.

    Pacheco F, Exposito E, Gineste M, Baudoin C, Aguilar J (2018) Towards the deployment of machine learning solutions in network traffic classification: a systematic survey. IEEE Commun Surv & Tut 21(2):1988–2014

    Google Scholar 

  388. 388.

    Wang P, Chen X, Ye F, Sun Z (2019) A survey of techniques for mobile service encrypted traffic classification using deep learning. IEEE Access 7:54024–54033

    Google Scholar 

  389. 389.

    Tahaei H, Afifi F, Asemi A, Zaki F, Anuar NB (2020) The rise of traffic classification in iot networks: A survey. J Netw Computer Appl, pp 102538

Download references


Research was funded by the AUB University Research Board, the Lebanese National Council for Scientific Research, and TELUS Corp., Canada.

Author information



Corresponding author

Correspondence to Ola Salman.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Salman, O., Elhajj, I.H., Kayssi, A. et al. A review on machine learning–based approaches for Internet traffic classification. Ann. Telecommun. (2020). https://doi.org/10.1007/s12243-020-00770-7

Download citation


  • Machine learning
  • Internet traffic
  • Classification
  • Obfuscation
  • Survey
  • Data representation