Progress in Study of Encrypted Traffic Classification

  • Zigang Cao
  • Shoufeng Cao
  • Gang Xiong
  • Li Guo
Part of the Communications in Computer and Information Science book series (CCIS, volume 320)


The rapid increase in encrypted network traffic recently has becomeagreat challenge for network management, and study of encrypted traffic classification provides basic technical support for effective network management and network security. The basis and problems of encrypted traffic classification are introduced first. Next, the main research progresses of encrypted traffic classification are summarized. Finally, the future trend is put forward.


traffic classification encrypted traffic flow statistical properties machine learning host behavior 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dornger, P.: Real-Time Detection of Encrypted Traffic based on Entropy Estimation, Master Thesis (2010)Google Scholar
  2. 2.
    Nguyen, T., Armitage, G.: A Survey of Techniques for Internet TrafficClassification using Machine Learning. IEEE Communications Surveysand Tutorials 10(4), 56–76 (2008)CrossRefGoogle Scholar
  3. 3.
    Lu, Y., Zhu, Y.: Correlation-Based Traffic Analysis on Encrypted VoIP Traffic. IEEE Journal on Parallel and Distributed Systems, 45–48 (2010)Google Scholar
  4. 4.
    Alshammari, R., Zincir-Heywood, A.N.: Machine Learning Based Encrypted Traffic Classification: Identifying SSH and Skype. In: Proceedings of the 2009 IEEE Symposium on Computation Intelligence in Security and Defense Applications, Ottawa (2009)Google Scholar
  5. 5.
    Bacquet, C., Gumus, K., Tizer, D., Zincir-Heywood, A.N., Heywood, M.I.: A Comparison of Unsupervised Learning Techniques for Encrypted Traffic Identification. Journal of Information Assurance and Security 5, 464–472 (2010)Google Scholar
  6. 6.
    Tan, X., Su, X., Qian, Q.: The Classification of SSH Tunneled Traffic Using Maximum Likelihood Classifier. In: 2011 International Conference on Electronics, Communications and Control, ICECC (2011)Google Scholar
  7. 7.
    Hjelmvik, E., John, W.: Breaking and Improving Protocol Obfuscation.Technical report, Chalmers University of Technology (2010)Google Scholar
  8. 8.
    Yildirim, T., Radcliffe, P.: VoIP Traffic Classification in IPSec Tunnels. In: 2010 International Conference on Electronics and Information Engineering, ICEIE (2010)Google Scholar
  9. 9.
    White, A., Matthews, A., Snow, K., Monrose, F.: Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks. In: IEEE Symposium on Security and Privacy (SP), pp. 3–18 (2011)Google Scholar
  10. 10.
    Wright, C.V., Monrose, F., Masson, G.M.: Using Visual Motifs to Classify Encrypted Traffic. In: Proceedings of the 3rd International Workshop on Visualization for Computer Security, VizSEC 2006 (2006)Google Scholar
  11. 11.
    Bacquet, C., Zincir-Heywood, A.N., Heywood, M.I.: Genetic Optimization and Hierarchical Clustering applied to Encrypted Traffic Identification. In: IEEE Symposium on Computational Intelligence on Cyber Security, pp. 194–201 (2011)Google Scholar
  12. 12.
    Crotti, M., Gringoli, F., Salgarelli, L.: Impact of Asymmetric Routing on Statistical Traffic Classification. In: Proceedings of the 7th IEEE Global Communications Conference (GLOBECOMM 2009), Honolulu, USA (2009)Google Scholar
  13. 13.
    Nguyen, T., Armitage, G.: Training on multiple sub-flows to optimizethe use of Machine Learning classifiers in real-world IP networks. In: Proc. IEEE 31st Conference on Local Computer Networks,Tampa,Florida, USA (2006)Google Scholar
  14. 14.
    Crotti, M., Gringoli, F., Salgarelli, L.: Optimizing Statistical Classifiers of Network Traffic. In: Proceedings of the 6th Wireless Communications & Mobile Computing Conference (IWCMC 2010), Caen, France (2010)Google Scholar
  15. 15.
    Wright, C., Coulls, S., Monrose, F.: Traffic Morphing: An efficient defense against statistical traffic analysis. In: Proceedings of the 14th Annual Network and Distributed Systems Symposium, NDSS (2009)Google Scholar
  16. 16.
    Moghaddam, H.M., Li, B., Derakhshani, M., Goldberg, I.: SkypeMorph: ProtocolObfuscation for Tor Bridges. Technical report, University of Waterloo (2012)Google Scholar
  17. 17.
  18. 18.
    Canini, M., Li, W., Moore, A.W., Bolla, R.: GTVS: Boosting the Collection of Application Traffic Ground Truth. In: Papadopouli, M., Owezarski, P., Pras, A. (eds.) TMA 2009. LNCS, vol. 5537, pp. 54–63. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Dusi, M., Gringoli, F., Salgarelli, L.: Quantifying the accuracy of the ground truth associated with Internet traffic traces. Elsevier Computer Networks (COMNET) 55(5), 1158–1167 (2011)CrossRefGoogle Scholar
  20. 20.
    Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: Multilevel Traffic Classification in the Dark. In: Proc. of the Special Interest Group on Data Communication Conference (SIGCOMM 2005), Philadelphia, PA, USA (2005)Google Scholar
  21. 21.
    Hurley, J., Garcia-Palacios, E., Sezer, S.: Host-based P2P flow identification and use in real-time. ACM Trans. Web 5(2), Article 7, 27 pages (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Zigang Cao
    • 3
  • Shoufeng Cao
    • 1
  • Gang Xiong
    • 2
  • Li Guo
    • 2
  1. 1.National Computer Network Emergency Response Technical Team / Coordination Center of ChinaChina
  2. 2.Institute of Information EngineeringChinese Academy of ScienceChina
  3. 3.Key Laboratory of Trustworthy Distributed Computing and Service (BUPT)Ministry of EducationBeijingChina

Personalised recommendations