Skip to main content
SpringerLink
Log in

MAAN: A Multiple Attribute Association Network for Mobile Encrypted Traffic Classification

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2020)

  • 1061 Accesses

Abstract

With the rapid development of mobile applications and the rising concern over user privacy, cryptographic protocols, especially Secure Socket Layer/Transport Layer Security (SSL/TLS), are widely used on the Internet. Many networking and security services call for application-level encrypted traffic classification before conducting related policies. Exiting methods exhibit unsatisfying accuracy using the partial handshake information or only the flow-level features. In this paper, we propose a novel encrypted traffic classification method named Multiple Attribute Associate Network (MAAN). MAAN is a unified model that automatically extracts features from handshake messages and flows. Moreover, the MAAN has acceptable time consumption and is suitable to apply in real-time scenarios. Our experiments demonstrate that the MAAN achieves \(98.2\%\) accuracy on a real-word dataset (including 59k+ SSL sessions and covering 16 applications) and outperforms the state-of-the-art methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. App transport security. https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple ref/doc/uid/TP40009251-SW33

  2. Network security configuration. https://developer.android.com/training/articles/security-config

  3. Tensorflow. https://www.tensorflow.org/

  4. Wireshark. https://www.wireshark.org/

  5. Aceto, G., Ciuonzo, D., Montieri, A., Pescapè, A.: MIMETIC: mobile encrypted traffic classification using multimodal deep learning. Comput. Netw. 165, 106944 (2019)

    Article  Google Scholar 

  6. Aceto, G., Ciuonzo, D., Montieri, A., Pescapé, A.: Mobile encrypted traffic classification using deep learning: experimental evaluation, lessons learned, and challenges. IEEE Trans. Netw. Serv. Manage. 16(2), 445–458 (2019)

    Article  Google Scholar 

  7. Al-Naami, K., et al.: Adaptive encrypted traffic fingerprinting with bi-directional dependence. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 177–188 (2016)

    Google Scholar 

  8. Anderson, B., McGrew, D.: Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1723–1732 (2017)

    Google Scholar 

  9. Bengio, Y., Simard, P., Frasconi, P.: Learning long-term dependencies with gradient descent is difficult. IEEE Trans. Neural Networks 5(2), 157–166 (1994)

    Article  Google Scholar 

  10. Chen, Y., Zang, T., Zhang, Y., Zhouz, Y., Wang, Y.: Rethinking encrypted traffic classification: a multi-attribute associated fingerprint approach. In: 2019 IEEE 27th International Conference on Network Protocols (ICNP), pp. 1–11. IEEE (2019)

    Google Scholar 

  11. Conti, M., Mancini, L.V., Spolaor, R., Verde, N.V.: Analyzing android encrypted network traffic to identify user actions. IEEE Trans. Inf. Forensics Secur. 11(1), 114–125 (2015)

    Article  Google Scholar 

  12. Draper-Gil, G., Lashkari, A.H., Mamun, M.S.I., Ghorbani, A.A.: Characterization of encrypted and VPN traffic using time-related. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP), pp. 407–414 (2016)

    Google Scholar 

  13. Fu, Y., Xiong, H., Lu, X., Yang, J., Chen, C.: Service usage classification with encrypted internet traffic in mobile messaging apps. IEEE Trans. Mob. Comput. 15(11), 2851–2864 (2016)

    Article  Google Scholar 

  14. Hayes, J., Danezis, G.: k-fingerprinting: a robust scalable website fingerprinting technique. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 1187–1203 (2016)

    Google Scholar 

  15. Kim, Y.: Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882 (2014)

  16. Korczyński, M., Duda, A.: Markov chain fingerprinting to classify encrypted traffic. In: IEEE INFOCOM 2014-IEEE Conference on Computer Communications, pp. 781–789. IEEE (2014)

    Google Scholar 

  17. Li, R., Xiao, X., Ni, S., Zheng, H., Xia, S.: Byte segment neural network for network traffic classification. In: 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS), pp. 1–10. IEEE (2018)

    Google Scholar 

  18. Liu, C., Cao, Z., Xiong, G., Gou, G., Yiu, S.M., He, L.: MaMPF: encrypted traffic classification based on multi-attribute Markov probability fingerprints. In: 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS), pp. 1–10. IEEE (2018)

    Google Scholar 

  19. Liu, C., He, L., Xiong, G., Cao, Z., Li, Z.: FS-Net: a flow sequence network for encrypted traffic classification. In: IEEE INFOCOM 2019-IEEE Conference on Computer Communications, pp. 1171–1179. IEEE (2019)

    Google Scholar 

  20. Liu, J., Fu, Y., Ming, J., Ren, Y., Sun, L., Xiong, H.: Effective and real-time in-app activity analysis in encrypted internet traffic streams. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 335–344 (2017)

    Google Scholar 

  21. Lotfollahi, M., Siavoshani, M.J., Zade, R.S.H., Saberian, M.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft. Comput. 24(3), 1999–2012 (2020)

    Article  Google Scholar 

  22. Mandic, D.P., Chambers, J.: Recurrent Neural Networks for Prediction: Learning Algorithms, Architectures and Stability. Wiley, New York (2001)

    Google Scholar 

  23. Mikolov, T., Sutskever, I., Chen, K., Corrado, G.S., Dean, J.: Distributed representations of words and phrases and their compositionality. In: Advances in Neural Information Processing Systems, pp. 3111–3119 (2013)

    Google Scholar 

  24. Razaghpanah, A., Niaki, A.A., Vallina-Rodriguez, N., Sundaresan, S., Amann, J., Gill, P.: Studying TLS usage in android apps. In: Proceedings of the 13th International Conference on emerging Networking Experiments and Technologies, pp. 350–362 (2017)

    Google Scholar 

  25. Sengupta, S., Ganguly, N., De, P., Chakraborty, S.: Exploiting diversity in android TLS implementations for mobile app traffic classification. In: The World Wide Web Conference, pp. 1657–1668 (2019)

    Google Scholar 

  26. Shen, M., et al.: Classification of encrypted traffic with second-order Markov chains and application attribute bigrams. IEEE Trans. Inf. Forensics Secur. 12(8), 1830–1843 (2017)

    Article  Google Scholar 

  27. Shen, M., Wei, M., Zhu, L., Wang, M., Li, F.: Certificate-aware encrypted traffic classification using second-order Markov chain. In: 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS), pp. 1–10. IEEE (2016)

    Google Scholar 

  28. Shi, H., Li, H., Zhang, D., Cheng, C., Cao, X.: An efficient feature generation approach based on deep learning and feature selection techniques for traffic classification. Comput. Netw. 132, 81–98 (2018)

    Article  Google Scholar 

  29. Sirinam, P., Imani, M., Juarez, M., Wright, M.: Deep fingerprinting: Undermining website fingerprinting defenses with deep learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1928–1943 (2018)

    Google Scholar 

  30. Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: AppScanner: automatic fingerprinting of smartphone apps from encrypted network traffic. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 439–454. IEEE (2016)

    Google Scholar 

  31. Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Robust smartphone app identification via encrypted network traffic analysis. IEEE Trans. Inf. Forensics Secur. 13(1), 63–78 (2017)

    Article  Google Scholar 

  32. Velan, P., Čermák, M., Čeleda, P., Drašar, M.: A survey of methods for encrypted traffic classification and analysis. Int. J. Network Manage. 25(5), 355–374 (2015)

    Article  Google Scholar 

  33. Wang, P., Chen, X., Ye, F., Sun, Z.: A survey of techniques for mobile service encrypted traffic classification using deep learning. IEEE Access 7, 54024–54033 (2019)

    Article  Google Scholar 

  34. Wang, P., Ye, F., Chen, X., Qian, Y.: DataNet: deep learning based encrypted network traffic classification in SDN home gateway. IEEE Access 6, 55380–55391 (2018)

    Article  Google Scholar 

  35. Wang, Z.: The applications of deep learning on traffic identification. BlackHat USA 24(11), 1–10 (2015)

    Google Scholar 

  36. Yang, Y., Kang, C., Gou, G., Li, Z., Xiong, G.: TLS/SSL encrypted traffic classification with autoencoder and convolutional neural network. In: 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), pp. 362–369. IEEE (2018)

    Google Scholar 

  37. Zeng, Y., Gu, H., Wei, W., Guo, Y.: \( deep-full-range \): a deep learning based network encrypted traffic classification and intrusion detection framework. IEEE Access 7, 45182–45190 (2019)

    Article  Google Scholar 

  38. Zhang, J., Chen, X., Xiang, Y., Zhou, W., Wu, J.: Robust network traffic classification. IEEE/ACM Trans. Networking 23(4), 1257–1270 (2014)

    Article  Google Scholar 

  39. Zou, Z., Ge, J., Zheng, H., Wu, Y., Han, C., Yao, Z.: Encrypted traffic classification with a convolutional long short-term memory neural network. In: 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), pp. 329–334. IEEE (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Fengzhao Shi, Chao Zheng, Yiming Cui & Qingyun Liu

  2. School of Cyberspace Security, University of Chinese Academy of Sciences, Beijing, China

    Fengzhao Shi, Yiming Cui & Qingyun Liu

  3. National Engineering Laboratory for Information Security Technology, Beijing, China

    Fengzhao Shi, Chao Zheng, Yiming Cui & Qingyun Liu

Authors
  1. Fengzhao Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chao Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yiming Cui
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Qingyun Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chao Zheng .

Editor information

Editors and Affiliations

  1. Yonsei University, Seoul, Korea (Republic of)

    Noseong Park

  2. George Mason University, Fairfax, VA, USA

    Kun Sun

  3. Dipartimento di Informatica, Universita degli Studi, Milan, Milano, Italy

    Sara Foresti

  4. University of Florida, Gainesville, FL, USA

    Kevin Butler

  5. Division of Nephrology, University of Alabama, Birmingham, AL, USA

    Nitesh Saxena

A Parameters Selection

A Parameters Selection

We use grid search method to find the optimal parameters. The specific results are shown in the Table 5.

Table 5. Parameters selection
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shi, F., Zheng, C., Cui, Y., Liu, Q. (2020). MAAN: A Multiple Attribute Association Network for Mobile Encrypted Traffic Classification. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 335. Springer, Cham. https://doi.org/10.1007/978-3-030-63086-7_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-63086-7_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-63085-0

  • Online ISBN: 978-3-030-63086-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation