Abstract
Virtual Private Network (VPN) technology is now widely used in various scenarios such as telecommuting. The importance of VPN traffic identification for network security and management has increased significantly with the development of proxy technology. Unlike other tasks such as application classification, VPN traffic has only one flow problem. In addition, the development of encryption technology brings new challenges to VPN traffic identification.
This paper proposes VT-GAT, a VPN traffic graph classification model based on Graph Attention Networks (GAT), to solve the above problems. Compared with existing VPN encrypted traffic classification techniques, VT-GAT solves the problem that previous techniques ignore the graph connectivity information contained in traffic. VT-GAT first constructs traffic behavior graphs by characterizing raw traffic data at packet and flow levels. Then it combines graph neural networks and attention mechanisms to extract behavioral features in the traffic graph data automatically. Extensive experimental results on the Datacon21 dataset show that VT-GAT can achieve over 99\(\%\) in all classification metrics. Compared to existing machine learning and deep learning methods, VT-GAT improves F1-Score by about 3.02%–63.55%. In addition, VT-GAT maintains good robustness when the number of classification categories varies. These results demonstrate the usefulness of VT-GAT in the VPN traffic classification.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The dataset can be found at https://anonymous.4open.science/r/VPN_Traffic_Graph_Dataset-EDA0. Researchers who use the dataset should indicate the source of data by citing this paper.
- 2.
- 3.
References
Xie, J., Li, S., Yun, X., Zhang, Y., Chang, P.: HSTF-model: an http-based trojan detection model via the hierarchical spatio-temporal features of traffics. Comput. Secur. 96, 101923 (2020)
Chen, H.Y., Lin, T.N.: The challenge of only one flow problem for traffic classification in identity obfuscation environments. IEEE Access 9, 84110–84121 (2021)
Veličković, P., Cucurull, G., Casanova, A., Romero, A., Lio, P., Bengio, Y.: Graph attention networks. arXiv preprint arXiv:1710.10903 (2017)
Papadogiannaki, E., Ioannidis, S.: A survey on encrypted network traffic analysis applications, techniques, and countermeasures. ACM Comput. Surv. (CSUR) 54(6), 1–35 (2021)
Finsterbusch, M., Richter, C., Rocha, E., Muller, J.A., Hanssgen, K.: A survey of payload-based traffic classification approaches. IEEE Commun. Surv. Tutor. 16(2), 1135–1156 (2013)
Deri, L., Martinelli, M., Bujlow, T., Cardigliano, A.: NDPI: open-source high-speed deep packet inspection. In: 2014 International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 617–622. IEEE (2014)
Papadogiannaki, E., Halevidis, C., Akritidis, P., Koromilas, L.: OTTer: a scalable high-resolution encrypted traffic identification engine. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 315–334. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00470-5_15
Ren, Q., Yang, C., Ma, J.: App identification based on encrypted multi-smartphone sources traffic fingerprints. Comput. Netw. 201, 108590 (2021)
Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Robust smartphone app identification via encrypted network traffic analysis. IEEE Trans. Inf. Forensics Secur. 13(1), 63–78 (2017)
Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: AppScanner: automatic fingerprinting of smartphone apps from encrypted network traffic. In: 2016 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 439–454. IEEE (2016)
Wang, S., Yang, C., Guo, G., Chen, M., Ma, J.: SSAPPIDENTIFY: a robust system identifies application over shadowsocks’s traffic. Comput. Netw. 203, 108659 (2022)
van Ede, T., et al.: Flowprint: semi-supervised mobile-app fingerprinting on encrypted network traffic. In: Network and Distributed System Security Symposium (NDSS), vol. 27 (2020)
Rezaei, S., Liu, X.: Deep learning for encrypted traffic classification: an overview. IEEE Commun. Mag. 57(5), 76–81 (2019)
Xie, G., Li, Q., Jiang, Y.: Self-attentive deep learning method for online traffic classification and its interpretability. Comput. Netw. 196, 108267 (2021)
Guo, L., Wu, Q., Liu, S., Duan, M., Li, H., Sun, J.: Deep learning-based real-time VPN encrypted traffic identification methods. J. Real-Time Image Proc. 17(1), 103–114 (2020)
Lashkari, A.H., Draper-Gil, G., Mamun, M.S.I., Ghorbani, A.A.: Characterization of tor traffic using time based features. In: ICISSp, pp. 253–262 (2017)
Draper-Gil, G., Lashkari, A.H., Mamun, M.S.I., Ghorbani, A.A.: Characterization of encrypted and VPN traffic using time-related. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP), pp. 407–414 (2016)
Zeng, J., Xie, P.: Contrastive self-supervised learning for graph classification. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 35, pp. 10824–10832 (2021)
Xu, K., Hu, W., Leskovec, J., Jegelka, S.: How powerful are graph neural networks? arXiv preprint arXiv:1810.00826 (2018)
Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907 (2016)
DataCon-Community: Datacon open dataset - datacon2021 - encrypted proxy traffic dataset track open dataset, 24 December 2021. [Online; Accessed 14 June 2022]
Hu, X., Gu, C., Wei, F.: CLD-net: a network combining CNN and LSTM for internet encrypted traffic classification. In: Security and Communication Networks 2021 (2021)
Lotfollahi, M., Jafari Siavoshani, M., Shirali Hossein Zade, R., Saberian, M.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Comput. 24(3), 1999–2012 (2020)
Shwartz-Ziv, R., Armon, A.: Tabular data: deep learning is not all you need. Inf. Fusion 81, 84–90 (2022)
Wolpert, D.H., Macready, W.G.: No free lunch theorems for optimization. IEEE Trans. Evol. Comput. 1(1), 67–82 (1997)
Acknowledgements
We thank the anonymous reviewers for their insightful comments. This work was supported in part by the National Key Research and Development Program of China under Grant No. 2019YFB1005205.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Xu, H., Li, S., Cheng, Z., Qin, R., Xie, J., Sun, P. (2022). VT-GAT: A Novel VPN Encrypted Traffic Classification Model Based on Graph Attention Neural Network. In: Gao, H., Wang, X., Wei, W., Dagiuklas, T. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 461. Springer, Cham. https://doi.org/10.1007/978-3-031-24386-8_24
Download citation
DOI: https://doi.org/10.1007/978-3-031-24386-8_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-24385-1
Online ISBN: 978-3-031-24386-8
eBook Packages: Computer ScienceComputer Science (R0)