Bootstrap Forest based method for Encrypted Network Traffic Analysis

Abstract

Encrypting communications and data over the Internet becomes essential in ensuring the privacy of communications and protecting the data from increasing threats. Hence, majority of Internet traffic and networked communications are encrypted now. However, encryption also provides a means for attackers to hide them behind encrypted communications and conduct malicious activities. Analyzing the unencrypted communications is relatively easy. The same task is highly challenging due to the presence of encryption in network communication. Conventional network analysis methods fail to analyze encrypted communications. There are methods like flow monitoring that are available to detect encrypted traffic and analyze traffic flow related features. By using traditional analysis methods, we could not achieve accurate detection and classification of encrypted network packets in various types of network traffic such as VoIP, Text, Audio, Video, VPN traffic. In our work, we have proposed the Bootstrap Forest model to analyze and classify encrypted network traffic. Bootstrap Forest model accurately classifies the encrypted network traffic using statistical and time-based features. The performance of the proposed model is evaluated and compared with the performance of other machine learning models under various performance metrics. The three publicly available datasets such as UNSW-NB15, ISCXTor 2016 and ISCXVPN 2016 datasets were used in our experimentations and evaluations. The experimental results show that our proposed model provides the best performance for classifying encrypted network traffic while comparing the F1 score with other methods.