ITEA is the Eureka Cluster on software innovation
ITEA is the Eureka Cluster on software innovation
ITEA 4 page header azure circular

Encrypted Network Traffic Classification

Project
20020 ENTA
Type
New service
Description

The solution enables user to classify encrypted network traffic to different traffic categories as well as application types. Example traffic categories are: Audio Stream, Video Stream, Video Chat, Text Chat, File Transfer, etc. Traffic types are Netflix, WhatsApp, YouTube etc. The classification preserves user privacy i.e., it does not inspect payload data from the traffic flows. The classification relies on temporal and spatial traffic characteristics of the traffic flow. The classification is performed based on ML and DL models. The approach shows high ( than 90%) classification accuracy.

Contact
Biswajit Nandy
Email
bnandy@solananetworks.com
Research area(s)
Cyber Security, Traffic analysis, Traffic management
Technical features

The encrypted traffic input is in pcap format. The output is per-flow labels indicating different traffic classes. The output is available in csv format. The training and evaluation of the model uses ENTA platform capabilities.

Some of the tested classification models are : ML model to detect Instant Messaging Applications (IMA) carrying text chat traffic; ML model to detect IMAs carrying VoIP audio traffic; ML model to detect text exchanges within an IMA group (i.e., Group Chat activities); ML-based solution using statistical features of traffic to classify into traffic types (Streaming, Text chat, Audio chat, P2P etc.); DL-based solution using both sequential and statistical features of traffic to classify into application (Netflix, YouTube, WhatsApp, etc.); Developed mechanism for live (real-time) traffic classification using ML method on a High-Speed Packet Processing (HSPP) infrastructure

Integration constraints

Environment needs to support Kubernetes on a Linux platform so that Kubeflow can be run.

Targeted customer(s)

Law Enforcement Agencies (LEA), Deep Packet Inspection (DPI) Vendors, Cyber Security Solution Vendors, IT Professionals

Conditions for reuse

Solana Networks will provide the service to enable reuse of this packet classification solution in the customer environment during trial period. Licensing agreement for the solution can be arranged after the initial trial period.

Confidentiality
Public
Publication date
16-12-2024
Involved partners
Solana Networks (CAN)
Dalhousie University (CAN)
Karel Electronics (TUR)