Encrypted Network Traffic Classification

The solution enables user to classify encrypted network traffic to different traffic categories as well as application types. Example traffic categories are: Audio Stream, Video Stream, Video Chat, Text Chat, File Transfer, etc. Traffic types are Netflix, WhatsApp, YouTube etc. The classification preserves user privacy i.e., it does not inspect payload data from the traffic flows. The classification relies on temporal and spatial traffic characteristics of the traffic flow. The classification is performed based on ML and DL models. The approach shows high ( than 90%) classification accuracy.

The encrypted traffic input is in pcap format. The output is per-flow labels indicating different traffic classes. The output is available in csv format. The training and evaluation of the model uses ENTA platform capabilities.

Some of the tested classification models are : ML model to detect Instant Messaging Applications (IMA) carrying text chat traffic; ML model to detect IMAs carrying VoIP audio traffic; ML model to detect text exchanges within an IMA group (i.e., Group Chat activities); ML-based solution using statistical features of traffic to classify into traffic types (Streaming, Text chat, Audio chat, P2P etc.); DL-based solution using both sequential and statistical features of traffic to classify into application (Netflix, YouTube, WhatsApp, etc.); Developed mechanism for live (real-time) traffic classification using ML method on a High-Speed Packet Processing (HSPP) infrastructure

Environment needs to support Kubernetes on a Linux platform so that Kubeflow can be run.

Law Enforcement Agencies (LEA), Deep Packet Inspection (DPI) Vendors, Cyber Security Solution Vendors, IT Professionals

Solana Networks will provide the service to enable reuse of this packet classification solution in the customer environment during trial period. Licensing agreement for the solution can be arranged after the initial trial period.