CLASSIFICATION FEATURES OF ENCRYPTED NETWORK TRAFFIC

Abstract

Currently, there is growing interest in the tasks of efficient packet network management:quality of service, ensuring information security, optimization of the network hardware and softwareresources. All these tasks rely heavily on the analysis and classification of network traffic.This traffic is heterogeneous, as a rule, has a pulsating nature, difficult to predict and described bythe mathematical apparatus of random processes. At different times, the conditions for passingpackets along the same path can vary significantly. At the same time, a significant number of applicationsare appearing requiring latency and jitter. The administration task in this context is tocorrectly configure the switching and routing nodes. Traffic classification allows you to identifypackages of various applications and services and ensure their prioritization during transmissionover the network. For example, video conferencing traffic needs to be transmitted first of all, sinceit is very sensitive to delays and jitter, data traffic can be transmitted last. The classification oftraffic today is an urgent task both in terms of network administration and in terms of ensuring itssecurity. Due to the fact that a large number of applications now encrypt the transmitted informationand it is very difficult to view its contents, the traffic classification is of particular interest,which allows indirect signs to determine anomalies in the network, signs of intrusion. In this paper,we consider the features of solving the classification problem of encrypted traffic. The aim ofthe work is to study the classification features of encrypted traffic using correlation analysis andan algorithm based on the difference in integral areas. Research Objectives: – develop a trafficclassification algorithm based on correlation and known patterns; – develop an algorithm basedon the difference of the integral areas under the traffic intensity curves; – conduct a practicalstudy of the accuracy of solving the classification problem. The work considers the classificationof traffic into three groups: audio, video, data. As a result, a sufficient accuracy of the correlationalgorithm in determining audio and data traffic was revealed. To identify video traffic, it is betterto use an algorithm based on the difference of the integral areas under the intensity curves.