Encrypted traffic classification: the QUIC case
Abstract
The QUIC protocol is a new reliable and secure transport protocol that is an alternative to TLS over TCP. However, compared to TLS, QUIC obfuscates the connection hand-shake and the server name indication domain, making a simple inspection more challenging. The classification of QUIC traffic has also received less attention than that of TLS. In this work, we present a comprehensive study aiming to explore the challenges of QUIC traffic classification. We selected three models: 1) multi-modal CNN, 2) LighGBM, and 3) IP-based classifier, and evaluated their properties using a large one-month CESNET-QUIC22 dataset with 102 web service labels. The developed classifiers reached up to 88% accuracy and set the new baseline in fine-grained QUIC service classification. Moreover, the real nature of the dataset and its long time span allowed us to collect a number of insights and measure the classifiers' performance in the presence of data drift.
Metrics
Citation History
Topics
Related Documents
Classification of encrypted QUIC network traffic
Classification of Encrypted QUIC Network Traffic
Encrypted Network Traffic Classification for QUIC Protocol: A Transfer Learning Approach
Aman Ullah BhuiyanAmin B Abdel NabiRaqeebir RabAbderrahmane LeshobTasnim MahmudAdil Khan
Shrink: Identification of Encrypted Video Traffic Based on QUIC
Weitao TangMeijie DuLi ZhaoShu LiZhou ZhouQingyun Liu