Abstract—There is a great significance to encrypted traffic including illegal data regulation, protection of user information and detection of network attacks. Classifying encrypted traffic is critical to effective network analysis and management. With the advent of machine learning techniques, traditional payload-based methods have become powerless and obsolete, in dealing with encrypted traffic. Accurately and efficiently identifying network traffic is very crucial for network management. Machine learning methods, however, are disadvantaged by the creation of overheads in the system. Most traffic encryption methods also focus on single granularities, and hence the full functionality of the network isn’t realized. In this paper, we propose a traffic identification method that seeks to combat protocol-independent identification. Our method utilizes an encrypted traffic identification model on the basis of information entropy, which can realize on-line identification without violating user privacy and as higher efficiency analysis and a lower false-alarm rate, and also on multiple granularities. Our experimental results show that the proposed method is able to recognize over 80% of traffic, and achieves an efficient encrypted traffic identification.
Index Terms—Botnet, encrypted traffic identification, information entropy, multiple granularity, zombie networks.
R. Chen is with Mr. Ray Co. Ltd., Chengdu, China and Youe Data Co. Ltd., Beijing, China (e-mail: crdchen@163.com).
K. O.-B. Obour Agyekum is with the School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China (e-mail: obour539@yahoo.com).
X. Zhang and Q. Xia are with the Center for Cyber Security, University of Electronic Science and Technology of China, Chengdu, China (e-mail: johnsonzxs@uestc.edu.cn, xiaqi@uestc.edu.cn).
[PDF]
Cite:Ruidong Chen, Kwame Opuni-Boachie Obour Agyekum, Xiaosong Zhang, and Qi Xia, "Identification and Detection of Statistical Characteristics of Encrypted Traffic in Zombie Networks," Journal of Advances in Computer Networks vol. 6, no. 1, pp. 7-12, 2018.