Classification of encrypted traffic for applications based on statistical features

Traffic classification plays an important role in many aspects of network management such as identifying type of the transferred data, detection of malware applications, applying policies to restrict network accesses and so on. Basic methods in this field were using some obvious traffic features like port number and protocol type to classify the traffic type. However, recent changes in applications make these features imperfect for such tasks. As a remedy, network traffic classification using machine learning techniques is now evolving. In this article, a new semi-supervised learning is proposed which utilizes clustering algorithms and label propagation techniques. The clustering part is based on graph theory and minimum spanning tree (MST) algorithm. In the next level, some pivot data instances are selected for the expert to vote for their classes, and the identified class labels will be used for similar data instances with no labels. In the last part, the decision tree algorithm is used to construct the classification model. The results show that the proposed method has a precise and accurate performance in classification of encrypted traffic for the network applications. It also provides desirable results for plain un-encrypted traffic classification, especially for unbalanced streams of data.