# HEDGE: Efficient Traffic Classification of Encrypted and Compressed   Packets

**Authors:** Fran Casino, Kim-Kwang Raymond Choo, Constantinos Patsakis

arXiv: 1905.11873 · 2019-05-29

## TL;DR

HEDGE is a novel method that efficiently distinguishes between encrypted and compressed network packets by evaluating data randomness, outperforming existing techniques and applicable to individual packets without full stream access.

## Contribution

The paper introduces HEDGE, a new traffic classification technique that accurately differentiates encrypted from compressed packets based on entropy analysis, without requiring full stream data.

## Key findings

- HEDGE outperforms current state-of-the-art methods.
- It can classify individual packets efficiently.
- The authors provide a benchmark dataset for further research.

## Abstract

As the size and source of network traffic increase, so does the challenge of monitoring and analysing network traffic. Therefore, sampling algorithms are often used to alleviate these scalability issues. However, the use of high entropy data streams, through the use of either encryption or compression, further compounds the challenge as current state of the art algorithms cannot accurately and efficiently differentiate between encrypted and compressed packets. In this work, we propose a novel traffic classification method named HEDGE (High Entropy DistinGuishEr) to distinguish between compressed and encrypted traffic. HEDGE is based on the evaluation of the randomness of the data streams and can be applied to individual packets without the need to have access to the entire stream. Findings from the evaluation show that our approach outperforms current state of the art. We also make available our statistically sound dataset, based on known benchmarks, to the wider research community.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.11873/full.md

## Figures

13 figures with captions in the complete paper: https://tomesphere.com/paper/1905.11873/full.md

## References

61 references — full list in the complete paper: https://tomesphere.com/paper/1905.11873/full.md

---
Source: https://tomesphere.com/paper/1905.11873