Deep Learning for Encrypted Traffic Classification and Unknown Data Detection

TL;DR

This paper introduces a deep learning framework for classifying encrypted mobile app traffic and detecting unknown activities, achieving high accuracy with limited traffic segments and handling unseen data effectively.

Contribution

It presents a novel DNN-based method that filters unknown application data using output probability distributions and identifies in-app activities from partial traffic segments.

Findings

Achieved over 90% accuracy in classifying known in-app activities.

Achieved around 79% accuracy in detecting unknown application data.

Effective segmentation allows activity identification from partial traffic.

Abstract

Despite the widespread use of encryption techniques to provide confidentiality over Internet communications, mobile device users are still susceptible to privacy and security risks. In this paper, a new Deep Neural Network (DNN) based user activity detection framework is proposed to identify fine grained user activities performed on mobile applications (known as in-app activities) from a sniffed encrypted Internet traffic stream. One of the challenges is that there are countless applications, and it is practically impossible to collect and train a DNN model using all possible data from them. Therefore, in this work we exploit the probability distribution of DNN output layer to filter the data from applications that are not considered during the model training (i.e., unknown data). The proposed framework uses a time window based approach to divide the traffic flow of an activity into segments, so that in-app activities can be identified just by observing only a fraction of the activity related traffic. Our tests have shown that the DNN based framework has demonstrated an accuracy of 90% or above in identifying previously trained in-app activities and an average accuracy of 79% in identifying previously untrained in-app activity traffic as unknown data when this framework is employed.