Non-uniformity is All You Need: Efficient and Timely Encrypted Traffic Classification With ECHO

TL;DR

ECHO is a novel method that improves encrypted traffic classification by optimizing traffic representations with non-uniform binning and enabling faster classification through early exit strategies, significantly reducing latency.

Contribution

The paper introduces ECHO, combining hyperparameter-optimized non-uniform binning and early classification techniques for more efficient and timely encrypted traffic classification.

Findings

Up to 90% reduction in classification latency.

Maintains or improves accuracy with smaller representations.

Significant efficiency gains demonstrated on three datasets.

Abstract

With 95% of Internet traffic now encrypted, an effective approach to classifying this traffic is crucial for network security and management. This paper introduces ECHO -- a novel optimization process for ML/DL-based encrypted traffic classification. ECHO targets both classification time and memory utilization and incorporates two innovative techniques. The first component, HO (Hyperparameter Optimization of binnings), aims at creating efficient traffic representations. While previous research often uses representations that map packet sizes and packet arrival times to fixed-sized bins, we show that non-uniform binnings are significantly more efficient. These non-uniform binnings are derived by employing a hyperparameter optimization algorithm in the training stage. HO significantly improves accuracy given a required representation size, or, equivalently, achieves comparable accuracy using smaller representations. Then, we introduce EC (Early Classification of traffic), which enables faster classification using a cascade of classifiers adapted for different exit times, where classification is based on the level of confidence. EC reduces the average classification latency by up to 90\%. Remarkably, this method not only maintains classification accuracy but also, in certain cases, improves it. Using three publicly available datasets, we demonstrate that the combined method, Early Classification with Hyperparameter Optimization (ECHO), leads to a significant improvement in classification efficiency.