Analysis of Encrypted Network Traffic using Machine Learning Models

Traffic classification is essential for identifying normal behavior from diverse traffic. Modern applications that contribute to half of the world's traffic generate encrypted traffic to protect the data between clients and servers. Encryption is required to prevent adversaries from accessing private information such as user behavior patterns, application data, and passwords. Ideally, this encrypted traffic would be legitimate; however, in some cases, the encrypted traffic can conceal malicious software like viruses, worms, and Trojans. Therefore, to secure our networks, large-scale encrypted traffic analysis is required in real time to identify abnormal patterns as soon as possible. This chapter will discuss various unsupervised, supervised, and semi-supervised learning techniques deployed to analyze encrypted traffic. This paper presents the first such analysis for encrypted network data to the best of our knowledge. The learning models analyzed are K-means clustering, random forest, label propagation, and AdaBoost classifiers. Experimental analysis is performed on UNSW-NB15 encrypted traffic datasets.