This paper proposes an approach of encrypted network traffic classification based on entropy calculation and machine learning technique. Apart from using ordinary Shannon's entropy, we examine entropy after encoding and a weighted average of Shannon binary entropy called BiEntropy. The objective of this paper is to identify any application flows as part of encrypted traffic. To achieve this we (i) calculate entropy-based features from the packet payload: encoded payload or binary payload, n-length word of the payload, (ii) employ a Genetic-search feature selection algorithm on the extracted features where fitness function is calculated from True Positive Rate, False Positive Rate and number of selected features, and (iii) propose a data driven supervised machine learning model from Support Vector Machine (SVM) for automatic identification of encrypted traffic. To the best of our knowledge, this is the first attempt to tackle the problem of classifying encrypted traffic using extensive entropy-based features and machine learning techniques.
展开▼
