An empirical study of morphing on behavior-based network traffic classification

摘要

With the rapid advancement of traffic classification techniques, a countermeasure against them called network traffic morphing, which aims at masking traffic to degrade the performance of traffic identification and classification, has emerged. Although several morphing strategies have been proposed as promising approaches, very few works, however, have investigated their impact on the actual traffic classification performance. This work sets out to fulfill this gap from an empirical study point of view. It takes into account different morphing strategies exerted on packet size (PS) and/or inter-arrival time (IAT) and evaluates them by simulation. The impact is evaluated by using three popularity used classification algorithms, including C4.5, Support Vector Machines , and Naive Bayes, with various performance metrics considered. The results show that not all morphing strategies can effectively thwart traffic classification. Different morphing strategies perform distinctively in degrading traffic identification, among which the integration of PS and IAT morphings is the best, and the PS-based method alone is the worst. Furthermore, the three classifiers also exhibit distinct robustness to the morphing, with C4.5 being the most robust and Naive Bayes being the weakest. Finally, our study shows that classifiers can learn nontrivial information merely from the traffic direction patterns, which partially explains the weak protection of PS-based morphing methods because they fail to take the direction patterns into consideration. Copyright (c) 2013 John Wiley & Sons, Ltd.