Visibility into network traffic is a key requirement for different security and network monitoring tools. Recent trends in the evolution of Internet traffic present a challenge for traditional traffic analysis methods to achieve accurate classification of Internet traffic including Voice over IP (VoIP), text messaging, video, and audio services among others. A key aspect of this trend is the rising levels of encrypted multiple service channels where the payload is opaque to middleboxes in the network. In such scenarios, traditional approaches such as Deep Packet Inspection (DPI) or examination of Port numbers are unable to achieve the classification accuracy required. This work investigates Machine Learning-based network traffic classifiers as a means of accurately classifying encrypted multiple service channels. The study carries out a thorough study which (i) proposes and evaluates two machine learning-based frameworks for multiple service channels analysis; (ii) undertakes feature engineering to identify the minimum number of features required to obtain high accuracy while reducing the effects of over-fitting; (iii) explores the portability and robustness of the frameworks trained models under different network conditions: location, time, and volume; and (iv) collects and analyzes a large-scale dataset including nine classes of services, for benchmarking purposes.

中文翻译：

---

基于机器学习的加密服务通道分类精度：多因素分析

对网络流量的可见性是不同安全和网络监控工具的关键要求。互联网流量演变的最新趋势对传统流量分析方法提出了挑战，以实现互联网流量的准确分类，包括 IP 语音 (VoIP)、文本消息、视频和音频服务等。这一趋势的一个关键方面是加密多服务通道的水平不断提高，其中有效载荷对网络中的中间盒不透明。在这种情况下，深度包检测 (DPI) 或端口号检查等传统方法无法达到所需的分类精度。这项工作研究了基于机器学习的网络流量分类器，作为对加密的多个服务通道进行准确分类的一种手段。该研究进行了深入研究，其中 (i) 提出并评估了两种基于机器学习的多服务渠道分析框架；(ii) 进行特征工程以识别获得高精度所需的最少特征数量，同时减少过拟合的影响；(iii) 探索框架训练模型在不同网络条件下的可移植性和鲁棒性：位置、时间和容量；(iv) 收集和分析包括九类服务的大规模数据集，用于基准测试。(iii) 探索框架训练模型在不同网络条件下的可移植性和鲁棒性：位置、时间和容量；(iv) 收集和分析包括九类服务的大规模数据集，用于基准测试。(iii) 探索框架训练模型在不同网络条件下的可移植性和鲁棒性：位置、时间和容量；(iv) 收集和分析包括九类服务的大规模数据集，用于基准测试。