원문정보
초록
영어
Due to the wide use of encrypted protocols and random ports, traditional methods that based on port number or packet payload have gradually lose their effectiveness. To address this issue, new methods that based on machine learning techniques become the research hotspots. With many further studies, some research institutions show that ML-based protocol identification methods can generally achieve over 95% accuracy. However, different from most research studies, industry claims that ML-based techniques are hardly to be deployed for practical use due to their high false positives and false negatives. In this paper, different Machine Learning techniques are evaluated for the actual accuracy under different network environments, and a variety of features are tested on different encrypted protocols. The results show that the identification accuracy will go down due to the changed network scale and network environment while the same ML-based models are used under different network environments, and the choices among different Machine Learning techniques, protocol types or statistical features are not critical.
목차
1. Introduction
2. Relate Work
3. Experimental Method
3.1. Data Sources and Protocol Categories
3.2. Algorithms and Feature Selection
3.3. Evaluation Criteria
4. Results and Analysis
4.1. Experiment 1: Accuracy in the Same Data Set
4.2. Experiment 2: Accuracy in Different Data Sets
4.3. Analysis of Experimental Results
5. Conclusion
Acknowledgements
References