Classification of Encrypted Internet Traffic Using Kullback Leibler Divergence and Euclidean Distance

The limitations of traditional classification methods based on port number and payload inspection to classify encrypted or obfus-cated Internet traffic, often with randomized port numbers, have lead to significant research efforts focusing on classification approaches based on Machine Learning techniques using Transport Layer statistical features. However, these approaches also have their own limitations, leading to the study of a set of other alternative approaches, including statistics-based approaches. Statistical approaches can be an alternative to machine learning, because in real-time traffic classification with new types of data, the entire traffic classifier has to be retrained in order to adapt to the new change by combining the old training data with the new training data. This article investigates the classification of encrypted traffic using statistical methods applied to network traffic classification. We propose two statistical classifiers for encrypted Internet traffic based on Kullback Leibler divergence and Euclidean distance, which are computed using the flow and packet size obtained from some of the protocols used by applications. In our experiments, we evaluate the two classifiers based on statistical methods and compare them with a classifier based on Support Vector Machine (SVM). During our study, we were able to classify the traffic by using few features without compromising the performance of the classifier. The experimental results illustrate the effectiveness of our models used for traffic classification.