Abstract

Application identification assists network operators effectively on many tasks regarding network management such as controlling bandwidth or securing traffic from others. However, encryption is one of the factors to make application identification difficult, because it is so hard to infer the original (unencrypted) packets from encrypted packets. As a result, the accuracy of application identification is getting worse as the increase of encrypted traffic. In this paper, we propose a method to increase the accuracy of application identification whatever the traffic is encrypted or not. We propose EFM (Estimated Features Method) and investigate how three different supervised machine learning algorithms (Support Vector Machine, Naive Bayes Kernel Estimation, and C4.5 decision tree) affect the accuracy of identification. Our results show that EFM using SVM is able to provide overall accuracy 97.2% for encrypted traffic.