Abstract

A network eavesdropper may invade the privacy of an online user by collecting the passing traffic and classifying the applications that generated the network traffic. This collection may be used to build fingerprints of the user's Internet usage. In this paper, we investigate the feasibility of performing such breach on encrypted network traffic generated by actual users. We adopt the random forest algorithm to classify the applications in use by users of a campus network. Our classification system identifies and quantifies different statistical features of user's network traffic to classify applications rather than looking into packet contents. In addition, application classification is performed without employing a port mapping at the transport layer. Our results show that applications can be identified with an average precision and recall of up to 99%.