SPTC: Signature-Based Cross-Protocol Encrypted Proxy Traffic Classification Approach
摘要
Machine learning-based encrypted traffic classification achieves high accuracy when training and testing samples originate from the same proxy protocol. However, in real-world scenarios where the deployed proxy protocol is uncertain, cross-protocol distributional gaps lead to significant degradation in classification performance. Encrypted proxy protocols generally encapsulate and encrypt transport-layer payloads without padding or compression, thereby introducing structured protocol-specific encapsulation bias. We propose a signature-based cross-protocol encrypted proxy traffic classification approach (SPTC) to address the challenge of cross-protocol classification. SPTC first performs traffic length sequence alignment to mitigate encapsulation-induced bias through bias calculation and calibration. It then extracts signature-based features by constructing cumulative sum paths and deriving high-order path signature descriptors that capture the global geometric characteristics of traffic flows. Finally, the method employ a random forest classifier to achieve robust cross-protocol classification. SPTC achieves up to 99.3% accuracy across diverse encrypted proxy protocols, demonstrating generalization in cross-protocol scenarios.