Machine learning-based encrypted traffic classification achieves high accuracy when training and testing samples originate from the same proxy protocol. However, in real-world scenarios where the deployed proxy protocol is uncertain, cross-protocol distributional gaps lead to significant degradation in classification performance. Encrypted proxy protocols generally encapsulate and encrypt transport-layer payloads without padding or compression, thereby introducing structured protocol-specific encapsulation bias. We propose a signature-based cross-protocol encrypted proxy traffic classification approach (SPTC) to address the challenge of cross-protocol classification. SPTC first performs traffic length sequence alignment to mitigate encapsulation-induced bias through bias calculation and calibration. It then extracts signature-based features by constructing cumulative sum paths and deriving high-order path signature descriptors that capture the global geometric characteristics of traffic flows. Finally, the method employ a random forest classifier to achieve robust cross-protocol classification. SPTC achieves up to 99.3% accuracy across diverse encrypted proxy protocols, demonstrating generalization in cross-protocol scenarios.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

SPTC: Signature-Based Cross-Protocol Encrypted Proxy Traffic Classification Approach

  • Huajie Jia,
  • Yige Chen,
  • Zhengzhou Tang

摘要

Machine learning-based encrypted traffic classification achieves high accuracy when training and testing samples originate from the same proxy protocol. However, in real-world scenarios where the deployed proxy protocol is uncertain, cross-protocol distributional gaps lead to significant degradation in classification performance. Encrypted proxy protocols generally encapsulate and encrypt transport-layer payloads without padding or compression, thereby introducing structured protocol-specific encapsulation bias. We propose a signature-based cross-protocol encrypted proxy traffic classification approach (SPTC) to address the challenge of cross-protocol classification. SPTC first performs traffic length sequence alignment to mitigate encapsulation-induced bias through bias calculation and calibration. It then extracts signature-based features by constructing cumulative sum paths and deriving high-order path signature descriptors that capture the global geometric characteristics of traffic flows. Finally, the method employ a random forest classifier to achieve robust cross-protocol classification. SPTC achieves up to 99.3% accuracy across diverse encrypted proxy protocols, demonstrating generalization in cross-protocol scenarios.