Mobile Encrypted Traffic Classification Based on Message Type Inference

With the growing attention to the security and privacy of mobile communications, advanced cryptographic protocols are widely applied to protect information confidentiality and prevent privacy leakage. These cryptographic protocols make it difficult to classify encrypted traffic for network management and intrusion detection. Existing mobile encrypted traffic classification approaches intend to alleviate this problem for TLS 1.2 encrypted traffic through modeling message attributes. However, these approaches are facing tough challenges in classifying TLS 1.3 traffic because most plaintext handshake messages are encrypted in TLS 1.3. To tackle this problem, we propose a mobile encrypted traffic classification approach based on Message Type Inference (MTI). We use a Recurrent Neural Network-Conditional Random Field (RNN-CRF) network to infer the hidden message types of encrypted handshake messages. Moreover, we employ machine learning to integrate three kinds of length features. The experimental results demonstrate that the RNN-CRF network achieves 99.92% message type inference accuracy and 98.96% F1-score on a real-world TLS 1.3 dataset and our proposed approach MTI achieves 96.66% accuracy and 96.64% F1-score on a fourteen application real-world TLS 1.3 dataset. In addition, we compare MTI with existing encrypted traffic classification approaches, which demonstrates MTI performs considerably better than state-of-the-art approaches for TLS 1.3 traffic.