近年來由於隱私意識的提高,許多網路服務選擇使用加密協議(Encrypted Agreement)。為流量分類(Traffic Classification)來改善服務品質(Quality of Service, QoS),本論文基於機器學習(Machine Learning)的方法,對網路加密流量的行為進行分類。而傳統的流量分類方法如IP/ASN查詢、基於Port與深度封包檢測等,雖可對使用行為分類,通常無法有效地處理加密流量,因此本論文提出混合式流量分類法(Hybrid Traffic Classification, HTC),乃基於機器學習結合IP/ASN (Autonomous System Number)查詢與深度封包檢測,並加入多數投票(Majority Voting)策略,能快速為不同QoS流量作準確的分類。實驗及結果顯示,所提出之分類法可有效地分類出不同的加密流量,在多數投票策略K=13時,可再提升10%的分類準確度。尤其在使用相同的協議時,也能有效分類出不同行為的流量,並給定適當的差異式服務(Differentiated Services Code Point, DSCP)標籤。
In recent years, due to increased privacy awareness, many Internet services have chosen to use encrypted agreements. In order to improve the quality of service (QoS), in this paper, the network encrypted traffic behaviors are classified based on machine learning. The traditional traffic classification methods, such as IP/ASN (Autonomous System Number) analysis, Port-based and deep packet inspection, etc., can classify traffic behavior, but cannot effectively handle encrypted traffic. So this paper proposed a hybrid traffic classification (HTC) method based on machine learning and combined with IP/ASN analysis with deep packet inspection. Moreover, the majority voting method was proposed to quickly classify different QoS traffic accurately. Experimental results show that the proposed HTC method can effectively classify different encrypted traffic. The classification accuracy can be further improved by 10 percentages with majority voting by K=13. Especially when the networking data are using the same protocol, the proposed HTC can effectively classify the traffic data with different behaviors with the differentiated services code point (DSCP) mark.