FlowPic - Encrypted Traffic Classification

Introduction

The page describes our work on encrypted traffic classification.

Tal Shapira and Yuval Shavitt.
FlowPic: Encrypted Internet Traffic Classification is as Easy as Image Recognition.
IEEE Workshop on Network Intelligence: Machine Learning for Networking (NI 2019), April 2019, Paris, France.

Data used in the paper

RAGE executable is available for download here. Currently only a Windows executable exist, work is done to create a unix executable. The source for this software is openly available on this web page, and should be easily converted for unix.

Running RAGE

To run RAGE from the command line use: RAGE [file-name]

where [file-name] is an input graph in the form of a text file containing the graphs edge-list (e.g. sample graph). The output will be located in the "Result" folder created after the run.

An additional optional file with known node classes can be added to the run graph by adding a file with the name "NodeTypesList.txt" to RAGE executable folder (e.g. sample known set). The file should be in the form of lines consisting of [NODE_ID] [long name (no space)] [classification_ID].
E.g:
1 tel_aviv_univ EDU
2 jerusalem_univ EDU
3 at&t LTP
...

RAGE's Output

The output of RAGE will appear under the folder "Results" and will come in the form of: *.CSV (comma seperated vector) and *.arff (WEKA)
Rage graphlets id's follow the same convention of Uri Alon's motif dictionary (pdf). Since the above convention does not contain reference to the node position, we modified to ids as follows:

ID: 78_0 Three node path, node with degree 1
Source Code
Source code is located here and is free under the the revised BSD license.
Other papers on Motifs and Graphlets
See link