SETA: Scalable Encrypted Traffic Analytics in Multi-Gbps Networks

While end-to-end encryption brings security and privacy to the end-users, it makes legacy solutions such as Deep Packet Inspection ineffective. Despite the recent work in machine learning-based encrypted traffic classification, these new techniques would require, if they were to be deployed in real enterprise-scale networks, an enhanced flow sampling due to sheer volume of data being traversed. In this paper, we propose a holistic architecture that can cope with encryption and multi-Gbps line rate with sampling and sketching flow statistics, which allows network operators to both accurately estimate the flow size distribution and identify the nature of VPN-obfuscated traffic. With over 6000 video traffic traces, we show that it is possible to achieve 99% accuracy for service provider classification even with sampled possibly inaccurate data.