LTI: Encrypted Traffic Classification Framework Considering Data Drift

Traffic management and Quality of Service (QoS) are key mechanisms of modern networks. They depend on the real-time traffic classification (TC) by QoS requirements. However, traffic on the modern Internet is mostly encrypted and requires analyzing subtle differences in the flow patterns to distinguish the classes reliably. Yet, despite the TC problem being well-studied in the literature, it still has a few challenges in practice. The first one relates to the evolution rate of different web services, and, therefore, to the required traffic datasets update and TC algorithm retrain frequency. The second challenge relates to the efficiency and complexity of the dataset's autonomous update and labeling. This challenge is specifically crucial for further enhancement of the Transport Layer Security (TLS) protocol with the Encrypted ClientHello (ECH) amendment that encrypts the remaining sensitive data in the TLS exchange procedure. To address these challenges, this paper proposes the Local Traffic Insights (LTI) framework. LTI enables accurate TC based on locally and autonomously collected and labeled traffic datasets. The paper shows that it is sufficient to update the dataset and retrain the state-of-the-art TC algorithm hRFTC once a month, to achieve accurate TC.