DRPSD: An novel method of identifying SSL/TLS traffic

More and more Internet applications transmit data with encrypted protocols, so how to identify network traffic which use encrypted protocols is very important to network control and management. However, traditional traffic identification methods, such as port-based, payload-based and statistic-based methods are invalid or inaccurate for most of encrypted protocols. In this paper, we propose a new method (called DRPSD) to identify encrypted traffic which uses SSL/TLS protocol. In DRPSD, we only check the first few packets in a connection, and double record protocol structure is detected in each packet, instead of checking each byte in the packet. The experimental results show that, our method can improve accuracy rate by 20% and identifying speed by 200% in identifying SSL protocol compared with the open source software OpenDPI.