An investigation on identifying SSL traffic

The importance of knowing what type of traffic is flowing through a network is paramount to its success. Traffic engineering, quality of service, identifying critical business applications, intrusion detection systems, as well as network management activities all require the base knowledge of what traffic is flowing over a network before any further steps can be taken. With Secure Socket Layer (SSL) traffic on the rise due to applications securing or concealing their traffic via encryption, the ability to determine what applications are running within a network is getting more and more difficult. Traditional methods of traffic classification through port numbers and deep packet inspection tools have been deemed inadequate despite their continued popular usage. The purpose of this work is to investigate if a machine learning approach can be used with flow features to identify SSL traffic in a given network trace. To this end, different machine learning methods, namely AdaBoost, C4.5, RIPPER, and Naive Bayesian techniques, are investigated without the use of port numbers, Internet Protocol addresses, or payload information.