Encrypted Traffic Classification at Line Rate in Programmable Switches with Machine Learning

Abstract

Encrypted Traffic Classification (ETC) has become an important area of research with Machine Learning (ML) methods being the state-of-the-art. However, most existing solutions either rely on offline ETC based on collected network data or on online ETC with models running in the control plane of Software-Defined Networks (SDN), all of which do not run at line rate and would not meet latency requirements of time-sensitive applications in modern networks. This work leverages recent advances in data plane programmability to achieve real-time ETC in programmable switches at line rate, with high throughput and low latency. The proposed solution comprises (i) an ETC-aware Random Forest (RF) modelling process where only features based on packet size and packet arrival times are used, and (ii) an encoding of the trained RF model into production-grade P4-programmable switches. The performance of the proposed in-switch ETC framework is evaluated using 3 encrypted traffic datasets with experiments in a real-world testbed with Intel Tofino switches, in the presence of background traffic at 40 Gbps. Results show how the solution achieves high classification accuracy of up to 95%, with sub-microsecond delay, while consuming on average less than 10% of total available switch hardware resources.