Fortinet, Inc.
MACHINE-LEARNING BASED APPROACH FOR CLASSIFICATION OF ENCRYPTED NETWORK TRAFFIC

Abstract:

Systems and methods for a machine-learning based approach for classification of encrypted network traffic data are provided. According to various embodiment of the present disclosure, a network security device receives a stream of packets representing a network flow. Metadata relating to the stream of packets is determined. Application layer payload data of one or more packets of the stream of packets is matched against string patterns and regular expression patterns. Statistics relating to the application layer payload data are collected. The network flow is then classified as being associated with a particular network service of various network services by applying a machine-learning model to the metadata, results of the matching, and the collected statistics.