This repository contains the source code for our work on Encrypted Traffic Classification (ETC) in programmable switches with P4 and Machine Learning, appearing in the Proceedings of IEEE/IFIP NOMS 2024, 6–10 May 2024, Seoul, South Korea.
This work leverages recent advances in data plane programmability to achieve real-time ETC in programmable switches at line rate, with high throughput and low latency. The proposed solution comprises (i) an ETC-aware Random Forest (RF) modelling process where only features based on packet size and packet arrival times are used, and (ii) an encoding of the trained RF model into production-grade P4-programmable switches.
For full details, please consult our paper.
An extended version is currently in submission as an invited paper to a journal.
There are two folders:
- In_switch_ETC : the python and P4 code for the training and encoding of the in-switch RF models for RF.
- Offline_ETC : the python code for the offline data analysis and ETC modelling process.
The use cases considered in the paper are:
- QUIC traffic classification based on the publicly available Netflow QUIC dataset. The challenge is classifying traffic into one of 5 classes.
- Encrypted instant messaging application fingerprinting with 6 classes, based on the Encrypted Instant Messaging Dataset made available by the NIMS Lab.
- VPN traffic classification, distinguishing 7 classes. It is based on the ISCX-VPN-NonVPN-2016 Dataset.
We provide the python and P4 code for the Encrypted Instant Messaging App classification use case with 6 classes.
The same approach for feature/model selection and encoding to P4 applies to all the use cases.
If you make use of this code, kindly cite our paper:
@inproceedings{etc-noms-2024,
author={Akem, Aristide Tanyi-Jong and Fraysse, Guillaume and Fiore, Marco},
booktitle={NOMS 2024-2024 IEEE Network Operations and Management Symposium},
title={Encrypted Traffic Classification at Line Rate in Programmable Switches with Machine Learning},
year={2024},
volume={},
number={},
pages={1-9},
doi={10.1109/NOMS59830.2024.10575394}}
If you need any additional information, send us an email at aristide.akem at imdea.org.