Wei Wang,Ming Zhu,Jinlin Wang,Xuewen Zeng,Zhongzhen Yang

DOI: https://doi.org/10.1109/isi.2017.8004872

2017-07-01

Abstract:Traffic classification plays an important and basic role in network management and cyberspace security. With the widespread use of encryption techniques in network applications, encrypted traffic has recently become a great challenge for the traditional traffic classification methods. In this paper we proposed an end-to-end encrypted traffic classification method with one-dimensional convolution neural networks. This method integrates feature extraction, feature selection and classifier into a unified end-to-end framework, intending to automatically learning nonlinear relationship between raw input and expected output. To the best of our knowledge, it is the first time to apply an end-to-end method to the encrypted traffic classification domain. The method is validated with the public ISCX VPN-nonVPN traffic dataset. Among all of the four experiments, with the best traffic representation and the fine-tuned model, 11 of 12 evaluation metrics of the experiment results outperform the state-of-the-art method, which indicates the effectiveness of the proposed method.

Zhuoxue Song,Ziming Zhao,Fan Zhang,Gang Xiong,Guang Cheng,Xinjie Zhao,Shize Guo,Binbin Chen

DOI: https://doi.org/10.1109/TDSC.2023.3245411

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Traffic classification occupies a significant role in cybersecurity and network management. The widespread of encryption transmission protocols such as SSL/TLS has led to the dominance of deep learning based approaches. In cybersecurity, strong adversaries often complicate their strategies by constantly developing emerging attacks. Meanwhile, security practitioners desire to grasp the reasons for inference results. However, existing deep learning approaches lack efficient adaptation for incremental traffic types and often have less interpretability. In this paper, we propose I <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$^{2}$</tex-math></inline-formula> RNN, an Incremental and Interpretable Recurrent Neural Network for encrypted traffic classification. The I <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$^{2}$</tex-math></inline-formula> RNN proposes a novel propagation process to extract the sequence fingerprints from sessions with local robustness. Meanwhile, this proposal provides interpretability including time-series feature attribution and inter-class similarity portrait. Moreover, we design I <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$^{2}$</tex-math></inline-formula> RNN in an incremental manner to adapt to emerging traffic types. The I <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$^{2}$</tex-math></inline-formula> RNN only needs to train an additional set of parameters for the newly added traffic type rather than retraining the whole model with the entire dataset. Extensive experimental results show that our I <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$^{2}$</tex-math></inline-formula> RNN can achieve remarkable performance in traffic classification, incremental learning, and model interpretability. Compared with other local interpretability methods, our I <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$^{2}$</tex-math></inline-formula> RNN exhibits excellent stability, robustness, and effectiveness in the interpretation of network traffic data.

Zhuoxue Song,Ziming Zhao,Fan Zhang,Gang Xiong,Guang Cheng,Xinjie Zhao,Shize Guo,Binbin Chen

DOI: https://doi.org/10.1109/tdsc.2023.3245411

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Traffic classification occupies a significant role in cybersecurity and network management. The widespread of encryption transmission protocols such as SSL/TLS has led to the dominance of deep learning based approaches. In cybersecurity, strong adversaries often complicate their strategies by constantly developing emerging attacks. Meanwhile, security practitioners desire to grasp the reasons for inference results. However, existing deep learning approaches lack efficient adaptation for incremental traffic types and often have less interpretability. In this paper, we propose I $^{2}$ RNN, an Incremental and Interpretable Recurrent Neural Network for encrypted traffic classification. The I $^{2}$ RNN proposes a novel propagation process to extract the sequence fingerprints from sessions with local robustness. Meanwhile, this proposal provides interpretability including time-series feature attribution and inter-class similarity portrait. Moreover, we design I $^{2}$ RNN in an incremental manner to adapt to emerging traffic types. The I $^{2}$ RNN only needs to train an additional set of parameters for the newly added traffic type rather than retraining the whole model with the entire dataset. Extensive experimental results show that our I $^{2}$ RNN can achieve remarkable performance in traffic classification, incremental learning, and model interpretability. Compared with other local interpretability methods, our I $^{2}$ RNN exhibits excellent stability, robustness, and effectiveness in the interpretation of network traffic data.

Mohammad Lotfollahi,Ramin Shirali Hossein Zade,Mahdi Jafari Siavoshani,Mohammdsadegh Saberian

DOI: https://doi.org/10.48550/arXiv.1709.02656

2018-07-04

Abstract:Internet traffic classification has become more important with rapid growth of current Internet network and online applications. There have been numerous studies on this topic which have led to many different approaches. Most of these approaches use predefined features extracted by an expert in order to classify network traffic. In contrast, in this study, we propose a \emph{deep learning} based approach which integrates both feature extraction and classification phases into one system. Our proposed scheme, called "Deep Packet," can handle both \emph{traffic characterization} in which the network traffic is categorized into major classes (\eg, FTP and P2P) and application identification in which end-user applications (\eg, BitTorrent and Skype) identification is desired. Contrary to most of the current methods, Deep Packet can identify encrypted traffic and also distinguishes between VPN and non-VPN network traffic. After an initial pre-processing phase on data, packets are fed into Deep Packet framework that embeds stacked autoencoder and convolution neural network in order to classify network traffic. Deep packet with CNN as its classification model achieved recall of $0.98$ in application identification task and $0.94$ in traffic categorization task. To the best of our knowledge, Deep Packet outperforms all of the proposed classification methods on UNB ISCX VPN-nonVPN dataset.

Machine Learning,Cryptography and Security,Networking and Internet Architecture

Min Lu,Bin Zhou,Zhiyong Bu,Kecheng Zhang,Zhenhua Ling

DOI: https://doi.org/10.1109/wcnc49053.2021.9417340

2021-01-01

Abstract:Accurate traffic classification is critical for network QoS provisioning and cyberspace security. Recently, classifying different traffic using convolutional neural networks (CNN) has achieved high accuracy. However, these large CNN models have millions of parameters, which are not suitable for edge computing hardware deployment. In this work, we propose a compressed network in network (NIN) model for traffic identification. A stepwise pruning and knowledge distillation (KD) is designed for training the compressed model, which aims at reducing storage and computing resources. Our method is validated with the public ISCX VPN-nonVPN traffic dataset. Experimental results show that without degrading classification accuracy, our minimum model can save more than 50% of the number of parameters and 30% of the computation time comparing with the uncompressed NIN model. The test set average F1 score of 0.9805 of the minimum model is higher than that of the state-of-the-art model, which is a CNN model.

Cheng Yuan Lin,BaiHua Chen,WeiYao Lan

DOI: https://doi.org/10.1109/iccece54139.2022.9712708

2022-01-01

Abstract:With the rapid development of the Internet, the amount and types of network traffic have increased dramatically in tandem. Therefore, precise network traffic classification has become an essential aspect of network management. Furthermore, as user privacy and data encryption requirements have grown, more encrypted traffic has evolved. Because of the wide variety of encryption techniques and methodologies, network traffic categorization has become extremely challenging. Traditional traffic classification methods have been unable to meet the demand for classification accuracy. In this study, we propose a network structure that combines CNN and Bi-GRU to learn the temporal and spatial features of encrypted traffic data. We utilize the public dataset ISCX VPN-non VPN to evaluate the effect of our model, and we use accuracy, recall, and F1 score as criteria. Finally, our model had a classification accuracy of93.1 %, with a recall rate of 93.7% and an F1 score of 93.6%. We also discussed about the differences between Bi-GRU and LSTM in terms of model parameter scale and time efficiency. Experiments show that Bi-GRU has the greatest classification effect and efficiency.

Xin Wang,Shuhui Chen,Jinshu Su

DOI: https://doi.org/10.1109/infocomwkshps50562.2020.9162891

2020-01-01

Abstract:With the exponential growth of mobile traffic data, mobile traffic classification is in a great need. It is an essential step to improve the performance of network services such as QoS and security monitoring. However, the widespread use of encrypted protocols, especially the TLS protocol, has posed great challenges to traditional traffic classification techniques. As the rule-based deep packet inspection approaches are ineffective for encrypted traffic classification, various machine learning methods have been studied and used. Recently, deep learning solutions which enable automatic feature extraction are also proposed to classify encrypted traffic. In this paper we propose App-Net, an end-to-end hybrid neural network, to learn effective features from raw TLS flows for mobile app identification. App-Net is designed by combining RNN and CNN in a parallel way. So that it can learn a joint flow-app embedding to characterize both flow sequence patterns and unique app signatures. We evaluate App-Net on a real-world dataset that covering 80 apps. The results show that our method can achieve an excellent performance and outperform the state-of-the-art methods.

Zitong Hu,Bo Qu,Xiang Li,Cong Li

DOI: https://doi.org/10.1007/978-981-97-5101-3_21

2024-01-01

Abstract:The exponential increase in encrypted traffic presents significant challenges to conventional traffic classification methodologies. The integration of deep learning and time series analysis has emerged as a contemporary approach, but the crucial higher interaction information among encrypted traffic packets is often neglected. Based on the fact that distinct categories of encrypted traffic manifest unique spatial structures and temporal patterns, we introduce a novel deep learning framework, termed Higher-Interaction-Graph encrypted classifier (HIGEC). This framework employs graph convolutional networks (GCN) and higher interaction information among packets for the precise classification of encrypted traffic flows. Initially, our approach incorporates a newly designed module that leverages metadata to transform each encrypted traffic flow into a graph structure, preserving the temporal information and spatial structure between packets. Subsequently, we introduce an advanced graph pooling and merge layer atop the GCN architecture that dynamically derives multi-order graph representations, augmenting our adaptability to diverse network environments. Meanwhile, we propose a new encrypted traffic dataset that addresses the inherent limitations of currently available public datasets to validate the effectiveness of our model. Comprehensive testing on our proposed dataset and two more public real-world datasets demonstrates that the HIGEC model significantly enhances accuracy, outperforming existing state-of-the-art methods.

Xinxin Tong,Xiaobin Tan,Lingan Chen,Jian Yang,Quan Zheng

DOI: https://doi.org/10.1109/hoticn50779.2020.9350824

2020-01-01

Abstract:With the rapid development of network technology and encryption technology, network security issues have received more and more attention, and network encryption traffic is increasing, which results in a huge challenge for network traffic classification. Combining machine learning algorithms with manual design has become a mainstream approach to solve this problem, However, it requires a large amount of human effort to extract and process features, which depend on professional experience heavily. In this paper, We discuss the essential reason why convolutional neural network(CNN) can deal with the problem of encrypted traffic classification and propose a novel classification framework the Bidirectional Flow Sequence Network(BFSN) based on long short-term memory (LSTM). Compared with the traditional traffic classification scheme, the BFSN is an end-to-end classification model that learns representative features from the raw traffic and classifies them. Moreover, We apply the length and direction information of the encrypted traffic to construct the bidirectional traffic sequence and then process it based on LSTM. Our Experiments gains the excellent accuracy about 91% based the ISCX VPN-NonVPN dataset.

Qianli Ma,Wei Huang,Yanliang Jin,Jianhua Mao

DOI: https://doi.org/10.1109/icaibd51990.2021.9459072

2021-01-01

Abstract:Network traffic classification is to classify network traffic into related traffic types, which plays a significant role in network management and network security. It can guarantee the quality of service of the network, and guarantee network security by intercepting malware traffic. The extensive usage of encryption techniques and the continuous update of encryption protocols make encrypted traffic classification become a new challenge. In this paper, we propose an encrypted traffic classification method based on traffic reconstruction, which can achieve encrypted network traffic with high precision. The main idea of this method is to extract the first 500 bytes of the payload as key data, and insert the length threshold identifier in the payload header, thenan one-dimensional convolutional neural network is used to classify the reconstructed traffic. We use the public dataset ISCX VPN-nonVPN and self-collected dataset to verify our proposed method. The experiment results show that our proposed method can achieve encrypted traffic characterization by F1 score of 98.5%, and achieve encrypted traffic application classification by F1 score of 98.91%.

Cheng Wang,Wei Zhang,Hao Hao,Huiling Shi

DOI: https://doi.org/10.3390/electronics13071236

IF: 2.9

2024-03-28

Electronics

Abstract:The demand for encrypted communication is increasing with the continuous development of secure and trustworthy networks. In edge computing scenarios, the requirement for data processing security is becoming increasingly high. Therefore, the accurate identification of encrypted traffic has become a prerequisite to ensure edge intelligent device security. Currently, encrypted network traffic classification relies on single-feature extraction methods. These methods have simple feature extraction, making distinguishing encrypted network data flows and designing compelling manual features challenging. This leads to low accuracy in multi-classification tasks involving encrypted network traffic. This paper proposes a hybrid deep learning model for multi-classification tasks to address this issue based on the synergy of dilated convolution and gating unit mechanisms. The model comprises a Gated Dilated Convolution (GDC) module and a CA-LSTM module. The GDC module completes the spatial feature extraction of encrypted network traffic through dilated convolution and gating unit mechanisms. In contrast, the CA-LSTM module focuses on extracting temporal network traffic features. By employing a collaborative approach to extract spatio-temporal features, the model ensures feature extraction diversity, guarantees robustness, and effectively enhances the feature extraction rate. We evaluate our multi-classification model using the ISCX VPN-nonVPN public dataset. Experimental results show that the proposed method achieves an accuracy rate of over 95% and a recall rate of over 90%, significantly outperforming existing methods.

engineering, electrical & electronic,computer science, information systems,physics, applied

Boyu Sun,Wenyuan Yang,Mengqi Yan,Dehao Wu,Yuesheng Zhu,Zhiqiang Bai

DOI: https://doi.org/10.1109/ipccc50635.2020.9391542

2020-01-01

Abstract:The increase in the source and size of encrypted network traffic brings significant challenges for network traffic analysis. The challenging problem in the encrypted traffic classification field is obtaining high classification accuracy with small number of labeled samples. To solve this problem, we propose a novel encryption traffic classification method that learns the feature representation from the traffic structure and the traffic flow data in this paper. We construct a K-Nearest Neighbor (KNN) traffic graph to represent the structure of traffic data, which contains more similarity information about the traffic. We utilize a two-layer Graph Convolutional Network (GCN) architecture for flows feature extraction and encrypted traffic classification. We further use the autoencoder to learn the representation of the flow data itself and integrate it into the GCN-learned representation to form a more complete feature representation. The proposed method leverages the benefits of the GCN and the autoencoder, which can obtain higher classification performance with only very few labeled data. The experimental results on two public datasets demonstrate that our method achieves impressive results compared to the state-of-the-art competitors.

Peng Zhu,Gang Wang,Jingheng He,Yueli Dong,Yu Chang

DOI: https://doi.org/10.1016/j.array.2024.100338

2024-03-01

Array

Abstract:As data privacy issues become more and more sensitive, increasing numbers of websites usually encrypt traffic when transmitting it. This method can largely protect privacy, but it also brings a huge challenge. Aiming at the problem that encrypted traffic classification makes it difficult to obtain a global optimal solution, this paper proposes an encrypted traffic identification model called the ET-BERT and 1D-CNN fusion network (BCFNet), based on multi-scale feature fusion. This method combines feature learning with classification tasks, unified into an end-to-end model. The local features of encrypted traffic extracted based on the improved Inception one-dimensional convolutional neural network structure are fused with the global features extracted by the ET-BERT model. The one-dimensional convolutional neural network is more suitable for the encrypted traffic of a one-dimensional sequence than the commonly used two-dimensional convolutional neural network. The proposed model can learn the nonlinear relationship between the input data and the expected label and obtain the global optimal solution with a greater probability. This paper verifies the ISCX VPN-nonVPN dataset and compares the results of the BCFNet model with the other five baseline models on accuracy, precision, recall, and F1 indicators. The experimental results demonstrate that the BCFNet model has a greater overall effect than the other five models. Its accuracy can reach 98.88%.

Xinlei Liu

DOI: https://doi.org/10.1155/2022/1419804

IF: 1.43

2022-08-23

Mathematical Problems in Engineering

Abstract:This paper proposed a hybrid approach for the identification of encrypted traffic based on advanced mathematical modeling and computational intelligence. Network traffic identification is the premise and foundation of improving network management, service quality, and application security. It is also the focus of network behavior analysis, network planning and construction, network anomaly detection, and network traffic model research. With the increase in user and service requirements, many applications use encryption algorithms to encrypt traffic during data transmission. As a result, traditional traffic classification methods classify encrypted traffic on the network, which brings great difficulties and challenges to network monitoring and data mining. In our article, a nonlinear modified DBN method is proposed and applied to encrypted traffic identification. Firstly, based on Deep Belief Networks (DBN), this paper introduces the proposed Eodified Elliott (ME)-DBN model, analyzes the function image, and presents the ME-DBN learning algorithm. Secondly, this article designs an encrypted traffic recognition model based on the ME-DBN model. Feature extraction is carried out by training the ME-DBN model, and finally, classification and recognition are carried out by the classifier. The experimental results on the ISCX VPN-non-VPN database show that the MEDBN method proposed in this article can enhance the classification and recognition rate and has better robustness to encrypt traffic recognition from different software.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Shuang Mo,Yifei Wang,Ding Xiao,Wenrui Wu,Shaohua Fan,Chuan Shi

DOI: https://doi.org/10.1007/978-3-030-65390-3_17

2020-01-01

Abstract:Traffic classification plays a vital role in the field of network management and network security. Because of the continuous evolution of new applications and services and the widespread use of encrypted communication technologies, it has become a difficult task. In this paper, we study the classification of encrypted traffic, where the purpose is to firstly distinguish betweenVirtual Private Networks (VPN) and regular encrypted traffic, and then classify the traffic into different traffic categories, such as file, email, etc. The available information in encrypted traffic classification is composed of two parts: the complex traffic-level features and the diverse network-side behaviors. To fully utilize these two parts of information, we propose an approach, called Encrypted Traffic Classification using Graph Convolutional Networks (ETC-GCN), which incorporates traffic-level characteristics with convolutional neural networks (CNN) and network-wide behavior with graph convolutional networks (GCN) in the communication network. We compare the proposed approach with existing start-of-the-art methods on four experiment scenarios, and the results demonstrate that ETC-GCN can improve the classification performance by considering the information of neighbor endpoints that communicated, and the internal features of the traffic together.

Shiming Tian,Feixiang Gong,Shuang Mo,Meng Li,Wenrui Wu,Ding Xiao

DOI: https://doi.org/10.19682/j.cnki.1005-8885.2020.0013

2020-01-01

The Journal of China Universities of Posts and Telecommunications

Abstract:Network traffic classification,which matches network traffic for a specific class of different granularities,plays a vital role in the domain of network administration and cyber security.With the rapid development of network communication techniques,more and more network applications adopt encryption techniques during communication,which brings significant challenges to traditional network traffic classification methods.On the one hand,traditional methods mainly depend on matching features on the application layer of the ISO/OSI reference model,which leads to the failure of classifying encrypted traffic.On the other hand,machine learning-based methods require human-made features from network traffic data by human experts,which renders it difficult for them to deal with complex network protocols.In this paper,the convolution attention network (CAT) is proposed to overcom those difficulties.As an end-to-end model,CAT takes raw data as input and returns classification results automatically,with engineering by human experts.In CAT,firstly,the importance of different bytes with an attention mechanism of network traffic is achieved.Then,convolution neural network (CNN) is used to learn features automatically and feed the output into a softmax function to get classification results.It enables CAT to learn enough information from network traffic data and ensure the classified accuracy.Extensive experiments on the public encrypted network traffic dataset ISCX2016 demonstrate the effectiveness of the proposed model.

Yanjie He,Wei Li

DOI: https://doi.org/10.1109/dsc50466.2020.00048

2020-01-01

Abstract:Network traffic classification plays an important part in the network management and network monitoring. It can help administrators to understand the constitution of network traffic, facilitate administrators to manage the network and provide differentiated service quality and security monitoring. However, the widespread usage of the encryption techniques and dynamic ports policy make encrypted traffic classification become a great challenge for traditional traffic classification methods. In this paper, we propose an image-based method that can classify encrypted network traffic with a high accuracy. The basic idea of the method is to convert the first few nonzero payload sizes of session to gray images, and classify the converted gray images with convolutional neural network to achieve the goal of categorizing the encrypted network traffic. This method is very light-weight and it can automatically extract features, select features and classify encrypted network traffic to categories. We use the public dataset ISCX VPN-nonVPN to validate our proposed method. The experimental results show that our proposed approach achieves F1 score of 97.73% on the conventional encrypted traffic classification and F1 score of 99.55% on the virtual private network traffic(VPN) classification.

Xiuli Ma,Wenbin Zhu,Jieling Wei,Yanliang Jin,Dongsheng Gu,Rui Wang

DOI: https://doi.org/10.1016/j.cose.2023.103175

IF: 5.105

2023-01-01

Computers & Security

Abstract:With the advent of big data, encrypted traffic is widely used, and it is gradually becoming a new challenge for network security and management. Many researchers have obtained good results by converting encrypted traffic into images and feeding them to deep learning-based classification models. However, these methods have some limitations in that they cannot do sustainable learning. They have to retrain a new classifier when new traffic is encountered. To tackle this issue, we propose an extended encrypted traffic classification algorithm based on incremental learning. This approach extracts content and statistical information from encrypted traffic and supports multi-label prediction for VPN channels and applications. We can add new classes to the model without completely retraining and accelerate the update cycle of the model. The results show that the proposed model performs well in classification experiments, which can achieve 98.1% and 96.0% classification accuracy on ISCXVPN2016 and self-collected dataset respectively. In addition, our method can retain high accuracy under the situation of limited memory space while the number of new classes of data increases gradually. It demonstrates the superiority of constructing a generic unforgetting basis for classifying encrypted communication.

Niloofar Bayat,Weston Jackson,Derrick Liu

DOI: https://doi.org/10.48550/arXiv.2106.12693

2021-06-02

Abstract:Monitoring network traffic to identify content, services, and applications is an active research topic in network traffic control systems. While modern firewalls provide the capability to decrypt packets, this is not appealing for privacy advocates. Hence, identifying any information from encrypted traffic is a challenging task. Nonetheless, previous work has identified machine learning methods that may enable application and service identification. The process involves high level feature extraction from network packet data then training a robust machine learning classifier for traffic identification. We propose a classification technique using an ensemble of deep learning architectures on packet, payload, and inter-arrival time sequences. To our knowledge, this is the first time such deep learning architectures have been applied to the Server Name Indication (SNI) classification problem. Our ensemble model beats the state of the art machine learning methods and our up-to-date model can be found on github: \url{<a class="link-external link-https" href="https://github.com/niloofarbayat/NetworkClassification" rel="external noopener nofollow">this https URL</a>}

Networking and Internet Architecture,Cryptography and Security,Machine Learning

Xiaochun Yu,Yipeng Wang,Yongzheng Zhang,Chen Zhao,Zijian Zhao

DOI: https://doi.org/10.1109/tnet.2022.3191312

2023-01-01

Abstract:Nowadays, encryption technology has been widely used to protect user privacy. With the explosive growth of mobile Internet, encrypted TLS traffic rises sharply and occupies a great share of current Internet traffic. In reality, the classification of encrypted TLS traffic on cloud platforms brings a new challenge to traditional encrypted traffic classification methods, because some information such as certificates in the TLS flows is no longer effective. In this paper, we apply deep learning technology to the problem of encrypted TLS traffic classification on cloud platforms, and propose NeuTic, which takes the packet sequence of each TLS flow as the input, and effectively classifies raw TLS flows generated by many "cloud" applications. Our approach is able to automatically capture the long-range dependencies between elements in the packet sequences for robust and accurate encrypted TLS traffic classification. In NeuTic, we first convert each TLS flow into three attribute sequences. Then, we train a multi-application traffic classification model using our newly designed deep learning model. Finally, we use the well-trained classification model to classify new incoming TLS flows. We conduct comprehensive experiments on real-world application traces covering multiple "cloud" applications from three different companies. In addition, we compare our experimental results of NeuTic with two deep learning-based methods for encrypted traffic classification. NeuTic outperforms the state-of-the-art approaches in classification accuracy.