This repository contains the source code for our work on Encrypted Traffic Classification (ETC) in programmable switches with P4 and Machine Learning, appearing in the Proceedings of IEEE/IFIP NOMS 2024, 6–10 May 2024, Seoul, South Korea, and in the International Journal of Network Management, Wiley, vol. 35, no. 1, January 2025.
This work leverages recent advances in data plane programmability to achieve real-time ETC in programmable switches at line rate, with high throughput and low latency. The proposed solution comprises (i) an ETC-aware Random Forest (RF) modelling process where only features based on packet size and packet arrival times are used, and (ii) an encoding of the trained RF model into production-grade P4-programmable switches.
For full details, please consult our:
- Conference paper: Encrypted Traffic Classification at Line Rate in Programmable Switches with Machine Learning;
- Journal paper: Real-Time Encrypted Traffic Classification in Programmable Networks with P4 and Machine Learning;
There are two folders:
- In_switch_ETC : the python and P4 code for the training and encoding of the in-switch RF models for RF.
- Offline_ETC : the python code for the offline data analysis and the ETC modelling process.
The use cases considered in the paper are:
- QUIC traffic classification based on the publicly available Netflow QUIC dataset. The challenge is classifying traffic into one of 5 classes.
- Encrypted instant messaging application fingerprinting with 6 classes, based on the Encrypted Instant Messaging Dataset made available by the NIMS Lab.
- VPN traffic classification, distinguishing 7 classes. It is based on the ISCX-VPN-NonVPN-2016 Dataset.
We provide the python and P4 code for the Encrypted Instant Messaging App classification use case with 6 classes.
The same approach for feature/model selection and encoding to P4 applies to all the use cases.
If you make use of this code, kindly cite our papers:
@inproceedings{etc-noms-2024,
author={Akem, Aristide Tanyi-Jong and Fraysse, Guillaume and Fiore, Marco},
booktitle={NOMS 2024-2024 IEEE Network Operations and Management Symposium},
title={Encrypted Traffic Classification at Line Rate in Programmable Switches with Machine Learning},
year={2024},
volume={},
number={},
pages={1-9},
doi={10.1109/NOMS59830.2024.10575394}}
@article{etc-ijnm-2025,
author = {Akem, Aristide Tanyi-Jong and Fraysse, Guillaume and Fiore, Marco},
title = {Real-Time Encrypted Traffic Classification in Programmable Networks with P4 and Machine Learning},
journal = {International Journal of Network Management},
volume = {35},
number = {1},
pages = {e2320},
doi = {https://doi.org/10.1002/nem.2320},
url = {https://onlinelibrary.wiley.com/doi/abs/10.1002/nem.2320},
eprint = {https://onlinelibrary.wiley.com/doi/pdf/10.1002/nem.2320},
note = {e2320 nem.2320},
year = {2025}}
If you need any additional information, send us an email at aristide.akem at imdea.org.