|
| Paper | Recognition methods | Classifier | Input data | Research conclusion |
|
| [5] | Machine learning | C4.5 decision tree | HTTP traffic | TCP flow:98.16% |
| UDP flow:99.65% |
|
| [9] | Machine learning | RF | Packet header information and payload | Acc:99.13% |
| Dr:99.26% |
|
| [10] | Machine learning | SVC, K-means | Statistics of PS and IAT | Acc ≥ 90% |
|
| [11] | Machine learning | Soft/hard combination of traffic classifiers | Statistics of PS | +9.5% rec. with respect to best classifier (49/45 Android/iOS apps) |
|
| [12] | Machine learning | WF methods | First 64 TCP PS | 88% best acc. (1595 Android apps) |
|
| [16] | Deep learning | 1D-CNN | First 784 bytes of raw traffic | Two-class acc:99.5% |
| Multi-class acc:99.41% |
|
| [17] | Deep learning | 2D-CNN | First 784 bytes | Four-class acc |
| ALL layer + session two-dimensional image | Multi-class acc:99.17% |
|
| [18] | Deep learning | SAE, LSTM
1D-CNN, 2D-CNN
Hybrid LSTM + 2D-CNN | ALL/L7 layers
4–6 fields
Packet directions | Comprehensive evaluation
86%/83% acc. (49/45 Android/iOS apps) |
|
| [19] | Deep learning | 1D-CNN, SAE | Tor’s traffic | Recall = 94% |
| Pcap file |
|
| [20] | Deep learning | Multi-modal DL (1D-CNN, LSTM/GRU) | Heterogeneous input data, session | iOS apps acc = 82.99% |
|
| [21] | Deep learning | Deep-full-range | 30 bytes × 30 bytes two-dimensional image | Identify and classify encrypted traffic |
|
| [22] | Deep learning | FS-Net | Packet length sequences | 99.14% TPR, 0.05% FPR, and 0.9906 FTF |
|
| [23] | Deep learning | CNN and Resnet | Two-dimensional image | Classify network traffic without the intervention of the network operator |
|
| [24] | Few-shot learning | OpenCBD | ALL layer + session two-dimensional image | 9-class classification is over 72% |
|
| [25] | Few-shot learning | GCN | KNN graphs | Obtain higher classification performance with only very few labeled data |
|
| [26] | Few-shot learning | 1-D CNN | Raw traffic data | Use only 20 samples per class accuracy:98% |
|
