Machine Learning for PQUIC plugins identification

Network visibility is an important aspect for a network administrator and also for a network operator. Being able to identify properly the different protocols or applications that are used in a network traffic, can be helpful not only for network management but also for the detection of intrusion. Many researches have been performed to classify efficiently the network protocols. Some are based on the protocol port number located in the protocol header and others on the protocol fingerprint in the payload. Both techniques have shown inaccurate results. The most common approach used nowadays is Machine learning. The works performed using this technique, for the protocol classification, show accurate results till now. In this thesis, we used machine learning algorithms to identify extensions of a protocol in a network. We have worked on the Pluginizing QUIC (PQUIC) framework, where we identified different plugins enabled. We based the classification on two different datasets. We built two datasets. The first is based on network statistics aggregated per flow. The second dataset is built considering the logs of QUIC protocol during the communication between the client and server. We performed several machine learning algorithms on both datasets separately. The learned models obtained interesting accuracies. Nevertheless, one of the plugins is difficult to distinguish when instances without any plugin enabled are considered in the datasets