Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Estimating the Number of HTTP/3 Responses in QUIC Using Deep Learning

Barak Gahtan, Robert J. Shahla, Reuven Cohen, Alex M. Bronstein

TL;DR

This work tackles estimating the number of HTTP/3 responses in a QUIC connection from a passive observer. It introduces DecQUIC, which converts QUIC traces into RGB images of time-windowed histograms and trains a CNN-GRU-attention model using a novel discrete regression loss $L = \alpha\mathrm{FL} + (1-\alpha)(\beta\mathrm{ORL} + (1-\beta)\mathrm{DBL})$ to predict per-window response counts. On a large-scale dataset of over $10^5$ traces and more than $7$ million labeled images, the method achieves up to $97\%$ accuracy in known/unknown server settings and $92.6\%$ accuracy for total per-trace counts, demonstrating robust generalization and practical utility for tasks like load balancing and flood-attack detection. The results highlight the benefit of fine-grained, directional, and density features from RGB representations and the importance of window length on per-window versus per-trace accuracy, offering a flexible solution for real-world QUIC traffic analysis.

Abstract

QUIC, a new and increasingly used transport protocol, enhances TCP by offering improved security, performance, and stream multiplexing. These features, however, also impose challenges for network middle-boxes that need to monitor and analyze web traffic. This paper proposes a novel method to estimate the number of HTTP/3 responses in a given QUIC connection by an observer. This estimation reveals server behavior, client-server interactions, and data transmission efficiency, which is crucial for various applications such as designing a load balancing solution and detecting HTTP/3 flood attacks. The proposed scheme transforms QUIC connection traces into image sequences and uses machine learning (ML) models, guided by a tailored loss function, to predict response counts. Evaluations on more than seven million images-derived from 100,000 traces collected across 44,000 websites over four months-achieve up to 97% accuracy in both known and unknown server settings and 92% accuracy on previously unseen complete QUIC traces.

Estimating the Number of HTTP/3 Responses in QUIC Using Deep Learning

TL;DR

This work tackles estimating the number of HTTP/3 responses in a QUIC connection from a passive observer. It introduces DecQUIC, which converts QUIC traces into RGB images of time-windowed histograms and trains a CNN-GRU-attention model using a novel discrete regression loss to predict per-window response counts. On a large-scale dataset of over traces and more than million labeled images, the method achieves up to accuracy in known/unknown server settings and accuracy for total per-trace counts, demonstrating robust generalization and practical utility for tasks like load balancing and flood-attack detection. The results highlight the benefit of fine-grained, directional, and density features from RGB representations and the importance of window length on per-window versus per-trace accuracy, offering a flexible solution for real-world QUIC traffic analysis.

Abstract

QUIC, a new and increasingly used transport protocol, enhances TCP by offering improved security, performance, and stream multiplexing. These features, however, also impose challenges for network middle-boxes that need to monitor and analyze web traffic. This paper proposes a novel method to estimate the number of HTTP/3 responses in a given QUIC connection by an observer. This estimation reveals server behavior, client-server interactions, and data transmission efficiency, which is crucial for various applications such as designing a load balancing solution and detecting HTTP/3 flood attacks. The proposed scheme transforms QUIC connection traces into image sequences and uses machine learning (ML) models, guided by a tailored loss function, to predict response counts. Evaluations on more than seven million images-derived from 100,000 traces collected across 44,000 websites over four months-achieve up to 97% accuracy in both known and unknown server settings and 92% accuracy on previously unseen complete QUIC traces.
Paper Structure (9 sections, 4 equations, 7 figures, 4 tables)

This paper contains 9 sections, 4 equations, 7 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. DecQUIC Framework
  4. A Discrete Regression Loss Function
  5. Evaluating the Machine Learning Models
  6. Results for Known Web Servers
  7. Results for Unknown Web Servers
  8. Evaluating on Complete Traces
  9. Conclusion

Figures (7)

  • Figure 1: A DecQUIC image, representing QUIC connection activity. Pixel positions represent histogram bins (horizontal and vertical axes corresponding to time and packet length, respectively). The values of the red and green channels represent normalized, per-window, histogram counts of the response and request packets, respectively.
  • Figure 2: Three DecQUIC images with their HTTP/3 response counts. Even visually similar images may differ in labels.
  • Figure 3: Response distribution for training and evaluation datasets with a $T=0.1$-second window.
  • Figure 4: The proposed DecQUIC neural network architecture.
  • Figure 5: Known-server prediction errors (iteration 1). Red lines: median; blue boxes: 25–75% intervals.
  • ...and 2 more figures