QUIC, a new and increasingly used transport protocol, enhances TCP by offering improved security, performance, and stream multiplexing. These features, however, also impose challenges for network middle-boxes that need to monitor and analyze web traffic. This paper proposes a novel method to estimate the number of HTTP/3 responses in a given QUIC connection by an observer. This estimation reveals server behavior, client-server interactions, and data transmission efficiency, which is crucial for various applications such as designing a load balancing solution and detecting HTTP/3 flood attacks. The proposed scheme transforms QUIC connection traces into image sequences and uses machine learning (ML) models, guided by a tailored loss function, to predict response counts. Evaluations on more than seven million images-derived from 100,000 traces collected across 44,000 websites over four months-achieve up to 97% accuracy in both known and unknown server settings and 92% accuracy on previously unseen complete QUIC traces.

翻译：QUIC作为一种新兴且日益普及的传输协议，通过增强安全性、提升性能及支持流复用机制改进了TCP协议。然而，这些特性也为需要监控与分析网络流量的中间设备带来了挑战。本文提出一种创新方法，使观测者能够估算给定QUIC连接中的HTTP/3响应数量。该估算可揭示服务器行为、客户端-服务器交互及数据传输效率，对于设计负载均衡方案和检测HTTP/3洪水攻击等应用至关重要。所提方案将QUIC连接轨迹转换为图像序列，并采用基于定制损失函数的机器学习模型进行响应数量预测。通过对四个月内从44,000个网站采集的100,000条轨迹生成的七百余万张图像进行评估，该方法在已知与未知服务器环境中均达到97%的准确率，在未见过的完整QUIC轨迹上亦实现92%的准确率。