Your search keyword '"Traffic classification"' showing total 2,784 results

1. Enhanced Machine Learning Based Network Traffic Detection Model for IoT Network.

Author

Alzyoud, Mazen, Al-shanableh, Najah, Nashnush, Eman, Shboul, Rabah, Alazaidah, Raed, Samara, Ghassan, and Alhusban, Safaa

Subjects

COMPUTER network traffic, MACHINE learning, CYBERTERRORISM, COMPUTER network security, INTERNET security, INTRUSION detection systems (Computer security), BOTNETS

Abstract

Ensuring the security of networks is a significant hurdle in the rollout of the Internet of Things (IoT). A widely used protocol in the IoT ecosystem is message queuing telemetry transport (MQTT), which is based on the published-subscribe model. IoT manufacturers are expected to expand their usage of the MQTT protocol, which is expected to increase the number of cyber security threats against the protocol. IoT settings are crucial to overcoming scalability and computing resource issues and minimizing the characteristics needed for categorization. Machine learning (ML) is extensively used in traffic categorization and intrusion detection. This study proposes a ML-based network traffic detection model (MLNTDM) to enhance IoT application layer attack detection. The proposed architecture for the MQTT protocol is evaluated based on its effectiveness in detecting malicious attacks and how these affect various MQTT brokers. This study focuses on low-power-consuming ML algorithms for detecting IoT botnet offenses and identifying typical attacks and their responses. With this framework, each network flow provides information that can help identify the source of generated traffic and network assaults. Results from our approach, as shown in the experiment, prove more accuracy. [ABSTRACT FROM AUTHOR]

Published

2024

2. STC-BERT (Satellite Traffic Classification-BERT): A Traffic Classification Model for Low-Earth-Orbit Satellite Internet Systems.

Author

Liu, Kexuan, Zhang, Yasheng, and Lu, Shan

Subjects

NETWORK performance, QUALITY of service, CONTEXTUAL learning, INTERNET, GENERALIZATION

Abstract

The low-Earth-orbit satellite internet supports the transmission of multiple business types. With increasing business volume and advancements in encryption technology, the quality of service faces challenges. Traditional models lack flexibility in optimizing network performance and ensuring service quality, particularly showing poor performance in identifying encrypted traffic. Therefore, designing a model that can accurately identify multiple business scenarios as well as encrypted traffic with strong generalization capabilities is a challenging issue to resolve. In this paper, addressing the characteristics of diverse low-Earth-orbit satellite traffic and encryption, the authors propose STC-BERT (satellite traffic classification-BERT). During the pretraining phase, this model learns contextual relationships of large-scale unlabeled traffic data, while in the fine-tuning phase, it utilizes a semantic-enhancement algorithm to highlight the significance of key tokens. Post semantic enhancement, a satellite traffic feature fusion module is introduced to integrate tokens into specific low-dimensional scales and achieve final classification in fully connected layers. The experimental results demonstrate our approach's outstanding performance compared to other models: achieving 99.31% (0.2%↑) in the USTC-TFC task, 99.49% in the ISCX-VPN task, 98.44% (0.9%↑) in the Cross-Platform task, and 98.19% (0.8%↑) in the CSTNET-TLS1.3 task. [ABSTRACT FROM AUTHOR]

Published

2024

3. ANALYSIS OF AN ENHANCED RANDOM FOREST ALGORITHM FOR IDENTIFYING ENCRYPTED NETWORK TRAFFIC.

Author

Xiaoqing Yang, Angkawisittpan, Niwat, and Xinyue Feng

Subjects

*RANDOM forest algorithms, *MACHINE learning, *ARTIFICIAL intelligence, *INTERNET security, *DECISION making

Abstract

The focus of this paper is to apply an improved machine learning algorithm to realize the efficient and reliable identification and classification of network communication encrypted traffic, and to solve the challenges faced by traditional algorithms in analyzing encrypted traffic after adding encryption protocols. In this study, an enhanced random forest (ERF) algorithm is introduced to optimize the accuracy and efficiency of the identification and classification of encrypted network traffic. Compared with traditional methods, it aims to improve the identification ability of encrypted traffic and fill the knowledge gap in this field. Using the publicly available datasets and preprocessing the original PCAP format packets, the optimal combination of the relevant parameters of the tree was determined by grid search cross-validation, and the experimental results were evaluated in terms of performance using accuracy, precision, recall and F1 score, which showed that the average precision was more than 98 %, and that compared with the traditional algorithm, the error rate of the traffic test set was reduced, and the data of each performance evaluation index were better, which It shows that the advantages of the improved algorithm are obvious. In the experiment, the enhanced random forest and traditional random forest models were trained and tested on a series of data sets and the corresponding test errors were listed as the basis for judging the model quality. The experimental results show that the enhanced algorithm has good competitiveness. These findings have implications for cybersecurity professionals, researchers, and organizations, providing a practical solution to enhance threat detection and data privacy in the face of evolving encryption technologies. This study provides valuable insights for practitioners and decision-makers in the cybersecurity field. [ABSTRACT FROM AUTHOR]

Published

2024

4. Software defined networking based network traffic classification using machine learning techniques

Author

Ayodeji Olalekan Salau and Melesew Mossie Beyene

Subjects

Software defined networking, Machine learning, Traffic classification, Quality of service, Medicine, Science

Abstract

Abstract The classification of network traffic has become increasingly crucial due to the rapid growth in the number of internet users. Conventional approaches, such as identifying traffic based on port numbers and payload inspection are becoming ineffective due to the dynamic and encrypted nature of modern network traffic. A number of researchers have implemented Software Defined Networking (SDN) based traffic classification using Machine Learning (ML) and Deep Learning (DL) models. However, the studies had various limitations such as encrypted traffic detection, payload inspection, poor detection accuracy, and challenges with testing models both in offline and real-time traffic modes. ML models together with SDN are adopted nowadays to enhance classification performance. In this paper, both supervised (Logistic Regression, Decision Tree, Random Forest, AdaBoost, and Support Vector Machine) and unsupervised (K-means clustering) ML models were used to classify Domain Name System (DNS), Telnet, Ping, and Voice traffic flows simulated using the Distributed Internet Traffic Generator (D-ITG) tool. The use of this tool effectively manages and classifies traffic types based on their application. The study discussed the dataset used, model selection, implementation of the model, and implementation techniques (such as pre-processing, feature extraction, ML algorithm, and model evaluation metrics). The proposed model in SDN was implemented in Mininet for designing the network architecture and generating network traffic. Anaconda Python environment was utilized for traffic classification using various ML techniques. Among the models tested, the Decision Tree supervised learning achieved the highest accuracy of 99.81%, outperforming other supervised and unsupervised learning algorithms. These results indicate that the integration of ML with SDN provides an efficient classification method for identifying and accurately classifying both offline and real-time network traffic, enhanced quality of service (QoS), detection of encrypted packets, deep packet inspection and management.

Published

2024

5. Transfer learning with ResNet50 for malicious domains classification using image visualization

Author

Fikirte Ayalke Demmese, Shaghayegh Shajarian, and Sajad Khorsandroo

Subjects

Traffic classification, Domain name system (DNS), Image visualization, Transfer learning, Malicious domains, Computational linguistics. Natural language processing, P98-98.5, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract The Internet has become a vital part of our daily lives, serving as a hub for global connectivity and a facilitator for seamless communication and information exchange. However, the rise of malicious domains presents a serious challenge, undermining the reliability of the Internet and posing risks to user safety. These malicious activities exploit the Domain Name System (DNS) to deceive users, leading to harmful activities such as spreading drive-by-download malware, operating botnets, creating phishing sites, and sending spam. In response to this growing threat, the application of Machine Learning (ML) techniques has proven to be highly effective. These methods excel in quickly and accurately detecting, classifying, and analyzing such threats. This paper explores the latest developments in using transfer learning for the classification of malicious domains, with a focus on image visualization as a key methodological approach. Our proposed solution has achieved a remarkable testing accuracy rate of 98.67%, demonstrating its effectiveness in detecting and classifying malicious domains.

Published

2024

6. ITC-Net-blend-60: a comprehensive dataset for robust network traffic classification in diverse environments

Author

Marziyeh Bayat, Javad Garshasbi, Mozhgan Mehdizadeh, Neda Nozari, Abolghasem Rezaei Khesal, Maryam Dokhaei, and Mehdi Teimouri

Subjects

Network traffic analysis, Traffic classification, Application identification, Mobile-app fingerprinting, Encrypted traffic, Android applications, Medicine, Biology (General), QH301-705.5, Science (General), Q1-390

Abstract

Abstract Objectives Recognition of mobile applications within encrypted network traffic holds considerable effects across multiple domains, encompassing network administration, security, and digital marketing. The creation of network traffic classifiers capable of adjusting to dynamic and unforeseeable real-world settings presents a tremendous challenge. Presently available datasets exclusively encompass traffic data obtained from a singular network environment, thereby restricting their utility in evaluating the robustness and compatibility of a given model. Data description This dataset was gathered from 60 popular Android applications in five different network scenarios, with the intention of overcoming the limitations of previous datasets. The scenarios were the same in the applications set but differed in terms of Internet service provider (ISP), geographic location, device, application version, and individual users. The traffic was generated through real human interactions on physical devices for 3–15 min. The method used to capture the traffic did not require root privileges on mobile phones and filtered out any background traffic. In total, the collected dataset comprises over 48 million packets, 450K bidirectional flows, and 36 GB of data.

Published

2024

7. Software defined networking based network traffic classification using machine learning techniques.

Author

Salau, Ayodeji Olalekan and Beyene, Melesew Mossie

Subjects

*COMPUTER network traffic, *SOFTWARE-defined networking, *MACHINE learning, *DEEP packet inspection (Computer security), *INTERNET traffic, *INTERNET domain naming system

Abstract

The classification of network traffic has become increasingly crucial due to the rapid growth in the number of internet users. Conventional approaches, such as identifying traffic based on port numbers and payload inspection are becoming ineffective due to the dynamic and encrypted nature of modern network traffic. A number of researchers have implemented Software Defined Networking (SDN) based traffic classification using Machine Learning (ML) and Deep Learning (DL) models. However, the studies had various limitations such as encrypted traffic detection, payload inspection, poor detection accuracy, and challenges with testing models both in offline and real-time traffic modes. ML models together with SDN are adopted nowadays to enhance classification performance. In this paper, both supervised (Logistic Regression, Decision Tree, Random Forest, AdaBoost, and Support Vector Machine) and unsupervised (K-means clustering) ML models were used to classify Domain Name System (DNS), Telnet, Ping, and Voice traffic flows simulated using the Distributed Internet Traffic Generator (D-ITG) tool. The use of this tool effectively manages and classifies traffic types based on their application. The study discussed the dataset used, model selection, implementation of the model, and implementation techniques (such as pre-processing, feature extraction, ML algorithm, and model evaluation metrics). The proposed model in SDN was implemented in Mininet for designing the network architecture and generating network traffic. Anaconda Python environment was utilized for traffic classification using various ML techniques. Among the models tested, the Decision Tree supervised learning achieved the highest accuracy of 99.81%, outperforming other supervised and unsupervised learning algorithms. These results indicate that the integration of ML with SDN provides an efficient classification method for identifying and accurately classifying both offline and real-time network traffic, enhanced quality of service (QoS), detection of encrypted packets, deep packet inspection and management. [ABSTRACT FROM AUTHOR]

Published

2024

8. Transfer learning with ResNet50 for malicious domains classification using image visualization.

Author

Demmese, Fikirte Ayalke, Shajarian, Shaghayegh, and Khorsandroo, Sajad

Subjects

INTERNET domain naming system, IMAGE recognition (Computer vision), SPAM email, BOTNETS, PHISHING prevention, MACHINE learning

Abstract

The Internet has become a vital part of our daily lives, serving as a hub for global connectivity and a facilitator for seamless communication and information exchange. However, the rise of malicious domains presents a serious challenge, undermining the reliability of the Internet and posing risks to user safety. These malicious activities exploit the Domain Name System (DNS) to deceive users, leading to harmful activities such as spreading drive-by-download malware, operating botnets, creating phishing sites, and sending spam. In response to this growing threat, the application of Machine Learning (ML) techniques has proven to be highly effective. These methods excel in quickly and accurately detecting, classifying, and analyzing such threats. This paper explores the latest developments in using transfer learning for the classification of malicious domains, with a focus on image visualization as a key methodological approach. Our proposed solution has achieved a remarkable testing accuracy rate of 98.67%, demonstrating its effectiveness in detecting and classifying malicious domains. [ABSTRACT FROM AUTHOR]

Published

2024

9. Streaming traffic classification: a hybrid deep learning and big data approach.

Author

Seydali, Mehdi, Khunjush, Farshad, and Dogani, Javad

Subjects

*COMPUTER network traffic, *TRAFFIC patterns, *TRAFFIC congestion, *TRAFFIC speed, *DATA encryption, *DEEP learning

Abstract

Massive amounts of real-time streaming network data are generated quickly because of the exponential growth of applications. Analyzing patterns in generated flow traffic streaming offers benefits in reducing traffic congestion, enhancing network management, and improving the quality of service management. Processing massive volumes of generated traffic poses more challenges when data traffic encryption is raised. Classifying encrypted network traffic in real-time with deep learning networks has received attention because of their excellent performance. The substantial volume of incoming packets, characterized by high speed and wide variety, puts real-time traffic classification within the domain of big data problems. Classifying traffic with high speed and accuracy is a significant challenge in the era of big data. The real-time nature of traffic intensifies deep learning networks, necessitating a considerable number of parameters, layers, and resources for optimal network training. Until now, various datasets have been employed to evaluate the effectiveness of previous methods for classifying encrypted traffic. The primary objective has been to enhance accuracy, precision, and F1-measure. Presently, encrypted traffic classification performance depends on pre-existing datasets. The learning and testing phases are done offline, and more research is needed to investigate the feasibility of these methods in real-world scenarios. This paper examines the possibility of a tradeoff between evaluating the model's effectiveness, execution time, and utilization of processing resources when processing stream-based input data for traffic classification. We aim to explore the feasibility of establishing a tradeoff between these factors and determining optimal parameter settings. This paper used the ISCX VPN-Non VPN 2016 public dataset to evaluate the proposed method. All packets from the dataset were streamed continuously through Apache Kafka to the classification framework. Numerous experiments have been designed to demonstrate the efficacy of the proposed method. The experimental results show that the proposed method outperforms the baseline methods by 11% in the F1-measure when the number of workers is two and by 25% when the number of workers is equal to 32. [ABSTRACT FROM AUTHOR]

Published

2024

10. Machine Learning in Cybersecurity: Advanced Detection and Classification Techniques for Network Traffic Environments.

Author

El Hajj Hassan, Samer and Nghia Duong-Trung

Subjects

COMPUTER network traffic, MACHINE learning, DIGITAL technology, ANOMALY detection (Computer security), CYBERTERRORISM

Abstract

In the digital age, the integrity of business operations and the smoothness of their execution heavily depend on cybersecurity and network efficiency. The need for robust solutions to prevent cyber threats and enhance network functionality has never been more critical. This research aims to utilize machine learning (ML) techniques for the meticulous analysis of network traffic, with the dual goals of detecting anomalies and categorizing network activities to bolster security and performance. Employing a detailed methodology, this study begins with data preparation and progresses through to the deployment of advanced ML models, including logistic regression, decision trees, and ensemble learning techniques. This approach ensures the accuracy of the analysis and facilitates a nuanced understanding of network dynamics. Our findings indicate a notable enhancement in identifying network inefficiencies and in the more accurate classification of network traffic. The application of ML models significantly reduces network delays and bottlenecks by providing a strong defence strategy against cyber threats and network shortcomings, thereby improving user satisfaction, and boosting the organizational reputation as a secure and effective service layer. Conclusively, the research highlights the pivotal role of machine learning in network traffic analysis, offering innovative insights and fresh perspectives on anomaly detection and the identification of malicious activities. It lays a foundation for future explorations and acts as an evaluation benchmark in the fields of cybersecurity and network management. [ABSTRACT FROM AUTHOR]

Published

2024

11. Adversarial attack defense algorithm based on convolutional neural network.

Author

Zhang, Chengyuan and Wang, Ping

Subjects

*CONVOLUTIONAL neural networks, *COMPUTER network traffic

Abstract

To improve the defense of CNN network traffic classifiers against adversarial sample attacks, the author proposes a batch adversarial training method that utilizes the characteristics of backpropagation errors during the training process, and completing both sample gradient and parameter gradient calculations in one backpropagation process can significantly improve training efficiency. Meanwhile, since the adversarial samples used for training are generated on the target model, they can effectively defend against white box attacks. The author proposes an enhanced adversarial training method to further defend against black box attacks and overcome the transferability of adversarial samples. Using multiple models to generate adversarial samples with inconsistent sample gradients increases the diversity of adversarial samples and enhances the ability to defend against black box attacks. Through experiments on the actual traffic dataset USTC-TFC2016, we generate network traffic for adversarial samples to simulate attacks. With classification accuracy rates for FGSM adversarial samples of 49.72% and 54.32%, respectively, the experimental results show that the enhanced adversarial approach proposed by the author has a more vital ability to defend adversarial samples than defense distillation and adversarial sample detection. The classification accuracy of enhanced adversarial training can reach 75.37%, significantly higher than defense distillation and adversarial sample detection. The authors suggested adversarial training strategy can successfully improve CNN traffic classifiers' defense capabilities. [ABSTRACT FROM AUTHOR]

Published

2024

12. ITC-Net-blend-60: a comprehensive dataset for robust network traffic classification in diverse environments.

Author

Bayat, Marziyeh, Garshasbi, Javad, Mehdizadeh, Mozhgan, Nozari, Neda, Rezaei Khesal, Abolghasem, Dokhaei, Maryam, and Teimouri, Mehdi

Subjects

*COMPUTER network traffic, *INTERNET service providers, *MOBILE apps, *SOCIAL interaction, *CLASSIFICATION

Abstract

Objectives: Recognition of mobile applications within encrypted network traffic holds considerable effects across multiple domains, encompassing network administration, security, and digital marketing. The creation of network traffic classifiers capable of adjusting to dynamic and unforeseeable real-world settings presents a tremendous challenge. Presently available datasets exclusively encompass traffic data obtained from a singular network environment, thereby restricting their utility in evaluating the robustness and compatibility of a given model. Data description: This dataset was gathered from 60 popular Android applications in five different network scenarios, with the intention of overcoming the limitations of previous datasets. The scenarios were the same in the applications set but differed in terms of Internet service provider (ISP), geographic location, device, application version, and individual users. The traffic was generated through real human interactions on physical devices for 3–15 min. The method used to capture the traffic did not require root privileges on mobile phones and filtered out any background traffic. In total, the collected dataset comprises over 48 million packets, 450K bidirectional flows, and 36 GB of data. [ABSTRACT FROM AUTHOR]

Published

2024

13. Encrypted Network Traffic Analysis and Classification Utilizing Machine Learning.

Author

Alwhbi, Ibrahim A., Zou, Cliff C., and Alharbi, Reem N.

Subjects

*COMPUTER network traffic, *MACHINE learning, *CLASSIFICATION, *INTERNET traffic, *MOBILE apps, *DATA transmission systems

Abstract

Encryption is a fundamental security measure to safeguard data during transmission to ensure confidentiality while at the same time posing a great challenge for traditional packet and traffic inspection. In response to the proliferation of diverse network traffic patterns from Internet-of-Things devices, websites, and mobile applications, understanding and classifying encrypted traffic are crucial for network administrators, cybersecurity professionals, and policy enforcement entities. This paper presents a comprehensive survey of recent advancements in machine-learning-driven encrypted traffic analysis and classification. The primary goals of our survey are two-fold: First, we present the overall procedure and provide a detailed explanation of utilizing machine learning in analyzing and classifying encrypted network traffic. Second, we review state-of-the-art techniques and methodologies in traffic analysis. Our aim is to provide insights into current practices and future directions in encrypted traffic analysis and classification, especially machine-learning-based analysis. [ABSTRACT FROM AUTHOR]

Published

2024

14. A Framework for Intelligent Generation of Intrusion Detection Rules Based on Grad-CAM

Author

Wang, Xingyu, Bao, Huaifeng, Li, Wenhao, Chen, Haoning, Wang, Wen, Liu, Feng, Hartmanis, Juris, Founding Editor, van Leeuwen, Jan, Series Editor, Hutchison, David, Editorial Board Member, Kanade, Takeo, Editorial Board Member, Kittler, Josef, Editorial Board Member, Kleinberg, Jon M., Editorial Board Member, Kobsa, Alfred, Series Editor, Mattern, Friedemann, Editorial Board Member, Mitchell, John C., Editorial Board Member, Naor, Moni, Editorial Board Member, Nierstrasz, Oscar, Series Editor, Pandu Rangan, C., Editorial Board Member, Sudan, Madhu, Series Editor, Terzopoulos, Demetri, Editorial Board Member, Tygar, Doug, Editorial Board Member, Weikum, Gerhard, Series Editor, Vardi, Moshe Y, Series Editor, Goos, Gerhard, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Franco, Leonardo, editor, de Mulatier, Clélia, editor, Paszynski, Maciej, editor, Krzhizhanovskaya, Valeria V., editor, Dongarra, Jack J., editor, and Sloot, Peter M. A., editor

Published

2024

15. An Intrusion Detection System Using Vision Transformer for Representation Learning

Author

Ban, Xinbo, Liu, Ao, He, Long, Gong, Li, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Yang, Haomiao, editor, and Lu, Rongxing, editor

Published

2024

16. The Attention-Based Autoencoder for Network Traffic Classification with Interpretable Feature Representation.

Author

Cui, Jun, Bai, Longkun, Zhang, Xiaofeng, Lin, Zhigui, and Liu, Qi

Subjects

*COMPUTER network traffic, *NETWORK performance, *CLASSIFICATION

Abstract

Network traffic classification is crucial for identifying network applications and defending against network threats. Traditional traffic classification approaches struggle to extract structural features and suffer from poor interpretability of feature representations. The high symmetry between network traffic classification and its interpretable feature representation is vital for network traffic analysis. To address these issues, this paper proposes a traffic classification and feature representation model named the attention mechanism autoencoder (AMAE). The AMAE model extracts the global spatial structural features of network traffic through attention mechanisms and employs an autoencoder to extract local structural features and perform dimensionality reduction. This process maps different network traffic features into one-dimensional coordinate systems in the form of spectra, termed FlowSpectrum. The spectra of different network traffic represent different intervals in the coordinate system. This paper tests the interpretability and classification performance of network traffic features of the AMAE model using the ISCX-VPN2016 dataset. Experimental results demonstrate that by analyzing the overall distribution of attention weights and local weight values of network traffic, the model effectively explains the differences in the spectral representation intervals of different types of network traffic. Furthermore, our approach achieves the highest classification accuracy of up to 100% for non-VPN-encrypted traffic and 99.69% for VPN-encrypted traffic, surpassing existing traffic classification schemes. [ABSTRACT FROM AUTHOR]

Published

2024

17. A Novel Traffic Classification Approach by Employing Deep Learning on Software-Defined Networking.

Author

Nuñez-Agurto, Daniel, Fuertes, Walter, Marrone, Luis, Benavides-Astudillo, Eduardo, Coronel-Guerrero, Christian, and Perez, Franklin

Subjects

DEEP learning, SOFTWARE-defined networking, TECHNOLOGICAL innovations, INFRASTRUCTURE (Economics), CLASSIFICATION, QUALITY of service, COMMUNICATION infrastructure

Abstract

The ever-increasing diversity of Internet applications and the rapid evolution of network infrastructure due to emerging technologies have made network management more challenging. Effective traffic classification is critical for efficiently managing network resources and aligning with service quality and security demands. The centralized controller of software-defined networking provides a comprehensive network view, simplifying traffic analysis and offering direct programmability features. When combined with deep learning techniques, these characteristics enable the incorporation of intelligence into networks, leading to optimization and improved network management and maintenance. Therefore, this research aims to develop a model for traffic classification by application types and network attacks using deep learning techniques to enhance the quality of service and security in software-defined networking. The SEMMA method is employed to deploy the model, and the classifiers are trained with four algorithms, namely LSTM, BiLSTM, GRU, and BiGRU, using selected features from two public datasets. These results underscore the remarkable effectiveness of the GRU model in traffic classification. Hence, the outcomes achieved in this research surpass state-of-the-art methods and showcase the effectiveness of a deep learning model within a traffic classification in an SDN environment. [ABSTRACT FROM AUTHOR]

Published

2024

18. Intelligent model for the detection and classification of encrypted network traffic in cloud infrastructure.

Author

Dawood, Muhammad, Xiao, Chunagbai, Tu, Shanshan, Alotaibi, Faiz Abdullah, Alnfiai, Mrim M., and Farhan, Muhammad

Subjects

COMPUTER network traffic, COMMUNICATION infrastructure, INTERNET domain naming system, SECURE Sockets Layer (Computer network protocol), RADIAL basis functions, INTELLIGENT transportation systems, COMPUTER networks

Abstract

This article explores detecting and categorizing network traffic data using machine-learning (ML) methods, specifically focusing on the Domain Name Server (DNS) protocol. DNS has long been susceptible to various security flaws, frequently exploited over time, making DNS abuse a major concern in cybersecurity. Despite advanced attack, tactics employed by attackers to steal data in real-time, ensuring security and privacy for DNS queries and answers remains challenging. The evolving landscape of internet services has allowed attackers to launch cyber-attacks on computer networks. However, implementing Secure Socket Layer (SSL)-encrypted Hyper Text Transfer Protocol (HTTP) transmission, known as HTTPS, has significantly reduced DNS-based assaults. To further enhance security and mitigate threats like man-in-the-middle attacks, the security community has developed the concept of DNS over HTTPS (DoH). DoH aims to combat the eavesdropping and tampering of DNS data during communication. This study employs a ML-based classification approach on a dataset for traffic analysis. The AdaBoost model effectively classified Malicious and Non-DoH traffic, with accuracies of 75% and 73% for DoH traffic. The support vector classification model with a Radial Basis Function (SVC-RBF) achieved a 76% accuracy in classifying between malicious and non-DoH traffic. The quadratic discriminant analysis (QDA) model achieved 99% accuracy in classifying malicious traffic and 98% in classifying non-DoH traffic. [ABSTRACT FROM AUTHOR]

Published

2024

19. Hybrid intelligent feature selector framework for darknet traffic classification.

Author

Sharma, Manoj, Kumar, Naresh, Singh, Vijay Pal, Madan, Charanjeet, and Sarowa, Sandeep

Abstract

With the rapid growth in the internet traffic, analysis and exploration of traffic classification has become more challenging task especially for dark net or dark web. Darknet, within the confines of deep web, has been witnessing illegitimate doings such as drug trafficking, terrorism, betting etc. Hence classification of darknet traffic is an important task. This paper presents intelligent framework for the darknet traffic categorization with proposed hybrid feature selector. The darknet traffic consists of data packet related information as input predictors for the model. Twenty-one machine learning models with and without feature selectors are presented to categorize the darknet traffic. We propose a Hybrid LASSO-Random Forest (HLRF) feature selector to reduce feature dimensionality. Classification of darknet traffic is evaluated with well-known KNN, Extra Tree and XGBoost classifiers. The performance of proposed models was assessed in terms of Accuracy, Precision, Recall, Harmonic Mean Value of True Positive Value (TPV) and Positive Predicted Value (PPV), Matthews Corelation Coefficients (MCC) and Jaccard Score. The experimental results approve that XGBoost with proposed HLRF feature selector outperforms in categorization of darknet traffic. The results revel that proposed XGBoost-HLRF model obtain an accuracy and recall value of 98.10% with precision of 98.12%. Comparison of XGBoost-HLRF model with other proposed state of art models are presented for performance assessment of our model. [ABSTRACT FROM AUTHOR]

Published

2024

20. A Reinforcement Learning-Based Traffic Engineering Algorithm for Enterprise Network Backbone Links.

Author

Cheng, Haixiu, Luo, Yingxin, Zhang, Ling, and Liao, Zhiwen

Subjects

TRAFFIC engineering, SPINE, ALGORITHMS, TRAFFIC flow, USER experience, REINFORCEMENT learning

Abstract

Large enterprise networks typically rely on expensive, high-speed backbone links to connect multiple campuses across diverse regions. As the volume of traffic traversing these backbone links increases, traffic engineering techniques are employed to filter or redirect traffic flows. Nevertheless, simple rerouting strategies can introduce business disruptions such as packet reordering, which significantly impact the user experience. To address this issue, we introduce an enhanced traffic scheduling algorithm named Critical Flow Rerouting with Weight- Reinforcement Learning(CFRW-RL), which builds upon the critical flow rerouting-reinforcement learning (CFR-RL) algorithm. CFRW-RL incorporates the principles of reinforcement learning, accounting for both the weights and classifications of data flows. This approach enables the algorithm to prioritize flows with lower weights for rerouting. The simulation results demonstrate that CFRW-RL significantly minimizes the rerouting of high-priority business flows and reduces business interference compared with the CFR-RL algorithm and that it maintains a similar computational complexity. [ABSTRACT FROM AUTHOR]

Published

2024

21. Pipelined Decision Trees for Online Traffic Classification on FPGAs.

Author

Erdem, Oğuzhan, Soylu, Tuncay, and Carus, Aydın

Abstract

Decision tree (DT)-based machine learning (ML) algorithms are one of the preferred solutions for real-time internet traffic classification in terms of their easy implementation on hardware. However, the rapid increase in today's newly developed applications and the resulting diversity in internet traffic greatly increases the size of DTs. Therefore, the tree-based hardware classifiers cannot keep up with this growth in terms of resource usage and classification speed. To alleviate the problem, we propose to group application classes by certain rules and create an individual small DT per each group. In this article, a pipelined organization of multiple DT data structures, called pipelined decision trees, is proposed as a scalable solution to tree-based traffic classification. We also propose two distinct algorithms, namely confusion matrix-based class aggregation and leaf count-based class aggregation algorithms, to set group creation rules that allows traffic classification on pipelined smaller DTs in a hierarchical order. We further designed an hardware engine on field programmable gate arrays, which can search those pipelined trees within a single clock cycle by transforming them into bit vectors and implementing multiple range comparisons in parallel. Our architecture with 12 classes can run in 928.88 giga bit per second and achieve 96.04% accuracy. [ABSTRACT FROM AUTHOR]

Published

2024

22. Machine Learning in Cybersecurity: Advanced Detection and Classification Techniques for Network Traffic Environments

Author

Samer El Hajj Hassan and Nghia Duong-Trung

Subjects

Machine Learning, Cybersecurity, Network Analysis, Anomaly Detection, Data Security, Traffic Classification, Computer engineering. Computer hardware, TK7885-7895, Systems engineering, TA168

Abstract

In the digital age, the integrity of business operations and the smoothness of their execution heavily depend on cybersecurity and network efficiency. The need for robust solutions to prevent cyber threats and enhance network functionality has never been more critical. This research aims to utilize machine learning (ML) techniques for the meticulous analysis of network traffic, with the dual goals of detecting anomalies and categorizing network activities to bolster security and performance. Employing a detailed methodology, this study begins with data preparation and progresses through to the deployment of advanced ML models, including logistic regression, decision trees, and ensemble learning techniques. This approach ensures the accuracy of the analysis and facilitates a nuanced understanding of network dynamics. Our findings indicate a notable enhancement in identifying network inefficiencies and in the more accurate classification of network traffic. The application of ML models significantly reduces network delays and bottlenecks by providing a strong defence strategy against cyber threats and network shortcomings, thereby improving user satisfaction, and boosting the organizational reputation as a secure and effective service layer. Conclusively, the research highlights the pivotal role of machine learning in network traffic analysis, offering innovative insights and fresh perspectives on anomaly detection and the identification of malicious activities. It lays a foundation for future explorations and acts as an evaluation benchmark in the fields of cybersecurity and network management.

Published

2024

23. Traffic data classification in SDN network based on machine learning algorithms

Author

Samah Adil and Ali Saeed Alfoudi

Subjects

Software defined network, traffic classification, machine learning., Science

Abstract

Traffic classification plays a crucial role in various domains of network management, including service measurement, architectural design, security monitoring, and advertising. Software-defined networks (SDN) is a new technology that has the potential to solve typical network problems by simplifying network management, the introduction of network programmability, and the provision of a global perspective of a network. In recent years, SDN has brought new opportunities to classify traffic. Traffic classification techniques in SDN have been investigated, proposed, and developed. This survey delves into traffic classification under SDN, which is a vital component for improving network services, administration, and security. We give an in-depth assessment of traffic categorization algorithms adapted for SDN, emphasizing the fresh opportunities and problems they present. We cover the many metrics for assessing the effectiveness of these traffic classification algorithms, such as accuracy, precision, recall, and F1 score, and we examine the numerous datasets that serve as performance benchmarks. The study also synthesizes the findings of existing research, revealing trends and the efficacy of various techniques in the context of SDN-enabled settings. This document serves as a resource for scholars and practitioners seeking to optimize traffic classification strategies by providing a complete review and assessment of existing traffic classification approaches

Published

2024

24. Solving traffic data occlusion problems in computer vision algorithms using DeepSORT and quantum computing

Author

Frank Ngeni, Judith Mwakalonge, and Saidi Siuhi

Subjects

Traffic classification, Traffic counting, DeepSORT, YOLOv5, Quantum computing, Transportation engineering, TA1001-1280

Abstract

Inaccuracies of traffic sensors during traffic counting and vehicle classification have persisted as transportation agencies have been prompted to calibrate sensors periodically. Detection of multiple objects, heavy occlusions, and similar appearances in congested places are some causes of computer vision model inaccuracies. This paper used the YOLOv5 model for detection and the DeepSORT model for tracking objects. Due to the nature of the reported problem caused by many misses and mismatches, the power of quantum computing with the alternating direction method of multipliers (ADMM) optimizer was leveraged. A basic Kalman filter and the Hungarian algorithm features were used in combination with a quantum optimizer to present robust multiple object tracking (MOT) algorithms. This hybrid combination of the classical and quantum model has fastened learning the occludes during frame matching of tracks and detections by generating minimum quantum cost function value. Comparisons with the existing models indicated a significant increase in the primary MOT metric multiple object tracking accuracy (MOTA) by 16% more than the regular YOLOv5-DeepSORT model when using a quantum optimizer. Also, a 6% multiple object tracking precision (MOTP) increases and a 6% identification metrics (F1) score increase were observed using the quantum optimizer with identity switching reduced from 6 to 4. This model is expected to assist transportation officials in improving the accuracy of traffic counts and vehicle classification and reduce the need for regular computer vision software calibration.

Published

2024

25. In-Line Any-Depth Deep Neural Networks Using P4 Switches

Author

Emilio Paolini, Lorenzo de Marinis, Davide Scano, and Francesco Paolucci

Subjects

Cyber security, deep neural networks, look-up tables, P4, traffic classification, Telecommunication, TK5101-6720, Transportation and communications, HE1-9990

Abstract

In-network function offloading using programmable data plane languages like P4 offers computational resource savings and efficient operations at the network edge. However, the deployment of ML functions in P4~switches exploiting no additional hardware remains a challenge. In this paper, we tackle the challenges in deploying Deep Neural Networks (DNNs) within programmable network devices, introducing a novel distillation based on Look-Up Tables (LUTs). The proposed method maps quantized DNNs into a cascaded arrangement of LUTs without loss in accuracy and independently of the quantized network depth. The developed approach is demonstrated in two network function use cases: a cyber security use case focused on mitigating Distributed Denial of Service attacks and a malicious activity classification task in IoT Networks. Experimental results show a trade-off between model’s accuracy, expressed in terms of F1-Score and the computational demands, influenced by bit size and number of LUTs. In addition, the latency for deploying these models ranged from 54ns to 112ns, showing the method's practical applicability in network functions.

Published

2024

26. Machine learning based fileless malware traffic classification using image visualization

Author

Fikirte Ayalke Demmese, Ajaya Neupane, Sajad Khorsandroo, May Wang, Kaushik Roy, and Yu Fu

Subjects

Network security, Traffic classification, Fileless malware, Image visualization, Machine learning, Intrusion detection, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract In today’s interconnected world, network traffic is replete with adversarial attacks. As technology evolves, these attacks are also becoming increasingly sophisticated, making them even harder to detect. Fortunately, artificial intelligence (AI) and, specifically machine learning (ML), have shown great success in fast and accurate detection, classification, and even analysis of such threats. Accordingly, there is a growing body of literature addressing how subfields of AI/ML (e.g., natural language processing (NLP)) are getting leveraged to accurately detect evasive malicious patterns in network traffic. In this paper, we delve into the current advancements in ML-based network traffic classification using image visualization. Through a rigorous experimental methodology, we first explore the process of network traffic to image conversion. Subsequently, we investigate how machine learning techniques can effectively leverage image visualization to accurately classify evasive malicious traces within network traffic. Through the utilization of production-level tools and utilities in realistic experiments, our proposed solution achieves an impressive accuracy rate of 99.48% in detecting fileless malware, which is widely regarded as one of the most elusive classes of malicious software.

Published

2023

27. Detecting malicious IoT traffic using Machine Learning techniques

Author

Bhuvana JAYARAMAN, Mirnalinee THANGA NADAR THANGA THAI, Anirudh ANAND, and Karthik Raja ANANDAN

Subjects

deep learning, exploratory data analysis, iot security, machine learning, traffic classification, Automation, T59.5, Information technology, T58.5-58.64

Abstract

Internet of Things (IoT) generates huge amount of data, that needs to communicate between the IoT enabled devices. These communications are vulnerable to security attacks and are malicious enough to cause harm to connected devices. The invasive communication and security breaches have to be identified and should be dealt with in order not to cause further damage and consequences. The objective of this work is to distinguish intentional communications from insecure communications between the IoT devices. The intentional communications can be different from the insecure communications in their patterns. Artificial intelligencebased machine learning approaches have the technologies to identify patterns of the intentional or insecure communications. In this paper, Random Forest, Decision Tree, SVM and 1DCNN have been used to discriminate patterns belonging to intended and unintended messages. To evaluate this technique, IoT-23 dataset is used, the proposed machine learning based approach obtaining a performance of 99.25% accuracy with the benchmark dataset. The proposed approach is compared with the state-of-the-art methods. It is observed that the proposed Random Forest method outperforms the existing ones with sufficient patterns to identify. To enhance the performance of the poorly performing classifiers on the imbalanced dataset, a potential solution to be applied on this dataset is also explored and proposed.

Published

2023

28. One-dimensional CNN Model of Network Traffic Classification based on Transfer Learning.

Author

Lingyun Yang, Yuning Dong, Zaijian Wang, and Feifei Gao

Subjects

COMPUTER network traffic, CONVOLUTIONAL neural networks, TECHNOLOGY transfer

Abstract

There are some problems in network traffic classification (NTC), such as complicated statistical features and insufficient training samples, which may cause poor classification effect. A NTC architecture based on one-dimensional Convolutional Neural Network (CNN) and transfer learning is proposed to tackle these problems and improve the fine-grained classification performance. The key points of the proposed architecture include: (1) Model classification--by extracting normalized rate feature set from original data, plus existing statistical features to optimize the CNN NTC model. (2) To apply transfer learning in the classification to improve NTC performance. We collect two typical network flows data from Youku and YouTube, and verify the proposed method through extensive experiments. The results show that compared with existing methods, our method could improve the classification accuracy by around 3-5%for Youku, and by about 7 to 27% for YouTube. [ABSTRACT FROM AUTHOR]

Published

2024

29. Solving traffic data occlusion problems in computer vision algorithms using DeepSORT and quantum computing.

Author

Ngeni, Frank, Mwakalonge, Judith, and Siuhi, Saidi

Subjects

TRAFFIC monitoring, VEHICLE detectors, QUANTUM computing, COMPUTER vision, COMPUTER algorithms, KALMAN filtering, TRANSPORTATION

Abstract

Inaccuracies of traffic sensors during traffic counting and vehicle classification have persisted as transportation agencies have been prompted to calibrate sensors periodically. Detection of multiple objects, heavy occlusions, and similar appearances in congested places are some causes of computer vision model inaccuracies. This paper used the YOLOv5 model for detection and the DeepSORT model for tracking objects. Due to the nature of the reported problem caused by many misses and mismatches, the power of quantum computing with the alternating direction method of multipliers (ADMM) optimizer was leveraged. A basic Kalman filter and the Hungarian algorithm features were used in combination with a quantum optimizer to present robust multiple object tracking (MOT) algorithms. This hybrid combination of the classical and quantum model has fastened learning the occludes during frame matching of tracks and detections by generating minimum quantum cost function value. Comparisons with the existing models indicated a significant increase in the primary MOT metric multiple object tracking accuracy (MOTA) by 16% more than the regular YOLOv5-DeepSORT model when using a quantum optimizer. Also, a 6% multiple object tracking precision (MOTP) increases and a 6% identification metrics (F1) score increase were observed using the quantum optimizer with identity switching reduced from 6 to 4. This model is expected to assist transportation officials in improving the accuracy of traffic counts and vehicle classification and reduce the need for regular computer vision software calibration. [ABSTRACT FROM AUTHOR]

Published

2024

30. Vision Based Classification of Nocturnal Road Traffic Using a Custom Deep Convolution Neural Network.

Author

Khalladi, Sofiane Abdelkrim, Ouessai, Asmâa, and Keche, Mokhtar

Subjects

INTELLIGENT transportation systems, CONVOLUTIONAL neural networks, ENERGY consumption, TRAFFIC engineering, TRAFFIC congestion

Abstract

Intelligent Transport Systems (ITS) have emerged as an efficient solution for enhancing road utilization efficiency, ensuring convenient and safe transportation, and reducing energy consumption. This research addresses the challenging problem of accurately estimating road traffic congestion from videos recorded in low visibility and adverse weather conditions such as rainy, overcast, and sunny weather. To solve this problem, we propose a method based on the use a custom Deep Convolutional Neural Network (DCNN) that we have designed and trained to classify nighttime road traffic videos into three distinct categories. To train and test this DCNN, we used nighttime videos from the UCSD (University of California San Diego) public dataset. For comparison, we have also tested a second method, which uses an existing CNN that we have trained on the same dataset to classify road traffic into the same three categories. The performances of the two methods were assessed and compared using the UCSD nighttime dataset. The first method achieves an impressive Correct Classification Rate (CCR) of 98.91%, which is higher than the 96.18% CCR achieved by the second method. These rates surpass the 89.47% state-of-the-art CCR obtained with this dataset. This exceptional precision in estimating road traffic congestion in challenging low visibility conditions is achieved thanks to the integration of advanced deep learning techniques and CNNs. The proposed method can be integrated as part of a traffic monitoring system, thus contributing to the advancement of Intelligent Transport Systems and their potential to create cleaner, safer, and more efficient transportation networks. [ABSTRACT FROM AUTHOR]

Published

2024

31. A robust supervised machine learning based approach for offline-online traffic classification of software-defined networking.

Author

Eissa, Menas Ebrahim, Mohamed, M. A., and Ata, Mohamed Maher

Abstract

Due to the exponential increase of internet applications and network users, network traffic classification (NTC) is a crucial study subject. It successfully improves network service identifiability and security concerns of the traffic network and provides a way that improves the Quality of services (QoS). Recently, with the emergence of software-defined networking (SDN) and its ability to get the entire network overview using a centralized controller, machine learning (ML) has been used for NTC. In this paper, an SDN QoS guarantee framework with machine learning traffic classification has been proposed. The framework includes a classification system with two stages, the offline stage, where the classifier was trained and tested, and the online stage, where dealing with the flows and testing the classifier speed is simulated using spark streaming. The result shows that the classifier successfully identifies the specific traffic application with an accuracy of 100% on the "IP-network-traffic-flows-labeled-with-87-apps" dataset and identifies the traffic type with an accuracy of 99.95% on the "ISCX-VPN-NONVPN" dataset. In addition, the classifier speed is proven to be a round 3500 record/sec and a patch duration of 917.3 ms on average with 3210 flows/Trigger. [ABSTRACT FROM AUTHOR]

Published

2024

32. Machine learning based fileless malware traffic classification using image visualization.

Author

Demmese, Fikirte Ayalke, Neupane, Ajaya, Khorsandroo, Sajad, Wang, May, Roy, Kaushik, and Fu, Yu

Subjects

IMAGE recognition (Computer vision), MACHINE learning, COMPUTER network traffic, NATURAL language processing, DENIAL of service attacks, DATA visualization, DATA modeling

Abstract

In today's interconnected world, network traffic is replete with adversarial attacks. As technology evolves, these attacks are also becoming increasingly sophisticated, making them even harder to detect. Fortunately, artificial intelligence (AI) and, specifically machine learning (ML), have shown great success in fast and accurate detection, classification, and even analysis of such threats. Accordingly, there is a growing body of literature addressing how subfields of AI/ML (e.g., natural language processing (NLP)) are getting leveraged to accurately detect evasive malicious patterns in network traffic. In this paper, we delve into the current advancements in ML-based network traffic classification using image visualization. Through a rigorous experimental methodology, we first explore the process of network traffic to image conversion. Subsequently, we investigate how machine learning techniques can effectively leverage image visualization to accurately classify evasive malicious traces within network traffic. Through the utilization of production-level tools and utilities in realistic experiments, our proposed solution achieves an impressive accuracy rate of 99.48% in detecting fileless malware, which is widely regarded as one of the most elusive classes of malicious software. [ABSTRACT FROM AUTHOR]

Published

2023

33. Indistinguishability of Traffic by Open TLS Parameters with Encrypted ClientHello.

Author

Shamsimukhametov, D. R., Kurapov, A. A., Liubogoshchev, M. V., and Khorov, E. M.

Subjects

QUALITY of service, ALGORITHMS

Abstract

Traffic Classification (TC) is a key part of many network frameworks that provide Quality of Service (QoS) for traffic. Encrypted TC algorithms often use the Server Name Indication (SNI) field, which indicates the domain name of the server to which the client establishes a connection, and which is a clear marker of the traffic category. However, the new Encrypted ClientHello (ECH) extension, which supplements the TLS 1.3 protocol significantly complicates TC because most of the messages of the TLS handshake become encrypted, including SNI. With ECH, the accuracy of TC algorithms that use open TLS parameters significantly degrades. This paper studies the indistinguishability of the encrypted traffic considering the remaining open TLS parameters. [ABSTRACT FROM AUTHOR]

Published

2023

34. Intelligent model for the detection and classification of encrypted network traffic in cloud infrastructure

Author

Muhammad Dawood, Chunagbai Xiao, Shanshan Tu, Faiz Abdullah Alotaibi, Mrim M. Alnfiai, and Muhammad Farhan

Subjects

Cloud security, Traffic classification, Intelligent model, Machine learning, SDN, Electronic computers. Computer science, QA75.5-76.95

Abstract

This article explores detecting and categorizing network traffic data using machine-learning (ML) methods, specifically focusing on the Domain Name Server (DNS) protocol. DNS has long been susceptible to various security flaws, frequently exploited over time, making DNS abuse a major concern in cybersecurity. Despite advanced attack, tactics employed by attackers to steal data in real-time, ensuring security and privacy for DNS queries and answers remains challenging. The evolving landscape of internet services has allowed attackers to launch cyber-attacks on computer networks. However, implementing Secure Socket Layer (SSL)-encrypted Hyper Text Transfer Protocol (HTTP) transmission, known as HTTPS, has significantly reduced DNS-based assaults. To further enhance security and mitigate threats like man-in-the-middle attacks, the security community has developed the concept of DNS over HTTPS (DoH). DoH aims to combat the eavesdropping and tampering of DNS data during communication. This study employs a ML-based classification approach on a dataset for traffic analysis. The AdaBoost model effectively classified Malicious and Non-DoH traffic, with accuracies of 75% and 73% for DoH traffic. The support vector classification model with a Radial Basis Function (SVC-RBF) achieved a 76% accuracy in classifying between malicious and non-DoH traffic. The quadratic discriminant analysis (QDA) model achieved 99% accuracy in classifying malicious traffic and 98% in classifying non-DoH traffic.

Published

2024

35. Traffic Classification in Software-Defined Networking by Employing Deep Learning Techniques: A Systematic Literature Review

Author

Nuñez-Agurto, Daniel, Fuertes, Walter, Marrone, Luis, Benavides-Astudillo, Eduardo, Vásquez-Bermúdez, Mitchell, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Valencia-García, Rafael, editor, Bucaram-Leverone, Martha, editor, Del Cioppo-Morstadt, Javier, editor, Vera-Lucio, Néstor, editor, and Centanaro-Quiroz, Pablo Humberto, editor

Published

2023

36. Payload Level Graph Attention Network for Web Attack Traffic Detection

Author

Bao, Huaifeng, Li, Wenhao, Wang, Xingyu, Tang, Zixian, Wang, Qiang, Wang, Wen, Liu, Feng, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Mikyška, Jiří, editor, de Mulatier, Clélia, editor, Paszynski, Maciej, editor, Krzhizhanovskaya, Valeria V., editor, Dongarra, Jack J., editor, and Sloot, Peter M.A., editor

Published

2023

37. Intelligent IoT Network Awareness

Author

Yao, Haipeng, Guizani, Mohsen, Shen, Xuemin Sherman, Series Editor, Yao, Haipeng, and Guizani, Mohsen

Published

2023

38. Performance Optimization Strategies for Big Data Applications in Distributed Framework

Author

Hussain, Mir Wajahat, Roy, Diptendu Sinha, Kacprzyk, Janusz, Series Editor, Dash, Satya Ranjan, editor, Das, Himansu, editor, Li, Kuan-Ching, editor, and Tello, Esau Villatoro, editor

Published

2023

39. Activity Detection from Encrypted Remote Desktop Protocol Traffic

Author

Lapczyk, Lukasz, Skillicorn, David, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Bella, Giampaolo, editor, Doinea, Mihai, editor, and Janicke, Helge, editor

Published

2023

40. Network Traffic Classification Based on LSTM+CNN and Attention Mechanism

Author

Liu, Kaixuan, Zhang, Yuyang, Zhang, Xiaoya, Qiao, Wenxuan, Dong, Ping, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, and Quan, Wei, editor

Published

2023

41. TraCGAN: An Efficient Traffic Classification Framework Based on Semi-supervised Learning with Deep Conventional Generative Adversarial Network

Author

Chen, Yixin, Wang, Shuai, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, and Quan, Wei, editor

Published

2023

42. Domain Adaptation with Maximum Margin Criterion with Application to Network Traffic Classification

Author

Taghiyarrenani, Zahra, Farsi, Hamed, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Koprinska, Irena, editor, Mignone, Paolo, editor, Guidotti, Riccardo, editor, Jaroszewicz, Szymon, editor, Fröning, Holger, editor, Gullo, Francesco, editor, Ferreira, Pedro M., editor, Roqueiro, Damian, editor, Ceddia, Gaia, editor, Nowaczyk, Slawomir, editor, Gama, João, editor, Ribeiro, Rita, editor, Gavaldà, Ricard, editor, Masciari, Elio, editor, Ras, Zbigniew, editor, Ritacco, Ettore, editor, Naretto, Francesca, editor, Theissler, Andreas, editor, Biecek, Przemyslaw, editor, Verbeke, Wouter, editor, Schiele, Gregor, editor, Pernkopf, Franz, editor, Blott, Michaela, editor, Bordino, Ilaria, editor, Danesi, Ivan Luciano, editor, Ponti, Giovanni, editor, Severini, Lorenzo, editor, Appice, Annalisa, editor, Andresini, Giuseppina, editor, Medeiros, Ibéria, editor, Graça, Guilherme, editor, Cooper, Lee, editor, Ghazaleh, Naghmeh, editor, Richiardi, Jonas, editor, Saldana, Diego, editor, Sechidis, Konstantinos, editor, Canakoglu, Arif, editor, Pido, Sara, editor, Pinoli, Pietro, editor, Bifet, Albert, editor, and Pashami, Sepideh, editor

Published

2023

43. A Survey on Application of LSTM as a Deep Learning Approach in Traffic Classification for SDN

Author

Rai, Prerna, Deva Sarma, Hiren Kumar, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Deva Sarma, Hiren Kumar, editor, Piuri, Vincenzo, editor, and Pujari, Arun Kumar, editor

Published

2023

44. CDBC: A novel data enhancement method based on improved between-class learning for darknet detection

Author

Binjie Song, Yufei Chang, Minxi Liao, Yuanhang Wang, Jixiang Chen, and Nianwang Wang

Subjects

between-class learning, darknet, detection, traffic classification, Biotechnology, TP248.13-248.65, Mathematics, QA1-939

Abstract

With the development of the Internet, people have paid more attention to privacy protection, and privacy protection technology is widely used. However, it also breeds the darknet, which has become a tool that criminals can exploit, especially in the fields of economic crime and military intelligence. The darknet detection is becoming increasingly important; however, the darknet traffic is seriously unbalanced. The detection is difficult and the accuracy of the detection methods needs to be improved. To overcome these problems, we first propose a novel learning method. The method is the Chebyshev distance based Between-class learning (CDBC), which can learn the spatial distribution of the darknet dataset, and generate "gap data". The gap data can be adopted to optimize the distribution boundaries of the dataset. Second, a novel darknet traffic detection method is proposed. We test the proposed method on the ISCXTor 2016 dataset and the CIC-Darknet 2020 dataset, and the results show that CDBC can help more than 10 existing methods improve accuracy, even up to 99.99%. Compared with other sampling methods, CDBC can also help the classifiers achieve higher recall.

Published

2023

45. Network traffic classification model based on attention mechanism and spatiotemporal features

Author

Feifei Hu, Situo Zhang, Xubin Lin, Liu Wu, Niandong Liao, and Yanqi Song

Subjects

Traffic classification, CNN, LSTM, Attention mechanism, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract Traffic classification is widely used in network security and network management. Early studies have mainly focused on mapping network traffic to different unencrypted applications, but little research has been done on network traffic classification of encrypted applications, especially the underlying traffic of encrypted applications. To address the above issues, this paper proposes a network encryption traffic classification model that combines attention mechanisms and spatiotemporal features. The model firstly uses the long short-term memory (LSTM) method to analyze continuous network flows and find the temporal correlation features between these network flows. Secondly, the convolutional neural network (CNN) method is used to extract the high-order spatial features of the network flow, and then, the squeeze and excitation (SE) module is used to weight and redistribute the high-order spatial features to obtain the key spatial features of the network flow. Finally, through the above three stages of training and learning, fast classification of network flows is achieved. The main advantages of this model are as follows: (1) the mapping relationship between network flow and label is automatically constructed by the model without manual intervention and decision by network features, (2) it has strong generalization ability and can quickly adapt to different network traffic datasets, and (3) it can handle encrypted applications and their underlying traffic with high accuracy. The experimental results show that the model can be applied to classify network traffic of encrypted and unencrypted applications at the same time, especially the classification accuracy of the underlying traffic of encrypted applications is improved. In most cases, the accuracy generally exceeds 90%.

Published

2023

46. ROSIDS23: Network intrusion detection dataset for robot operating system

Author

Elif Değirmenci, Yunus Sabri Kırca, İlker Özçelik, and Ahmet Yazıcı

Subjects

ROS, Security, Network traffic, Intrusion detection system, Traffic classification, Network monitoring, Computer applications to medicine. Medical informatics, R858-859.7, Science (General), Q1-390

Abstract

The data described herein pertains to the Robotic Systems Security domain. This data in brief presents the attributes of the ROSIDS23 dataset and its collection process in detail. This dataset comprises Robot Operating System (ROS)-based cyber-attacks to address the emerging need in high fidelity data for robotic system security research. The data was gathered from the IFARLab-DIH environment. IFARLab-DIH is a robotic and factory-level laboratory that includes a ROS-based network and is used to conduct studies up to TRL 5 on robotic systems. ROSIDS23 dataset contains benign and various attack traffic collected from the ROS middleware using the tcpdump network protocol analyser. Then the eighty-two traffic features were extracted from the captured pcap files and converted into CSV format using the CICFlowMeter tool. This dataset can serve as a valuable resource for developing and improving security countermeasures in robotic systems and can help the evolution of resilient robotics infrastructure.

Published

2023

47. Contention-based traffic priority MAC protocols in wireless body area networks: A thematic review

Author

Farhan Masud, Gaddafi Abdul-Salaam, Muhammad Anwar, Abdelzahir Abdelmaboud, Muhammad Sheraz Arshad Malik, and Hadhrami Bin Ab Ghani

Subjects

Wireless Body Area Networks (WBANs), MAC protocols, Traffic classification, Traffic prioritization, Contention-based Prioritization, slotted-CSMA/CA, Electronic computers. Computer science, QA75.5-76.95

Abstract

Wireless Body Area Networks (WBANs) healthcare application is a group of heterogeneous-natured Bio-Medical Sensor Nodes (BMSNs) used to sense and monitor a patient’s vital signs, in the long run, under natural physiological conditions, without affecting the regular activities. Heterogeneous-natured BMSNs demand prioritized channel access during contention access phases to transmit data or allocate time slots in contention-free phases. Thus, contention-based prioritization of heterogeneous traffic is required in WBANs. Therefore, many researchers have considered and presented various traffic-priority Medium Access Control (MAC) protocols. This paper provides a thematic review of contention-based traffic priority MAC protocols in WBANs. Slotted Carrier Sense Multiple Access / Collision Avoidance (CSMA/CA) scheme in beacon-enabled modes of IEEE 802.15.4 and IEEE 802.15.6 MACs is also analyzed regarding contention-based traffic prioritization. In addition, a critical and comparative analysis of existing contention-based traffic priority MAC protocols is obtained. A hierarchy of contention-based traffic priority MAC protocols is proposed. This review on contention-based traffic priority MAC protocols in WBANs extends the body of knowledge. This paper, therefore, serves as the first and enhances the concept of contention-based traffic prioritization at the MAC layer in WBANs. We have confidence that this paper will stimulate a better way of solving the contention-based traffic prioritization problem.

Published

2023

48. Hybrid Deep Learning Techniques for Securing Bioluminescent Interfaces in Internet of Bio Nano Things.

Author

Bakhshi, Taimur and Zafar, Sidra

Subjects

*TARGETED drug delivery, *ANOMALY detection (Computer security), *INTERNET, *DEEP learning, *TRAFFIC patterns, *MACHINE learning

Abstract

The Internet of bio-nano things (IoBNT) is an emerging paradigm employing nanoscale (~1–100 nm) biological transceivers to collect in vivo signaling information from the human body and communicate it to healthcare providers over the Internet. Bio-nano-things (BNT) offer external actuation of in-body molecular communication (MC) for targeted drug delivery to otherwise inaccessible parts of the human tissue. BNTs are inter-connected using chemical diffusion channels, forming an in vivo bio-nano network, connected to an external ex vivo environment such as the Internet using bio-cyber interfaces. Bio-luminescent bio-cyber interfacing (BBI) has proven to be promising in realizing IoBNT systems due to their non-obtrusive and low-cost implementation. BBI security, however, is a key concern during practical implementation since Internet connectivity exposes the interfaces to external threat vectors, and accurate classification of anomalous BBI traffic patterns is required to offer mitigation. However, parameter complexity and underlying intricate correlations among BBI traffic characteristics limit the use of existing machine-learning (ML) based anomaly detection methods typically requiring hand-crafted feature designing. To this end, the present work investigates the employment of deep learning (DL) algorithms allowing dynamic and scalable feature engineering to discriminate between normal and anomalous BBI traffic. During extensive validation using singular and multi-dimensional models on the generated dataset, our hybrid convolutional and recurrent ensemble (CNN + LSTM) reported an accuracy of approximately ~93.51% over other deep and shallow structures. Furthermore, employing a hybrid DL network allowed automated extraction of normal as well as temporal features in BBI data, eliminating manual selection and crafting of input features for accurate prediction. Finally, we recommend deployment primitives of the extracted optimal classifier in conventional intrusion detection systems as well as evolving non-Von Neumann architectures for real-time anomaly detection. [ABSTRACT FROM AUTHOR]

Published

2023

49. Detecting malicious IoT traffic using Machine Learning techniques.

Author

JAYARAMAN, Bhuvana, NADAR THANGA THAI, Mirnalinee THANGA, ANAND, Anirudh, and ANANDAN, Karthik Raja

Subjects

MACHINE learning, INTERNET of things, RANDOM forest algorithms, DECISION trees, DEEP learning

Abstract

Internet of Things (IoT) generates huge amount of data, that needs to communicate between the IoT enabled devices. These communications are vulnerable to security attacks and are malicious enough to cause harm to connected devices. The invasive communication and security breaches have to be identified and should be dealt with in order not to cause further damage and consequences. The objective of this work is to distinguish intentional communications from insecure communications between the IoT devices. The intentional communications can be different from the insecure communications in their patterns. Artificial intelligencebased machine learning approaches have the technologies to identify patterns of the intentional or insecure communications. In this paper, Random Forest, Decision Tree, SVM and 1DCNN have been used to discriminate patterns belonging to intended and unintended messages. To evaluate this technique, IoT-23 dataset is used, the proposed machine learning based approach obtaining a performance of 99.25% accuracy with the benchmark dataset. The proposed approach is compared with the state-of-the-art methods. It is observed that the proposed Random Forest method outperforms the existing ones with sufficient patterns to identify. To enhance the performance of the poorly performing classifiers on the imbalanced dataset, a potential solution to be applied on this dataset is also explored and proposed. [ABSTRACT FROM AUTHOR]

Published

2023

50. Profiling and identification of web applications in computer network

Author

Oudah, Hussein

Subjects

004.6, Traffic Classification, Tcptrace, web applications

Abstract

Characterising network traffic is a critical step for detecting network intrusion or misuse. The traditional way to identify the application associated with a set of traffic flows uses port number and DPI (Deep Packet Inspection), but it is affected by the use of dynamic ports and encryption. The research community proposed models for traffic classification that determined the most important requirements and recommendations for a successful approach. The suggested alternatives could be categorised into four techniques: port-based, packet payload based, host behavioural, and statistical-based. The traditional way to identifying traffic flows typically focuses on using IANA assigned port numbers and deep packet inspection (DPI). However, an increasing number of Internet applications nowadays that frequently use dynamic post assignments and encryption data traffic render these techniques in achieving real-time traffic identification. In recent years, two other techniques have been introduced, focusing on host behaviour and statistical methods, to avoid these limitations. The former technique is based on the idea that hosts generate different communication patterns at the transport layer; by extracting these behavioural patterns, activities and applications can be classified. However, it cannot correctly identify the application names, classifying both Yahoo and Gmail as email. Thereby, studies have focused on using statistical features approach for identifying traffic associated with applications based on machine learning algorithms. This method relies on characteristics of IP flows, minimising the overhead limitations associated with other schemes. Classification accuracy of statistical flow-based approaches, however, depends on the discrimination ability of the traffic features used. NetFlow represents the de-facto standard in monitoring and analysing network traffic, but the information it provides is not enough to describe the application behaviour. The primary challenge is to describe the activity within entirely and among network flows to understand application usage and user behaviour. This thesis proposes novel features to describe precisely a web application behaviour in order to segregate various user activities. Extracting the most discriminative features, which characterise web applications, is a key to gain higher accuracy without being biased by either users or network circumstances. This work investigates novel and superior features that characterize a behaviour of an application based on timing of arrival packets and flows. As part of describing the application behaviour, the research considered the on/off data transfer, defining characteristics for many typical applications, and the amount of data transferred or exchanged. Furthermore, the research considered timing and patterns for user events as part of a network application session. Using an extended set of traffic features output from traffic captures, a supervised machine learning classifier was developed. To this effect, the present work customised the popular tcptrace utility to generate classification features based on traffic burstiness and periods of inactivity for everyday Internet usage. A C5.0 decision tree classifier is applied using the proposed features for eleven different Internet applications, generated by ten users. Overall, the newly proposed features reported a significant level of accuracy (~98%) in classifying the respective applications. Afterwards, uncontrolled data collected from a real environment for a group of 20 users while accessing different applications was used to evaluate the proposed features. The evaluation tests indicated that the method has an accuracy of 87% in identifying the correct network application.

Published

2020