A streaming flow-based technique for traffic classification applied to 12 + 1 years of Internet traffic

Carela-Español, Valentín; Barlet‐Ros, Pere; Bifet, Albert; Fukuda, Kensuke

doi:10.1007/s11235-015-0114-6

Cited by 28 publications

(11 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Use-case definition 1) Network traffic classification: We consider the case of encrypted traffic classification, that is actively investigated in the networking nowadays [2]. In contrast to identification of known applications, which is a well investigated subject and for which classic supervised methods are well suited, the network community has only very limitedly [5], [14] dealt with handling applications that were never presented to the model during training, an OSR problem that is referred to as "zero-day application" detection in this context. In particular, the current state of the art [5] performs k-means clustering on unmodified input, and is thus worth contrasting to data-science OSR solutions [10]- [13].…”

Section: Example Aiops Use-casesmentioning

confidence: 99%

Quality Monitoring and Assessment of Deployed Deep Learning Models for Network AIOps

Yang¹,

Rossi²

2022

Preprint

View full text Add to dashboard Cite

Artificial Intelligence (AI) has recently attracted a lot of attention, transitioning from research labs to a wide range of successful deployments in many fields, which is particularly true for Deep Learning (DL) techniques. Ultimately, DL models being software artifacts, they need to be regularly maintained and updated: AIOps is the logical extension of the DevOps software development practices to AI-software applied to network operation and management. In the lifecycle of a DL model deployment, it is important to assess the quality of deployed models, to detect "stale" models and prioritize their update. In this article, we cover the issue in the context of network management, proposing simple yet effective techniques for (i) quality assessment of individual inference, and for (ii) overall model quality tracking over multiple inferences, that we apply to two use cases, representative of the network management and image recognition fields.

show abstract

Section: Example Aiops Use-casesmentioning

confidence: 99%

Quality Monitoring and Assessment of Deployed Deep Learning Models for Network AIOps

Yang¹,

Rossi²

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…The specific application of stream-based machine-learning approaches to network security and anomaly detection is by far more limited; a relevant and representative example linked to current research is presented in [11], where Carela et al evaluate stream-based traffic-classification approaches based on Hoeffding adaptive trees [12], using MAWILab data and the MOA machine-learning toolkit, as we do in this work.…”

Section: State Of the Artmentioning

confidence: 99%

Adaptive and Reinforcement Learning Approaches for Online Network Monitoring and Analysis

Wassermann

Cuvelier

Mulinka

et al. 2021

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

Network-monitoring data commonly arrives in the form of fast and changing data streams. Continuous and dynamic learning is an effective learning strategy when dealing with such data, where concept drifts constantly occur. We propose different stream-based, adaptive learning approaches to analyze networktraffic streams on the fly. We address two major challenges associated to stream-based machine learning and online network monitoring: (i) how to dynamically learn from and adapt to non-stationary data changing over time, and (ii) how to deal with the limited availability of labeled data to continuously tune a supervised-learning model. We introduce ADAM & RAL, two stream-based machine-learning techniques to tackle these challenges. ADAM relies on adaptive memory strategies to dynamically tune stream-based learning models to changes in the input data distribution. RAL combines reinforcement learning with stream-based active-learning to reduce the amount of labeled data needed for continual learning, dynamically deciding on the most informative samples to learn from. We apply ADAM & RAL to the real-time detection of network attacks in Internet network traffic, and show that it is possible to continuously achieve high detection accuracy even under the occurrence of concept drifts, limiting the amount of labeled data needed for learning.

show abstract

“…Many studies analyze the characteristic of the ISP traffic [3][4] [5]. New trends of the Internet are revealed by measuring network traffic.…”

Section: Related Workmentioning

confidence: 99%

Measure the Non-standard Port of Popular Protocols

2020

Proceedings of 2020 the 10th International Workshop on Computer Science and Engineering

View full text Add to dashboard Cite

With the prosperity of the Internet, numerous network services have emerged. Many network services use non-standard, unregistered TCP/IP ports, which make the port-based firewall policy no longer effective. However, port-based firewalls are still deployed on the gateway of some local networks. As the application layer protocol increasing, network failures may increase due to the obsolete firewall policies. To make up this gap, our study aims to measure the port distribution of the popular Internet applications (e.g. WWW, P2P, multimedia). Using the flow-based traffic classification technique, we analyze the traffic collected from ISP and profile the characteristic of the protocols using non-standard ports. Our results show that a lot of application layer protocols are deployed on a wide range of non-standard ports. Particularly, both HTTP and SSL protocol, the two most popular protocols, account for a large proportion of non-standard port traffic, which is caused by the increasing web-based applications and the increasing of SSL-based encrypted traffic, respectively. Our measurement results demonstrate it is necessary to develop more fine-grained port-based firewall policies.

show abstract

A streaming flow-based technique for traffic classification applied to 12 + 1 years of Internet traffic

Cited by 28 publications

References 23 publications

Quality Monitoring and Assessment of Deployed Deep Learning Models for Network AIOps

Quality Monitoring and Assessment of Deployed Deep Learning Models for Network AIOps

Adaptive and Reinforcement Learning Approaches for Online Network Monitoring and Analysis

Measure the Non-standard Port of Popular Protocols

Contact Info

Product

Resources

About