How Robust Can a Machine Learning Approach Be for Classifying Encrypted VoIP?

Alshammari, Riyad; Zincir-Heywood, A. Nur

doi:10.1007/s10922-014-9324-6

Cited by 16 publications

(5 citation statements)

References 36 publications

(52 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although the method showed acceptable performance (over 90%) [15] and it can detect the application type, it could not correctly identify the application names, classifying both Yahoo and Gmail as e-mail [16]. In contrast, high accuracy was achieved (over 95%) by applying the latter approach of statistical methods [17][18][19][20], using statistical features derived from the packet header, such as number of packets, packet size, interarrival packets time, and flow duration with the aid of machine learning algorithms. e advantage of using ML algorithms is that they can be used in real-time environments to provide rapid application detection with high accuracy.…”

Section: Traffic Classification Techniquesmentioning

confidence: 94%

Using Burstiness for Network Applications Classification

Oudah

Ghita

Bakhshi

et al. 2019

Journal of Computer Networks and Communications

View full text Add to dashboard Cite

Network traffic classification is a vital task for service operators, network engineers, and security specialists to manage network traffic, design networks, and detect threats. Identifying the type/name of applications that generate traffic is a challenging task as encrypting traffic becomes the norm for Internet communication. Therefore, relying on conventional techniques such as deep packet inspection (DPI) or port numbers is not efficient anymore. This paper proposes a novel flow statistical-based set of features that may be used for classifying applications by leveraging machine learning algorithms to yield high accuracy in identifying the type of applications that generate the traffic. The proposed features compute different timings between packets and flows. This work utilises tcptrace to extract features based on traffic burstiness and periods of inactivity (idle time) for the analysed traffic, followed by the C5.0 algorithm for determining the applications that generated it. The evaluation tests performed on a set of real, uncontrolled traffic, indicated that the method has an accuracy of 79% in identifying the correct network application.

show abstract

Section: Traffic Classification Techniquesmentioning

confidence: 94%

Using Burstiness for Network Applications Classification

Oudah

Ghita

Bakhshi

et al. 2019

Journal of Computer Networks and Communications

View full text Add to dashboard Cite

show abstract

“…This characteristic makes them suitable for feature Some of them are computed under the assumption that the properties values are normally distributed, which might not be true for some cases. [110], [95], [96], [97], [111], [112], [113], [114], [115], [116], [117], [118], [119], [120], [121], [122], [123], [124], [125], [126], [127], [128], [129], [96], [130], [131], [132], [133], [134], [106], [135], [136], [137], [138], [105], [139], [140], [107], [141], [142], [143] Graph based features Internet interactions are modeled as graphs and valuable features can be extracted from these representations They are ideal for understanding communication patterns…”

Section: Feature Reduction and Selectionmentioning

confidence: 99%

“…VoIP communications have risen in popularity and their identification is a key factor in the telecommunication field either to prioritize or unable them. In consequence, several approaches have been proposed, such as the works in [160], [118], [114], [161], [128]. Some of these works tries to characterize and identify Skype, one of the most complex VoIP applications in the network due to its intricate communication protocol.…”

Section: A Classical Classificationmentioning

confidence: 99%

See 1 more Smart Citation

Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey

Pacheco

Expósito

Gineste³

et al. 2019

IEEE Commun. Surv. Tutorials

268

125

View full text Add to dashboard Cite

Traffic analysis is a compound of strategies intended to find relationships, patterns, anomalies, and misconfigurations, among others things, in Internet traffic. In particular, traffic classification is a subgroup of strategies in this field that aims at identifying the application's name or type of Internet traffic. Nowadays, traffic classification has become a challenging task due to the rise of new technologies, such as traffic encryption and encapsulation, which decrease the performance of classical traffic classification strategies. Machine Learning gains interest as a new direction in this field, showing signs of future success, such as knowledge extraction from encrypted traffic, and more accurate Quality of Service management. Machine Learning is fast becoming a key tool to build traffic classification solutions in real network traffic scenarios; in this sense, the purpose of this investigation is to explore the elements that allow this technique to work in the traffic classification field. Therefore, a systematic review is introduced based on the steps to achieve traffic classification by using Machine Learning techniques. The main aim is to understand and to identify the procedures followed by the existing works to achieve their goals. As a result, this survey paper finds a set of trends derived from the analysis performed on this domain; in this manner, the authors expect to outline future directions for Machine Learning based traffic classification.

show abstract

“…It is straightforward to see that full payload packet-level trace would give the network analysts the most accurate information because the trace has virtually every bit of information that the sender-receiver pair exchanged. Please note that in the case of encrypted traffic, the payload itself will not be of any help, unless you either have the encryption key to decrypt its content or can use specific technique [15,16] to overcome this issue. On the other hand, the more aggregated the collected trace is, the less detailed information is.…”

Section: Traffic Measurements: Packets Flow Records and Aggregated mentioning

confidence: 99%

Methods and Techniques for Measurements in the Internet

Fernandes

2017

Performance Evaluation for Network Services, Systems and Protocols

View full text Add to dashboard Cite

An in-depth understanding of the Internet traffic mix is of paramount importance for network management tasks, such as optimizing the underlying infrastructure for emerging applications. However, the Internet traffic mix changes over time and is very complex when it comes to measurements and classification techniques. Its traffic profile also changes depending on the measurement points [1]. Although there is no de facto way to perform measurements on the Internet, there are good IETF documents that highlight some important elements in this context [2,3]. However, as the Internet evolves at a fast pace, it is hard to have a general measurement framework that covers all aspects of the future Internet [4]. One clear example is the recent rise of virtualization technologies in computer networking. Virtualization techniques are bringing a new set of challenges from the point of view of the measurement process (cf. Sect. 2.5). Figure 2.1 presents an overview of the measurement process where one can identify three major steps, namely, capturing, processing, and exporting/recording, at packet level.

show abstract

How Robust Can a Machine Learning Approach Be for Classifying Encrypted VoIP?

Cited by 16 publications

References 36 publications

Using Burstiness for Network Applications Classification

Using Burstiness for Network Applications Classification

Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey

Methods and Techniques for Measurements in the Internet

Contact Info

Product

Resources

About