Network Traffic Classification for Attack Detection Using Big Data Tools: A Review

Al-Araji, Zaid. J.; Ahmad, Sharifah Sakinah Syed; Al-Salihi, Mustafa W.; Al-Lamy, Hayder A.; Ahmed, Mohammed F.; Raad, Wisam; Yunos, Norhazwani Md

doi:10.1007/978-981-13-6031-2_37

Cited by 2 publications

(1 citation statement)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Identifying the class of a network packet can be used for running predefined rules on it, such as ensuring the quality of service promised to the customer, detecting malicious user activities, or dropping certain content for parental control [1]. Classification can be in terms of the application, protocol, or category of a packet [2]; defense industry units of countries; however, every institution can benefit from a dedicated solution whether it is online or offline [3]. Labeling of pre-captured network packets is called offline classification; online classification is when they are labeled one after another in realtime [4].…”

Section: Introductionmentioning

confidence: 99%

Real-Time Encrypted Traffic Classification with Deep Learning

ERGÖNÜL¹,

DEMİR²

2022

Sakarya University Journal of Science

View full text Add to dashboard Cite

Confidentiality requirements of individuals and companies led to the dominance of encrypted payloads in the overall Internet traffic. Hence, traffic classification on a network became increasingly difficult as it must rely on only the packet headers. Many vital tasks such as differential pricing, providing a safe Internet for children, and eliminating malicious connections require traffic classification, even if the payload contents are encrypted. Encrypted traffic is harder to classify as packet content becomes unreadable. In this work, we aim to provide an insight into traffic classification using encrypted packets in terms of both accuracy and packet processing time. LSTM (Long Short-Term Memory) architecture is a good candidate for this problem as it can handle sequences. Each flow can be modeled as a sequence and patterns of the sequences can provide valuable information. We compare the performance of LSTM with other methods in both real-time and offline experiments. Compared to a machine learning method both online and offline LSTM excelled with precision and recall differences up to 50%. Average accuracy with LSTM was measured as 97.77% offline and 91.7% in realtime. Average packet processing time in real-time was recorded as 0.593 msec which is 5 times faster than a recent work that uses LSTM method.

show abstract

Section: Introductionmentioning

confidence: 99%

Real-Time Encrypted Traffic Classification with Deep Learning

ERGÖNÜL¹,

DEMİR²

2022

Sakarya University Journal of Science

View full text Add to dashboard Cite

show abstract

Attack graph-based security metrics: Concept, taxonomy, challenges and open issues

Al-Araji,

Sakinah Syed Ahmad,

Farhood

et al. 2024

BIO Web Conf.

View full text Add to dashboard Cite

Context: Security issues have increased recently because of the increased use of networking. The researchers have proposed many models, approaches, and models, for example, attack graphs. The attack graph model is a valuable tool for vulnerability analysis as well as for displaying all network paths. In general, attack graphs can be utilized for a variety of purposes, including the calculation of security metrics. Nonetheless, in order to sufficiently safeguard networks, a technique for gauging the security degree provided by these activities is required, as “you cannot improve what you cannot measure.” The security level of a system or network is typically represented by network security metrics in qualitative and quantitative ways. The network security metrics are typically employed to evaluate a system's security level and meet security objectives. Aim: This study aims to present a review of attack graph-based security metrics and analyse the previous work. Provides the limitations and issues the researchers faced to improve this important research area. Methodology: The attack graph security metrics field was thoroughly investigated in all research, and four databases—ScienceDirect, Web of Science (WoS), Scopus, and IEEE—were used to collect data between 2001 and 2022. Results: 46 papers were founded on attack graph security metrics with different methods and techniques based on the exclusion and inclusion criteria. The results of the taxonomy created three significant categories: proposed, implemented, reviewed, and surveyed. We believe this study will aid in highlighting research ability, which will subsequently broaden and establish new research topics.

show abstract

Network Traffic Classification for Attack Detection Using Big Data Tools: A Review

Cited by 2 publications

References 14 publications

Real-Time Encrypted Traffic Classification with Deep Learning

Real-Time Encrypted Traffic Classification with Deep Learning

Attack graph-based security metrics: Concept, taxonomy, challenges and open issues

Contact Info

Product

Resources

About