Traffic classification for managing Applications’ networking profiles

Alizadeh, Hassan; Zúquete, André

doi:10.1002/sec.1516

Cited by 12 publications

(4 citation statements)

References 63 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The survey studies some of the encryption protocols, their packet structure and standard behavior in the network, as well as, the observable features that can be extracted for traffic analysis. In addition, [8] surveys the most common methodologies for traffic classification.…”

Section: A Related Workmentioning

confidence: 99%

Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey

Pacheco

Expósito

Gineste³

et al. 2019

IEEE Commun. Surv. Tutorials

268

125

View full text Add to dashboard Cite

Traffic analysis is a compound of strategies intended to find relationships, patterns, anomalies, and misconfigurations, among others things, in Internet traffic. In particular, traffic classification is a subgroup of strategies in this field that aims at identifying the application's name or type of Internet traffic. Nowadays, traffic classification has become a challenging task due to the rise of new technologies, such as traffic encryption and encapsulation, which decrease the performance of classical traffic classification strategies. Machine Learning gains interest as a new direction in this field, showing signs of future success, such as knowledge extraction from encrypted traffic, and more accurate Quality of Service management. Machine Learning is fast becoming a key tool to build traffic classification solutions in real network traffic scenarios; in this sense, the purpose of this investigation is to explore the elements that allow this technique to work in the traffic classification field. Therefore, a systematic review is introduced based on the steps to achieve traffic classification by using Machine Learning techniques. The main aim is to understand and to identify the procedures followed by the existing works to achieve their goals. As a result, this survey paper finds a set of trends derived from the analysis performed on this domain; in this manner, the authors expect to outline future directions for Machine Learning based traffic classification.

show abstract

Section: A Related Workmentioning

confidence: 99%

Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey

Pacheco

Expósito

Gineste³

et al. 2019

IEEE Commun. Surv. Tutorials

268

125

View full text Add to dashboard Cite

show abstract

“…To meet the first requirement, we proposed architectures that provide a binding between network traffic and source application that allows checking whether a packet/flow claimed by an application conforms to its expected traffic model [42], [43]. For the second requirement, we proposed GMM with automatic learning to model per-application traffic [2], [39], [44]. However, our prior application-specific models were still trained with features obtained from the entire packet flows and were not accurate enough for detecting anomalies in a timely manner before the end of a flow.…”

Section: B Traffic Verificationmentioning

confidence: 99%

Timely Classification and Verification of Network Traffic Using Gaussian Mixture Models

et al. 2020

Self Cite

View full text Add to dashboard Cite

We present a novel approach for timely classification and verification of network traffic using Gaussian Mixture Models (GMMs). We generate a separate GMM for each class of applications using component-wise expectation-maximization (CEM) to match the network traffic distribution generated by these applications. We apply our models for both traffic classification, where the goal is to identify the source application from which the traffic originates, by evaluating the maximum posterior probability, and for traffic verification, where the goal is to verify whether the application that claims to be the source of the traffic is as expected, by likelihood testing. Our models use only the first initial packets of truncated flows in order to provide more efficient and timely traffic classification and verification. This allows for triggering timely countermeasures before the end of flows. We demonstrate the effectiveness of our approach by experiments on a public dataset collected from a real network. Our traffic classification approach outperforms other state-of-the-art approaches that are based on machine learning, and achieves up to 97.7% flow classification accuracy when using only 9 first initial packets of flows. We show that 96.6% flow classification accuracy can still be obtained when training the GMMs using only 0.5% of all flows. Our traffic verification approach achieves a minimum Half Total Error Rate (HTER) of 7.65% when using only 6 first initial packets of flows.INDEX TERMS Gaussian mixture model (GMM), traffic classification, traffic anomaly detection.

show abstract

“…Herein, we want to answer a more fine-grained question: is this packet/flow normal for its source application? To answer this question, the system requires to: (i) identify the claimant (source application) for being responsible for the traffic and (ii) model the genuine traffic of each application present in the network [3].…”

Section: Problem Definition and Motivationsmentioning

confidence: 99%

Application-Specific Traffic Anomaly Detection Using Universal Background Model

Alizadeh

Khoshrou

Zúquete

2015

Proceedings of the 2015 ACM International Workshop on International Workshop on Security and Privacy Analytics

Self Cite

View full text Add to dashboard Cite

This paper presents an application-specific intrusion detection framework in order to address the problem of detecting intrusions in individual applications when their traffic exhibits anomalies. The system is based on the assumption that authorized traffic analyzers have access to a trustworthy binding between network traffic and the source application responsible for it. Given traffic flows generated by individual genuine application, we exploit the GMM-UBM (Gaussian Mixture Model-Universal Background Model) method to build models for genuine applications, and thereby form our detection system. The system was evaluated on a public dataset collected from a real network. Favorable results indicate the success of the framework.

show abstract

Traffic classification for managing Applications’ networking profiles

Cited by 12 publications

References 63 publications

Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey

Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey

Timely Classification and Verification of Network Traffic Using Gaussian Mixture Models

Application-Specific Traffic Anomaly Detection Using Universal Background Model

Contact Info

Product

Resources

About