Traffic Classification of QoS Types Based on Machine Learning Combined with IP Query and Deep Packet Inspection

2020 ◽  
Author(s):  
Yung-Fa Huang ◽  
Chien-Min Chung ◽  
Chuan-Bi Lin ◽  
Yan-Bo Peng ◽  
Shing-Hong Liu ◽  
...  
Keyword(s):  
Machine Learning ◽  
Deep Packet Inspection ◽  
Traffic Classification ◽  
Packet Inspection

scholarly journals Research on QoS Classification of Network Encrypted Traffic Behavior Based on Machine Learning

Electronics ◽  
2021 ◽  
Vol 10 (12) ◽  
pp. 1376
Author(s):  
Yung-Fa Huang ◽  
Chuan-Bi Lin ◽  
Chien-Min Chung ◽  
Ching-Mu Chen
Keyword(s):  
Machine Learning ◽  
Majority Voting ◽  
Deep Packet Inspection ◽  
Traffic Classification ◽  
K 13 ◽  
Packet Inspection ◽  
Majority Voting Method ◽  
Encrypted Traffic ◽  
Traffic Behavior

In recent years, privacy awareness is concerned due to many Internet services have chosen to use encrypted agreements. In order to improve the quality of service (QoS), the network encrypted traffic behaviors are classified based on machine learning discussed in this paper. However, the traditional traffic classification methods, such as IP/ASN (Autonomous System Number) analysis, Port-based and deep packet inspection, etc., can classify traffic behavior, but cannot effectively handle encrypted traffic. Thus, this paper proposed a hybrid traffic classification (HTC) method based on machine learning and combined with IP/ASN analysis with deep packet inspection. Moreover, the majority voting method was also used to quickly classify different QoS traffic accurately. Experimental results show that the proposed HTC method can effectively classify different encrypted traffic. The classification accuracy can be further improved by 10% with majority voting as K = 13. Especially when the networking data are using the same protocol, the proposed HTC can effectively classify the traffic data with different behaviors with the differentiated services code point (DSCP) mark.

scholarly journals Internet Traffic Classification with Federated Learning

Electronics ◽  
2020 ◽  
Vol 10 (1) ◽  
pp. 27
Author(s):  
Hyunsu Mun ◽  
Youngseok Lee
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Internet Traffic ◽  
Packet Classification ◽  
Deep Packet Inspection ◽  
Traffic Classification ◽  
User Privacy ◽  
Internet Traffic Classification ◽  
Packet Inspection ◽  
And Performance

As Internet traffic classification is a typical problem for ISPs or mobile carriers, there have been a lot of studies based on statistical packet header information, deep packet inspection, or machine learning. Due to recent advances in end-to-end encryption and dynamic port policies, machine or deep learning has been an essential key to improve the accuracy of packet classification. In addition, ISPs or mobile carriers should carefully deal with the privacy issue while collecting user packets for accounting or security. The recent development of distributed machine learning, called federated learning, collaboratively carries out machine learning jobs on the clients without uploading data to a central server. Although federated learning provides an on-device learning framework towards user privacy protection, its feasibility and performance of Internet traffic classification have not been fully examined. In this paper, we propose a federated-learning traffic classification protocol (FLIC), which can achieve an accuracy comparable to centralized deep learning for Internet application identification without privacy leakage. FLIC can classify new applications on-the-fly when a participant joins in learning with a new application, which has not been done in previous works. By implementing the prototype of FLIC clients and a server with TensorFlow, the clients gather packets, perform the on-device training job and exchange the training results with the FLIC server. In addition, we demonstrate that federated learning-based packet classification achieves an accuracy of 88% under non-independent and identically distributed (non-IID) traffic across clients. When a new application that can be classified dynamically as a client participates in learning was added, an accuracy of 92% was achieved.

scholarly journals Performance Analysis of Machine Learning and Pattern Matching Techniques for Deep Packet Inspection in Firewalls

2021 ◽  
Author(s):  
J.V. BibalBenifa ◽  
Saravanan Krishnann ◽  
Hoang Long ◽  
Raghvendra Kumar ◽  
David Taniar
Keyword(s):  
Machine Learning ◽  
Pattern Matching ◽  
Hybrid Method ◽  
Naive Bayes ◽  
Denial Of Service ◽  
Naïve Bayes ◽  
Support Vector ◽  
The Internet ◽  
Deep Packet Inspection ◽  
Packet Inspection

Abstract Malware is essentially one of the major security issues that have the potential to break the computer operations instantly. Majority of the internet attacks are caused by malwares that are being distributed through HTTP over the Internet. A Firewall is essential to prevent such internet attacks for enhancing the security measures. The most efficient method to prevent Intrusion in the network is Deep Packet Inspection (DPI), which is presently implemented in advanced firewalls. This research work intends to detect and prevent the intrusion in the network using a hybrid method with DPI, Pattern Matching (PM), and Machine Learning (ML) techniques. In this present work, a hybrid method which involves the functionalities of both DPI and ML is used for classification and identification of attacks. Here, DPI is done by Boyer-Moore-Horspool (BMHP) pattern matching algorithm and ten ML algorithms such as Support Vector Machines (SVM), Linear-SVM (L-SVM), K-Nearest Neighbors (KNN), Multi-Layer Perceptron (MLP), Decision Tree (DT), Random Forest (RF), AdaBoost (Ada), Gaussian Naive Bayes (GaNB) and Bernouli Naive Bayes (BeNB) are employed for classification. Subsequently, the proposed work is evaluated in a sequential and parallel manner and it is customized for identifying the fuzzy, impersonation and Denial of Service (DoS)-based attacks. The proposed system is analyzed in different dimensions such as performance of ML methods and role of DPI in attack identification including the pattern matching efficiency. From the investigation, it is identified that BMHP algorithm has the least time and memory consumed values about 0.0028 sec and 125.4 Mib respectively. Similarly, SVM has the accuracy of 99.91% with the least time and memory consumed values about 18.185 sec and 303.5 MiB respectively.

scholarly journals Using Burstiness for Network Applications Classification

2019 ◽  
Vol 2019 ◽  
pp. 1-10 ◽  
Author(s):  
Hussein Oudah ◽  
Bogdan Ghita ◽  
Taimur Bakhshi ◽  
Abdulrahman Alruban ◽  
David J. Walker
Keyword(s):  
Network Traffic ◽  
Idle Time ◽  
Machine Learning Algorithms ◽  
Deep Packet Inspection ◽  
Traffic Classification ◽  
Internet Communication ◽  
Network Applications ◽  
Network Traffic Classification ◽  
Network Application ◽  
Packet Inspection

Network traffic classification is a vital task for service operators, network engineers, and security specialists to manage network traffic, design networks, and detect threats. Identifying the type/name of applications that generate traffic is a challenging task as encrypting traffic becomes the norm for Internet communication. Therefore, relying on conventional techniques such as deep packet inspection (DPI) or port numbers is not efficient anymore. This paper proposes a novel flow statistical-based set of features that may be used for classifying applications by leveraging machine learning algorithms to yield high accuracy in identifying the type of applications that generate the traffic. The proposed features compute different timings between packets and flows. This work utilises tcptrace to extract features based on traffic burstiness and periods of inactivity (idle time) for the analysed traffic, followed by the C5.0 algorithm for determining the applications that generated it. The evaluation tests performed on a set of real, uncontrolled traffic, indicated that the method has an accuracy of 79% in identifying the correct network application.

Sign in / Sign up

Export Citation Format

Share Document