Towards Efficient and Scalable Machine Learning-Based QoS Traffic Classification in Software-Defined Network

In recent years, privacy awareness is concerned due to many Internet services have chosen to use encrypted agreements. In order to improve the quality of service (QoS), the network encrypted traffic behaviors are classified based on machine learning discussed in this paper. However, the traditional traffic classification methods, such as IP/ASN (Autonomous System Number) analysis, Port-based and deep packet inspection, etc., can classify traffic behavior, but cannot effectively handle encrypted traffic. Thus, this paper proposed a hybrid traffic classification (HTC) method based on machine learning and combined with IP/ASN analysis with deep packet inspection. Moreover, the majority voting method was also used to quickly classify different QoS traffic accurately. Experimental results show that the proposed HTC method can effectively classify different encrypted traffic. The classification accuracy can be further improved by 10% with majority voting as K = 13. Especially when the networking data are using the same protocol, the proposed HTC can effectively classify the traffic data with different behaviors with the differentiated services code point (DSCP) mark.

Download Full-text

MODC: A Pareto-Optimal Optimization Approach for Network Traffic Classification Based on the Divide and Conquer Strategy

Information ◽

10.3390/info9090233 ◽

2018 ◽

Vol 9 (9) ◽

pp. 233 ◽

Cited By ~ 1

Author(s):

Zuleika Nascimento ◽

Djamel Sadok

Keyword(s):

Machine Learning ◽

Network Traffic ◽

Machine Learning Algorithms ◽

Divide And Conquer ◽

Pareto Optimal ◽

Optimization Approach ◽

Traffic Classification ◽

Multi Objective ◽

Network Traffic Classification ◽

Changes Over Time

Network traffic classification aims to identify categories of traffic or applications of network packets or flows. It is an area that continues to gain attention by researchers due to the necessity of understanding the composition of network traffics, which changes over time, to ensure the network Quality of Service (QoS). Among the different methods of network traffic classification, the payload-based one (DPI) is the most accurate, but presents some drawbacks, such as the inability of classifying encrypted data, the concerns regarding the users’ privacy, the high computational costs, and ambiguity when multiple signatures might match. For that reason, machine learning methods have been proposed to overcome these issues. This work proposes a Multi-Objective Divide and Conquer (MODC) model for network traffic classification, by combining, into a hybrid model, supervised and unsupervised machine learning algorithms, based on the divide and conquer strategy. Additionally, it is a flexible model since it allows network administrators to choose between a set of parameters (pareto-optimal solutions), led by a multi-objective optimization process, by prioritizing flow or byte accuracies. Our method achieved 94.14% of average flow accuracy for the analyzed dataset, outperforming the six DPI-based tools investigated, including two commercial ones, and other machine learning-based methods.

Download Full-text

A survey of techniques for internet traffic classification using machine learning

IEEE Communications Surveys & Tutorials ◽

10.1109/surv.2008.080406 ◽

2008 ◽

Vol 10 (4) ◽

pp. 56-76 ◽

Cited By ~ 769

Author(s):

Thuy T.T. Nguyen ◽

Grenville Armitage

Keyword(s):

Machine Learning ◽

Internet Traffic ◽

Traffic Classification ◽

Internet Traffic Classification

Download Full-text

Interpretability Framework of Network Security Traffic Classification Based on Machine Learning

Lecture Notes in Computer Science - Artificial Intelligence and Security ◽

10.1007/978-3-030-78612-0_25 ◽

2021 ◽

pp. 305-320

Author(s):

Mingshu He ◽

Lei Jin ◽

Mei Song

Keyword(s):

Machine Learning ◽

Network Security ◽

Traffic Classification

Download Full-text

Machine Learning in Spark for Attack Traffic Classification in IoT Devices Using Protocol Usage Statistics

Algorithms for Intelligent Systems - Proceedings of International Conference on Innovations in Information and Communication Technologies ◽

10.1007/978-981-16-0873-5_1 ◽

2021 ◽

pp. 1-11

Author(s):

Xiaojian Wang ◽

Sikha Bagui ◽

Subhash Bagui

Keyword(s):

Machine Learning ◽

Traffic Classification ◽

Iot Devices

Download Full-text

An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers

Applied Sciences ◽

10.3390/app9112375 ◽

2019 ◽

Vol 9 (11) ◽

pp. 2375 ◽

Cited By ~ 7

Author(s):

Riaz Ullah Khan ◽

Xiaosong Zhang ◽

Rajesh Kumar ◽

Abubakar Sharif ◽

Noorbakhsh Amiri Golilarz ◽

...

Keyword(s):

Machine Learning ◽

Decision Tree ◽

Network Traffic ◽

Traffic Classification ◽

Decision Tree Classifier ◽

Machine Learning Classifiers ◽

Learning Classifiers ◽

Average Accuracy ◽

Final Layer ◽

Tree Classifier

In recent years, the botnets have been the most common threats to network security since it exploits multiple malicious codes like a worm, Trojans, Rootkit, etc. The botnets have been used to carry phishing links, to perform attacks and provide malicious services on the internet. It is challenging to identify Peer-to-peer (P2P) botnets as compared to Internet Relay Chat (IRC), Hypertext Transfer Protocol (HTTP) and other types of botnets because P2P traffic has typical features of the centralization and distribution. To resolve the issues of P2P botnet identification, we propose an effective multi-layer traffic classification method by applying machine learning classifiers on features of network traffic. Our work presents a framework based on decision trees which effectively detects P2P botnets. A decision tree algorithm is applied for feature selection to extract the most relevant features and ignore the irrelevant features. At the first layer, we filter non-P2P packets to reduce the amount of network traffic through well-known ports, Domain Name System (DNS). query, and flow counting. The second layer further characterized the captured network traffic into non-P2P and P2P. At the third layer of our model, we reduced the features which may marginally affect the classification. At the final layer, we successfully detected P2P botnets using decision tree Classifier by extracting network communication features. Furthermore, our experimental evaluations show the significance of the proposed method in P2P botnets detection and demonstrate an average accuracy of 98.7%.

Download Full-text

Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey

IEEE Communications Surveys & Tutorials ◽

10.1109/comst.2018.2883147 ◽

2019 ◽

Vol 21 (2) ◽

pp. 1988-2014 ◽

Cited By ~ 21

Author(s):

Fannia Pacheco ◽

Ernesto Exposito ◽

Mathieu Gineste ◽

Cedric Baudoin ◽

Jose Aguilar

Keyword(s):

Machine Learning ◽

Network Traffic ◽

Traffic Classification ◽

Systematic Survey ◽

Network Traffic Classification

Download Full-text