Network Traffic Classification Model Based on Attention Mechanism and Spatiotemporal Features

Abstract Traffic classification has been widely used in network security and network management. Previous research has focused on mapping network traffic to different non-encrypted applications, However, there are few researches on network traffic classification of encryption applications, especially the underlying traffic of encryption application. In order to solve the above problems, this paper proposes a network encrypted traffic classification model which combines attention mechanism with spatial and temporal characteristics. The model first uses LSTM (Long ShortTerm Memory) to analyze the time series of the continuous network flows and find out the time characteristics between the network flows. Secondly, CNN(Convolutional Neural Network) is used to extract the high-order spatial features of the network flow, and then the high-order spatial features are weighted and redistributed through the SE(Squeeze and Excitation)module to obtain the key spatial features of encrypted traffic. Finally, through the two-stage training and learning , fast classification of network flow is achieved. The main advantages of this model are as follows: 1) the mapping relationship between network flow and corresponding labels is constructed end-to-end without manual extraction of network flow characteristics; 2)It has a powerful generalization ability which is able to be compatible with different types of data sets; 3) there is still a high recognition rate for encryption application and the underlying traffic of encryption application. The experimental results show that this model can be well qualified for the classification of non-encrypted and encrypted application, moreover, greatly improves the classification accuracy of the underlying traffic of encryption application.

Download Full-text

Network Traffic Classification Using Deep Learning

International Journal of Artificial Intelligence Tools ◽

10.1142/s0218213020400084 ◽

2020 ◽

Vol 29 (07n08) ◽

pp. 2040008

Author(s):

Lei Chen ◽

Jian Liu ◽

Ming Xian

Keyword(s):

Network Traffic ◽

Open Data ◽

Internet Security ◽

Classification Model ◽

Traffic Classification ◽

Test Results ◽

Data Set ◽

Internet Applications ◽

Network Traffic Classification

The large amount of network traffic generated by Internet applications brings great challenges to Internet security. In order to facilitate network management and realize automatic classification of network traffic, this paper proposes a network traffic classification model NTCNET based on CNNs. Use open data set to do simulation verification experiment, then compare the test results with a variety of traditional classification methods. The experimental results shows that the constructed traffic classification model NTCNET has better precision, robustness and accuracy, with an accuracy of 99.66%.

Download Full-text

Robot Communication: Network Traffic Classification Based on Deep Neural Network

Frontiers in Neurorobotics ◽

10.3389/fnbot.2021.648374 ◽

2021 ◽

Vol 15 ◽

Author(s):

Mengmeng Ge ◽

Xiangzhan Yu ◽

Likun Liu

Keyword(s):

Neural Network ◽

Network Traffic ◽

Short Term Memory ◽

Traffic Classification ◽

Classification Framework ◽

Network Traffic Classification ◽

Scalar Input ◽

Memory Network ◽

Encrypted Traffic ◽

Robot Communication

With the rapid popularization of robots, the risks brought by robot communication have also attracted the attention of researchers. Because current traffic classification methods based on plaintext cannot classify encrypted traffic, other methods based on statistical analysis require manual extraction of features. This paper proposes (i) a traffic classification framework based on a capsule neural network. This method has a multilayer neural network that can automatically learn the characteristics of the data stream. It uses capsule vectors instead of a single scalar input to effectively classify encrypted network traffic. (ii) For different network structures, a classification network structure combining convolution neural network and long short-term memory network is proposed. This structure has the characteristics of learning network traffic time and space characteristics. Experimental results show that the network model can classify encrypted traffic and does not require manual feature extraction. And on the basis of the previous tool, the recognition accuracy rate has increased by 8%

Download Full-text

A New Network Traffic Classification Method Based on Optimized Hadamard Matrix and ECOC-SVM

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.989-994.1895 ◽

2014 ◽

Vol 989-994 ◽

pp. 1895-1900

Author(s):

Hong Zhi Wang ◽

Li Hui Yan

Keyword(s):

Network Traffic ◽

Classification Accuracy ◽

Hadamard Matrix ◽

Classification Method ◽

Traffic Classification ◽

Classification Methods ◽

Computational Burden ◽

Network Traffic Classification ◽

Encrypted Traffic

The traditional network traffic classification methods have many shortcomings, the classification accuracy is not high, the encrypted traffic cannot be analyzed, and the computational burden is usually large. To overcome above problems, this paper presents a new network traffic classification method based on optimized Hadamard matrix and ECOC. Through restructuring the Hadamard matrix and erasing the interference rows and columns, the ECOC table is optimized while eliminating SVM sample imbalance, and the error correcting ability for classification is reserved. The experiments results show that the proposed method outperform in network traffic classification and improve the classification accuracy.

Download Full-text

Network Intrusion Detection Based on an Efficient Neural Architecture Search

Symmetry ◽

10.3390/sym13081453 ◽

2021 ◽

Vol 13 (8) ◽

pp. 1453

Author(s):

Renjian Lyu ◽

Mingshu He ◽

Yu Zhang ◽

Lei Jin ◽

Xinlei Wang

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Network Traffic ◽

Traffic Monitoring ◽

Classification Model ◽

Network Intrusion Detection ◽

Traffic Classification ◽

Neural Architecture ◽

Network Intrusion ◽

Network Traffic Classification

Deep learning has been applied in the field of network intrusion detection and has yielded good results. In malicious network traffic classification tasks, many studies have achieved good performance with respect to the accuracy and recall rate of classification through self-designed models. In deep learning, the design of the model architecture greatly influences the results. However, the design of the network model architecture usually requires substantial professional knowledge. At present, the focus of research in the field of traffic monitoring is often directed elsewhere. Therefore, in the classification task of the network intrusion detection field, there is much room for improvement in the design and optimization of the model architecture. A neural architecture search (NAS) can automatically search the architecture of the model under the premise of a given optimization goal. For this reason, we propose a model that can perform NAS in the field of network traffic classification and search for the optimal architecture suitable for traffic detection based on the network traffic dataset. Each layer of our depth model is constructed according to the principle of maximum coding rate attenuation, which has strong consistency and symmetry in structure. Compared with some manually designed network architectures, classification indicators, such as Top-1 accuracy and F1 score, are also greatly improved while ensuring the lightweight nature of the model. In addition, we introduce a surrogate model in the search task. Compared to using the traditional NAS model to search the network traffic classification model, our NAS model greatly improves the search efficiency under the premise of ensuring that the results are not substantially different. We also manually adjust some operations in the search space of the architecture search to find a set of model operations that are more suitable for traffic classification. Finally, we apply the searched model to other traffic datasets to verify the universality of the model. Compared with several common network models in the traffic field, the searched model (NAS-Net) performs better, and the classification effect is more accurate.

Download Full-text

Improved KNN Algorithm for Fine-Grained Classification of Encrypted Network Flow

Electronics ◽

10.3390/electronics9020324 ◽

2020 ◽

Vol 9 (2) ◽

pp. 324 ◽

Cited By ~ 1

Author(s):

Chencheng Ma ◽

Xuehui Du ◽

Lifeng Cao

Keyword(s):

Network Flow ◽

Nearest Neighbor ◽

Network Flows ◽

Supervised Machine Learning ◽

Traffic Classification ◽

K Nearest Neighbor ◽

Content Type ◽

Fine Grained ◽

Feature Weight

The fine-grained classification of encrypted traffic is important for network security analysis. Malicious attacks are usually encrypted and simulated as normal application or content traffic. Supervised machine learning methods are widely used for traffic classification and show good performances. However, they need a large amount of labeled data to train a model, while labeled data is hard to obtain. Aiming at solving this problem, this paper proposes a method to train a model based on the K-nearest neighbor (KNN) algorithm, which only needs a small amount of data. Due to the fact that the importance of different traffic features varies, and traditional KNN does not highlight the importance of different features, this study introduces the concept of feature weight and proposes the weighted feature KNN (WKNN) algorithm. Furthermore, to obtain the optimal feature set and the corresponding feature weight set, a feature selection and feature weight self-adaptive algorithm for WKNN is proposed. In addition, a three-layer classification framework for encrypted network flows is established. Based on the improved KNN and the framework, this study finally presents a method for fine-grained classification of encrypted network flows, which can identify the encryption status, application type and content type of encrypted network flows with high accuracies of 99.3%, 92.4%, and 97.0%, respectively.

Download Full-text

Ransomware Traffic Classification Using Deep Learning Models

International Journal of Web Portals ◽

10.4018/ijwp.2020010101 ◽

2020 ◽

Vol 12 (1) ◽

pp. 1-11

Author(s):

Arivudainambi D. ◽

Varun Kumar K.A. ◽

Vinoth Kumar R. ◽

Visu P.

Keyword(s):

Deep Learning ◽

Real Time ◽

Network Traffic ◽

Classification Model ◽

Traffic Classification ◽

Learning Models ◽

Learning Methods ◽

Novel Method

Ransomware is a malware which affects the systems data with modern encryption techniques, and the data is recovered once a ransom amount is paid. In this research, the authors show how ransomware propagates and infects devices. Live traffic classifications of ransomware have been meticulously analyzed. Further, a novel method for the classification of ransomware traffic by using deep learning methods is presented. Based on classification, the detection of ransomware is approached with the characteristics of the network traffic and its communications. In more detail, the behavior of popular ransomware, Crypto Wall, is analyzed and based on this knowledge, a real-time ransomware live traffic classification model is proposed.

Download Full-text

An Improved Network Traffic Classification Model Based on a Support Vector Machine

Symmetry ◽

10.3390/sym12020301 ◽

2020 ◽

Vol 12 (2) ◽

pp. 301 ◽

Cited By ~ 1

Author(s):

Jie Cao ◽

Da Wang ◽

Zhaoyang Qu ◽

Hongyu Sun ◽

Bin Li ◽

...

Keyword(s):

Support Vector Machine ◽

Feature Selection ◽

Network Traffic ◽

Feature Selection Method ◽

Selection Method ◽

Classification Model ◽

Support Vector ◽

Traffic Classification ◽

Generalization Ability ◽

Network Traffic Classification

Network traffic classification based on machine learning is an important branch of pattern recognition in computer science. It is a key technology for dynamic intelligent network management and enhanced network controllability. However, the traffic classification methods still facing severe challenges: The optimal set of features is difficult to determine. The classification method is highly dependent on the effective characteristic combination. Meanwhile, it is also important to balance the experience risk and generalization ability of the classifier. In this paper, an improved network traffic classification model based on a support vector machine is proposed. First, a filter-wrapper hybrid feature selection method is proposed to solve the false deletion of combined features caused by a traditional feature selection method. Second, to balance the empirical risk and generalization ability of support vector machine (SVM) traffic classification model, an improved parameter optimization algorithm is proposed. The algorithm can dynamically adjust the quadratic search area, reduce the density of quadratic mesh generation, improve the search efficiency of the algorithm, and prevent the over-fitting while optimizing the parameters. The experiments show that the improved traffic classification model achieves higher classification accuracy, lower dimension and shorter elapsed time and performs significantly better than traditional SVM and the other three typical supervised ML algorithms.

Download Full-text

A Novel Way to Generate Adversarial Network Traffic Samples against Network Traffic Classification

Wireless Communications and Mobile Computing ◽

10.1155/2021/7367107 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Yongjin Hu ◽

Jin Tian ◽

Jun Ma

Keyword(s):

Neural Networks ◽

Convolutional Neural Networks ◽

Image Recognition ◽

Network Traffic ◽

Classification Model ◽

Traffic Classification ◽

Deep Convolutional Neural Networks ◽

Adversarial Network ◽

Network Traffic Classification ◽

Normal Network

Network traffic classification technologies could be used by attackers to implement network monitoring and then launch traffic analysis attacks or website fingerprint attacks. In order to prevent such attacks, a novel way to generate adversarial samples of network traffic from the perspective of the defender is proposed. By adding perturbation to the normal network traffic, a kind of adversarial network traffic is formed, which will cause misclassification when the attackers are implementing network traffic classification with deep convolutional neural networks (CNN) as a classification model. The paper uses the concept of adversarial samples in image recognition for reference to the field of network traffic classification and chooses several different methods to generate adversarial samples of network traffic. The experiment, in which the LeNet-5 CNN is selected as a classification model used by attackers and Vgg16 CNN is selected as the model to test the transferability of the adversarial network traffic generated, shows the effect of the adversarial network traffic samples.

Download Full-text