WVA 180002 Deep Network Analytics: Granular network traffic classification using machine learning Muhammad Faiz bin Mohd Zaki Department of Computer System & Technology Universiti Malaya Supervisor: Associate Professor Dr. Nor Badrul Anuar bin Jumaat Co-Supervisor: Honorary Professor Dr. Abdullah bin Gani August 29, 2019
WVA 180002 Introduction Network traffic classification is a fundamental process in network management and security. It is a process of recognizing the originating application of particular traffic in the network. Network traffic classification has been around since the early 1990s. It is critical to various key technologies like quality of service (QoS) and intrusion detection system (IDS).
WVA 180002 Introduction (cont.) Wide range of applications translate to various techniques for network traffic classification by the research community. Accordingly, the large pool of available classification techniques also translates to varying level of classification granularity. Classification granularity heavily depends on the objective of the classification.
WVA 180002 Motivation The two main reasons that motivated this research are as follows: ▪ There are only few existing works that tried to carry out granular traffic classification (Bakhshi & Ghita, 2016; Yamansavacilar et al., 2017) ▪ The application of this research is endless e.g., parental filtering, IDS, QoS, ISP billing, targeted attack.
WVA 180002 Literature Review ▪ A large number of publication between 2013 - 2019, indicating continuous interest in the field. ▪ Moore, Nguyen and Armitage are among the prominent researchers in this field, producing a number of seminal papers (A. W. Moore & Papagiannaki, 2005; A. Moore et al., 2005; Nguyen & Armitage, 2008) ▪ There are five categories of classification output based on the literature: application protocol, type, name, service and binary classification. ▪ The trend is moving towards applying deep learning methods to automate feature selection and classification processes.
WVA 180002 Significance of Study ▪ Network administrators achieve greater control during network management. ▪ Ability to implement fine-grained network policy. ▪ Novel features for granular classification from this research paves way for application in various areas such as parental filtering.
WVA 180002 Statement of Problem ▪ Most works managed to classify down to application protocol (Camacho et al., 2013; Cao & Fang, 2016; Finsterbusch et al., 2014) ▪ Less focus on granular classification. ▪ Policy on coarse-grained classification affects the entire class. As such, this study attempts to research a method which is capable of classifying network traffic into granular services that exist within the originating application.
WVA 180002 Statement of Objectives The objectives of this study are as follows: ▪ To study appropriate discriminators to classify particular services within individual applications from network traffic. ▪ To design a method using machine learning to classify network traffic based on its application service. ▪ To develop a machine learning model to classify network traffic based on its application service. ▪ To evaluate the proposed model against live traffic and existing approaches using appropriate metrics.
WVA 180002 Scope of Research This study is primarily concerned with classifying applications into their granular services. The proposed model utilizes statistical features and behavioral patterns with machine learning. On initial grounds, this study covers encrypted and non-encrypted traffic in a high speed LAN of up to 1Gbps.
WVA 180002 Conclusion ▪ There is a need for granular network traffic classification to allow greater control over the network. ▪ This study proposed a granular network traffic classification that can classify network traffic down to its application service level. ▪ The proposed technique is non-intrusive and works on encrypted and unencrypted traffic in a high speed LAN of up to 1 Gbps. ▪ The outcome of this study paves way for application in various domains such as parental filtering and user profiling.
WVA 180002 References ▪ Bakhshi, T., & Ghita, B. (2016). On Internet Traffic Classification: A Two-Phased Machine Learning Approach. Journal of Computer Networks and Communications, 2016, 1–21. https://doi.org/10.1155/2016/2048302 ▪ Camacho, J., Padilla, P., García-Teodoro, P., & Díaz-Verdejo, J. (2013). A generalizable dynamic flow pairing method for traffic classification. Computer Networks, 57(14), 2718–2732. https://doi.org/10.1016/J.COMNET.2013.06.006 ▪ Cao, J., & Fang, Z. (2016). Network Traffic Classification using Genetic Algorithms based on Support Vector Machine. International Journal of Security and Its Applications, 10(2), 237–246. https://doi.org/10.14257/ijsia.2016.10.2.21 ▪ Finsterbusch, M., Richter, C., Rocha, E., Muller, J. A., & Hanssgen, K. (2014). A Survey of Payload-Based Traffic Classification Approaches. IEEE Communications Surveys & Tutorials, 16(2), 1135–1156. https://doi.org/10.1109/SURV.2013.100613.00161 ▪ Gil, G. D., Lashkari, A. H., Mamun, M., & Ghorbani, A. A. (2016). Characterization of encrypted and vpn traffic using time-related features. Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP 2016), 407–414.
WVA 180002 References (cont.) ▪ Moore, A. W., & Papagiannaki, K. (2005). Toward the Accurate Identification of Network Applications. In Proc. Passive and Active Measurement Workshop (PAM2005) (pp. 41– 54). https://doi.org/10.1007/978-3-540-31966-54 ▪ Moore, A., Zuev, D., & Crogan, M. (2005). Discriminators for use in flow-based classification. Retrieved from http://www.cl.cam.ac.uk/~awm22/publications/moore2005discriminators.pdf ▪ Nguyen, T. T. T., & Armitage, G. (2008). A survey of techniques for internet traffic classification using machine learning. IEEE Communications Surveys & Tutorials, 10(4), 56–76. https://doi.org/10.1109/SURV.2008.080406 ▪ Yamansavascilar, B., Guvensan, M. A., Yavuz, A. G., & Karsligil, M. E. (2017). Application identification via network traffic classification. 2017 International Conference on Computing, Networking and Communications (ICNC), 843–848. https://doi.org/10.1109/ICCNC.2017.7876241
mfaizmzaki
ryou0634
joisino
sosk
kentaroy47
yukinobaba
sgk
udonda
o_ob
shunk031
yumulab
nami_ogawa
naok615
jonyablonski
phodgson
eileencodes
bluesmoon
andyhume
deanohume
aarron
rocio
maggiecrowley
aki_iinuma
hannesfritz
