Machine Learning to Automate Network Segregation for Enhanced Security in Industry 4.0

The heavy reliance of Industry 4.0 on emerging communication technologies, notably Industrial Internet-of-Things (IIoT) and Machine-Type Communications (MTC), and the increasing exposure of these traditionally isolated infrastructures to the Internet, are tremendously increasing the attack surface. Network segregation is a viable solution to address this problem. It essentially splits the network into several logical groups (subnetworks) and enforces adequate security policy on each segment, e.g., restricting unnecessary intergroup communications or controlling the access. However, existing segregation techniques primarily depend on manual configurations, which renders them inefficient for cyber-physical production systems because they are highly complex and heterogeneous environments with massive number of communicating machines. In this paper, we incorporate machine learning to automate network segregation, by efficiently classifying network end-devices into several groups through examining the traffic patterns that they generate. For performance evaluation, we analysed the data collected from a large segment of Infineon’s network in the context of the EU funded ECSEL-JU project “SemI40”. In particular, we applied feature selection and trained several supervised learning algorithms. Test results, using 10-fold cross validation, revealed that the algorithms generalise very well and achieve an accuracy up to 99.4%

Segmented Learning for Class-of-Service Network Traffic Classification

Class-of-service (CoS) network traffic classification (NTC) classifies a group of similar traffic applications. The CoS classification is advantageous in resource scheduling for Internet service providers and avoids the necessity of remodelling. Our goal is to find a robust, lightweight, and fast-converging CoS classifier that uses fewer data in modelling and does not require specialized tools in feature extraction. The commonality of statistical features among the network flow segments motivates us to propose novel segmented learning that includes essential vector representation and a simple-segment method of classification. We represent the segmented traffic in the vector form using the EVR. Then, the segmented traffic is modelled for classification using random forest. Our solution's success relies on finding the optimal segment size and a minimum number of segments required in modelling. The solution is validated on multiple datasets for various CoS services, including virtual reality (VR). Significant findings of the research work are i) Synchronous services that require acknowledgment and request to continue communication are classified with 99% accuracy, ii) Initial 1,000 packets in any session are good enough to model a CoS traffic for promising results, and we therefore can quickly deploy a CoS classifier, and iii) Test results remain consistent even when trained on one dataset and tested on a different dataset. In summary, our solution is the first to propose segmentation learning NTC that uses fewer features to classify most CoS traffic with an accuracy of 99%. The implementation of our solution is available on GitHub.Comment: The paper is accepted to be appeared in IEEE GLOBECOM 202

Time Series Analysis for Encrypted Traffic Classification: A Deep Learning Approach

© 2018 IEEE. We develop a novel time series feature extraction technique to address the encrypted traffic/application classification problem. The proposed method consists of two main steps. First, we propose a feature engineering technique to extract significant attributes of the encrypted network traffic behavior by analyzing the time series of receiving packets. In the second step, we develop a deep learning-based technique to exploit the correlation of time series data samples of the encrypted network applications. To evaluate the efficiency of the proposed solution on the encrypted traffic classification problem, we carry out intensive experiments on a raw network traffic dataset, namely VPN-nonVPN, with three conventional classifier metrics including Precision, Recall, and F1 score. The experimental results demonstrate that our proposed approach can significantly improve the performance in identifying encrypted application traffic in terms of accuracy and computation efficiency

Multilayer Feedforward Neural Network for Internet Traffic Classification

Recently, the efficient internet traffic classification has gained attention in order to improve service quality in IP networks. But the problem with the existing solutions is to handle the imbalanced dataset which has high uneven distribution of flows between the classes. In this paper, we propose a multilayer feedforward neural network architecture to handle the high imbalanced dataset. In the proposed model, we used a variation of multilayer perceptron with 4 hidden layers (called as mountain mirror networks) which does the feature transformation effectively. To check the efficacy of the proposed model, we used Cambridge dataset which consists of 248 features spread across 10 classes. Experimentation is carried out for two variants of the same dataset which is a standard one and a derived subset. The proposed model achieved an accuracy of 99.08% for highly imbalanced dataset (standard)

Online Classification of RTC Traffic

Real-time communication (RTC) platforms have become increasingly popular in the last decade, together with the spread of broadband Internet access. They are nowadays a fundamental means for connecting people and supporting the economy, which relies more and more on forms of remote working. In this context, it is particularly important to act at the network level to ensure adequate Quality of Experience (QoE) to users, where proper traffic management policies are essential to prioritize RTC traffic. This, in turn, requires in-network devices to identify RTC streams and the type of content they carry. In this paper, we propose a machine learning-based application to classify, in real-time, the media streams generated by RTC applications encapsulated in Secure Real Time Protocol (SRTP) flows. Using carefully tuned features extracted from packet characteristics, we train a model to classify streams into an ample set of classes, including media type (audio/video), video quality and redundant streams. To validate our approach, we use traffic from more than 88 hours of multi-party meeting calls made using the Cisco Webex Teams application. We reach an overall accuracy of 97% with a light-weight decision tree model, which makes decisions using only 1 second of traffic

Video Streaming Service Identification on Software-Defined Networking

It is well known that video streaming is the major network traffic today. Futhermore, the traffic generated by video streaming is expected to increase exponentially. On the other hand, SoftwareDefined Networking (SDN) has been considered a viable solution to cope with the complexity and increasing network traffic due to its centralised control and programmability features. These features, however, do not guarantee that network performance will not suffer as traffic grows. As result, understanding video traffic and optimising video traffic can aid in control various aspects of network performance, such as bandwidth utilisation, dynamic routing, and Quality of Service (QoS). This paper presents an approach to identify video streaming traffic in SDN and investigates the feasibility of using Knowledge-Defined Networking (KDN) in traffic classification. KDN is a networking paradigm that takes advantage of Artificial Intelligence (AI) by using Machine Learning approaches, which allows integrating behavioural models to detect patterns, like video streaming traffic identification, in SDN traffic. In our initial proof-of-concept, we derive the relevant information of network traffic in the form of flows statistics. Then, we used such information to train six ML models that can classify network traffic into three types, Video on Demand (VoD), Livestream, and no-video traffic. Our proof-of-concept demonstrates that our approach is applicable and that we can identify and classify video streaming traffic with 97.5% accuracy using the Decision Tree model

Listen to Minority: Encrypted Traffic Classification for Class Imbalance with Contrastive Pre-Training

Mobile Internet has profoundly reshaped modern lifestyles in various aspects. Encrypted Traffic Classification (ETC) naturally plays a crucial role in managing mobile Internet, especially with the explosive growth of mobile apps using encrypted communication. Despite some existing learning-based ETC methods showing promising results, three-fold limitations still remain in real-world network environments, 1) label bias caused by traffic class imbalance, 2) traffic homogeneity caused by component sharing, and 3) training with reliance on sufficient labeled traffic. None of the existing ETC methods can address all these limitations. In this paper, we propose a novel Pre-trAining Semi-Supervised ETC framework, dubbed PASS. Our key insight is to resample the original train dataset and perform contrastive pre-training without using individual app labels directly to avoid label bias issues caused by class imbalance, while obtaining a robust feature representation to differentiate overlapping homogeneous traffic by pulling positive traffic pairs closer and pushing negative pairs away. Meanwhile, PASS designs a semi-supervised optimization strategy based on pseudo-label iteration and dynamic loss weighting algorithms in order to effectively utilize massive unlabeled traffic data and alleviate manual train dataset annotation workload. PASS outperforms state-of-the-art ETC methods and generic sampling approaches on four public datasets with significant class imbalance and traffic homogeneity, remarkably pushing the F1 of Cross-Platform215 with 1.31%, ISCX-17 with 9.12%. Furthermore, we validate the generality of the contrastive pre-training and pseudo-label iteration components of PASS, which can adaptively benefit ETC methods with diverse feature extractors.Comment: Accepted by 2023 20th Annual IEEE International Conference on Sensing, Communication, and Networking, 9 pages, 6 figure

Çok Katmanlı Algılayıcı ile Ağ Trafiği Sınıflandırma Analizi

Çevrimiçi ağ trafiği sınıflandırması, uzun vadeli ilginin odak noktası olmaya devam ediyor. Ağ trafiğini izleme ve ağ trafiği analizi birçok farklı yoldan yapılabilir. Ağ trafiğini izleme, hizmet kalitesi (QoS) için ham veri girişi sağlar ve bu da ağ analistine ağ kaynaklarını nasıl kullandığını anlama ve ağ performansını belirleme olanağı sağlar. Bu bilgi ile ağ analisti, ağ kaynaklarını kontrol etmek ve yönetmek için QoS politikalarını belirleyebilir. Ağ trafiğinin izlenmesi akademik araştırma için modeller oluşturmak için de kullanılabilir. Bu makalede derin öğrenme algoritması kullanılarak ağ trafiğini doğru şekilde sınıflandıran bir makine öğrenme yaklaşımı sunulmuştur. Aynı zamanda bu çalışmada diğer makine öğrenme algoritmaları ile karşılaştırmalar yapılmıştır. Çok Katmanlı Algılayıcı (MLP), ağın sınıflandırıcısını oluşturmak için kullanılmıştır. Deney sonuçları derin öğrenme algoritmasının diğer algoritmalardan daha iyi sonuç verdiğini ve sınıflandırmada %99,0233 Detection Rate (DR) değerine, %78,3941 doğruluğa (ACC) sahip olduğunu göstermiştir