4 research outputs found
A Review on Features’ Robustness in High Diversity Mobile Traffic Classifications
Mobile traffics are becoming more dominant due to growing usage of mobile devices and proliferation of IoT. The influx of mobile traffics introduce some new challenges in traffic classifications; namely the diversity complexity and behavioral dynamism complexity. Existing traffic classifications methods are designed for classifying standard protocols and user applications with more deterministic behaviors in small diversity. Currently, flow statistics, payload signature and heuristic traffic attributes are some of the most effective features used to discriminate traffic classes. In this paper, we investigate the correlations of these features to the less-deterministic user application traffic classes based on corresponding classification accuracy. Then, we evaluate the impact of large-scale classification on feature's robustness based on sign of diminishing accuracy. Our experimental results consolidate the needs for unsupervised feature learning to address the dynamism of mobile application behavioral traits for accurate classification on rapidly growing mobile traffics
Attack visualization for intrusion detection system
Attacks detection and visualization is the process of attempting to identify instances of network misuse by comparing current activity against the expected actions of an intruder. Most current approaches to attack detection involve the use of rule-based expert systems to identify indications of known attacks. However, these techniques are less successful in identifying attacks, which vary from expected patterns. Artificial neural networks provide the potential to identify and classify network activity based on limited, incomplete, and nonlinear data sources. Presenting an approach to the process of Attack visualization that utilizes the analytical strengths of neural networks, and providing the results from a preliminary analysis of the network parameters being watched like Internet Protocol (IP) packet length, packet traffic, IP byte traffic, IP packet rate, IP byte rate, User Datagram Protocol (UDP) packet length, UDP packet traffic, UDP byte traffic, UDP packet rate, UDP byte rate, Heart Beat (HB) End-to-end delay, and HB Packet loss rate. Beside collected attack data, numerical simulated data was generated using the neural network sigmoids with Matlab. The characteristics of the obtained data showed lots of similarities with the actual collected network data. Further work is continuing to obtain different attack data using the Opnet simulating program
Numerical Analysis for Relevant Features in Intrusion Detection (NARFid)
Identification of cyber attacks and network services is a robust field of study in the machine learning community. Less effort has been focused on understanding the domain space of real network data in identifying important features for cyber attack and network service classification. Motivations for such work allow for anomaly detection systems with less requirements on data “sniffed” off the network, extraction of features from the traffic, reduced learning time of algorithms, and ideally increased classification performance of anomalous behavior. This thesis evaluates the usefulness of a good feature subset for the general classification task of identifying cyber attacks and network services. The generality of the selected features elucidates the relevance or irrelevance of the feature set for the classification task of intrusion detection. Additionally, the thesis provides an extension to the Bhattacharyya method, which selects features by means of inter-class separability (Bhattacharyya coefficient). The extension for multiple class problems selects a minimal set of features with the best separability across all class pairs. Several feature selection algorithms (e.g., accuracy rate with genetic algorithm, RELIEF-F, GRLVQI, median Bhattacharyya and minimum surface Bhattacharyya methods) create feature subsets that describe the decision boundary for intrusion detection problems. The selected feature subsets maintain or improve the classification performance for at least three out of the four anomaly detectors (i.e., classifiers) under test. The feature subsets, which illustrate generality for the intrusion detection problem, range in size from 12 to 27 features. The original feature set consists of 248 features. Of the feature subsets demonstrating generality, the extension to the Bhattacharyya method generates the second smallest feature subset. This thesis quantitatively demonstrates that a relatively small feature set may be used for intrusion detection with machine learning classifiers
Hierarchical TCP network traffic classification with adaptive optimisation
Nowadays, with the increasing deployment of modern packet-switching networks,
traffic classification is playing an important role in network administration. To
identify what kinds of traffic transmitting across networks can improve network
management in various ways, such as traffic shaping, differential services, enhanced
security, etc. By applying different policies to different kinds of traffic, Quality
of Service (QoS) can be achieved and the granularity can be as fine as flow-level.
Since illegal traffic can be identified and filtered, network security can be enhanced
by employing advanced traffic classification.
There are various traditional techniques for traffic classification. However,
some of them cannot handle traffic generated by applications using non-registered
ports or forged ports, some of them cannot deal with encrypted traffic and some
techniques require too much computational resources. The newly proposed technique
by other researchers, which uses statistical methods, gives an alternative
approach. It requires less resources, does not rely on ports and can deal with encrypted
traffic. Nevertheless, the performance of the classification using statistical
methods can be further improved.
In this thesis, we are aiming for optimising network traffic classification based
on the statistical approach. Because of the popularity of the TCP protocol, and
the difficulties for classification introduced by TCP traffic controls, our work is
focusing on classifying network traffic based on TCP protocol. An architecture has
been proposed for improving the classification performance, in terms of accuracy
and response time. Experiments have been taken and results have been evaluated
for proving the improved performance of the proposed optimised classifier.
In our work, network packets are reassembled into TCP flows. Then, the
statistical characteristics of flows are extracted. Finally the classes of input flows
can be determined by comparing them with the profiled samples. Instead of using only one algorithm for classifying all traffic flows, our proposed system employs
a series of binary classifiers, which use optimised algorithms to detect different
traffic classes separately. There is a decision making mechanism for dealing with
controversial results from the binary classifiers. Machining learning algorithms
including k-nearest neighbour, decision trees and artificial neural networks have
been taken into consideration together with a kind of non-parametric statistical
algorithm — Kolmogorov-Smirnov test. Besides algorithms, some parameters are
also optimised locally, such as detection windows, acceptance thresholds. This
hierarchical architecture gives traffic classifier more flexibility, higher accuracy
and less response time