706 research outputs found
Multitask Learning for Network Traffic Classification
Traffic classification has various applications in today's Internet, from
resource allocation, billing and QoS purposes in ISPs to firewall and malware
detection in clients. Classical machine learning algorithms and deep learning
models have been widely used to solve the traffic classification task. However,
training such models requires a large amount of labeled data. Labeling data is
often the most difficult and time-consuming process in building a classifier.
To solve this challenge, we reformulate the traffic classification into a
multi-task learning framework where bandwidth requirement and duration of a
flow are predicted along with the traffic class. The motivation of this
approach is twofold: First, bandwidth requirement and duration are useful in
many applications, including routing, resource allocation, and QoS
provisioning. Second, these two values can be obtained from each flow easily
without the need for human labeling or capturing flows in a controlled and
isolated environment. We show that with a large amount of easily obtainable
data samples for bandwidth and duration prediction tasks, and only a few data
samples for the traffic classification task, one can achieve high accuracy. We
conduct two experiment with ISCX and QUIC public datasets and show the efficacy
of our approach
Multi-view Multi-label Anomaly Network Traffic Classification based on MLP-Mixer Neural Network
Network traffic classification is the basis of many network security
applications and has attracted enough attention in the field of cyberspace
security. Existing network traffic classification based on convolutional neural
networks (CNNs) often emphasizes local patterns of traffic data while ignoring
global information associations. In this paper, we propose a MLP-Mixer based
multi-view multi-label neural network for network traffic classification.
Compared with the existing CNN-based methods, our method adopts the MLP-Mixer
structure, which is more in line with the structure of the packet than the
conventional convolution operation. In our method, the packet is divided into
the packet header and the packet body, together with the flow features of the
packet as input from different views. We utilize a multi-label setting to learn
different scenarios simultaneously to improve the classification performance by
exploiting the correlations between different scenarios. Taking advantage of
the above characteristics, we propose an end-to-end network traffic
classification method. We conduct experiments on three public datasets, and the
experimental results show that our method can achieve superior performance.Comment: 15 pages,6 figure
AutoML4ETC: Automated Neural Architecture Search for Real-World Encrypted Traffic Classification
Deep learning (DL) has been successfully applied to encrypted network traffic
classification in experimental settings. However, in production use, it has
been shown that a DL classifier's performance inevitably decays over time.
Re-training the model on newer datasets has been shown to only partially
improve its performance. Manually re-tuning the model architecture to meet the
performance expectations on newer datasets is time-consuming and requires
domain expertise. We propose AutoML4ETC, a novel tool to automatically design
efficient and high-performing neural architectures for encrypted traffic
classification. We define a novel, powerful search space tailored specifically
for the near real-time classification of encrypted traffic using packet header
bytes. We show that with different search strategies over our search space,
AutoML4ETC generates neural architectures that outperform the state-of-the-art
encrypted traffic classifiers on several datasets, including public benchmark
datasets and real-world TLS and QUIC traffic collected from the Orange mobile
network. In addition to being more accurate, AutoML4ETC's architectures are
significantly more efficient and lighter in terms of the number of parameters.
Finally, we make AutoML4ETC publicly available for future research.Comment: 14 pages, 13 figure
Network Traffic Classification Based on External Attention by IP Packet Header
As the emerging services have increasingly strict requirements on quality of
service (QoS), such as millisecond network service latency ect., network
traffic classification technology is required to assist more advanced network
management and monitoring capabilities. So far as we know, the delays of
flow-granularity classification methods are difficult to meet the real-time
requirements for too long packet-waiting time, whereas the present
packet-granularity classification methods may have problems related to privacy
protection due to using excessive user payloads. To solve the above problems,
we proposed a network traffic classification method only by the IP packet
header, which satisfies the requirements of both user's privacy protection and
classification performances. We opted to remove the IP address from the header
information of the network layer and utilized the remaining 12-byte IP packet
header information as input for the model. Additionally, we examined the
variations in header value distributions among different categories of network
traffic samples. And, the external attention is also introduced to form the
online classification framework, which performs well for its low time
complexity and strong ability to enhance high-dimensional classification
features. The experiments on three open-source datasets show that our average
accuracy can reach upon 94.57%, and the classification time is shortened to
meet the real-time requirements (0.35ms for a single packet).Comment: 12 pages, 5 figure
Using deep learning to classify community network traffic
Traffic classification is an important aspect of network management. This aspect improves the quality of service, traffic engineering, bandwidth management and internet security. Traffic classification methods continue to evolve due to the ever-changing dynamics of modern computer networks and the traffic they generate. Numerous studies on traffic classification make use of the Machine Learning (ML) and single Deep Learning (DL) models. ML classification models are effective to a certain degree. However, studies have shown they record low prediction and accuracy scores. In contrast, the proliferation of various deep learning techniques has recorded higher accuracy in traffic classification. The Deep Learning models have been successful in identifying encrypted network traffic. Furthermore, DL learns new features without the need to do much feature engineering compared to ML or Traditional methods. Traditional methods are inefficient in meeting the demands of ever-changing requirements of networks and network applications. Traditional methods are unfeasible and costly to maintain as they need constant updates to maintain their accuracy. In this study, we carry out a comparative analysis by adopting an ML model (Support Vector Machine) against the DL Models (Convolutional Neural Networks (CNN), Gated Recurrent Unit (GRU) and a hybrid model: CNNGRU to classify encrypted internet traffic collected from a community network. In this study, we performed a comparative analysis by adopting an ML model (Support vector machine). Machine against DL models (Convolutional Neural networks (CNN), Gated Recurrent Unit (GRU) and a hybrid model: CNNGRU) and to classify encrypted internet traffic that was collected from a community network. The results show that DL models tend to generalise better with the dataset in comparison to ML. Among the deep Learning models, the hybrid model outperformed all the other models in terms of accuracy score. However, the model that had the best accuracy rate was not necessarily the one that took the shortest time when it came to prediction speed considering that it was more complex. Support vector machines outperformed the deep learning models in terms of prediction speed
An Effective Cost-Sensitive Convolutional Neural Network for Network Traffic Classification
The volume, and density of computer network traffic are increasing dramatically with the technology advancements, which has led to the emergence of various new protocols. Analyzing the huge data in large business networks has become important for the owners of those networks. As the majority of the developed applications need to guarantee the network services, while some traditional applications may work well enough without a specific service level. Therefore, the performance requirements of future internet traffic will increase to a higher level. Increasing pressure on the performance of computer networks requires addressing several issues, such as maintaining the scalability of new service architectures, establishing control protocols for routing, and distributing information to identified traffic streams. The main concern is flow detection and traffic detection mechanisms to help establish traffic control policies. A cost-sensitive deep learning approach for encrypted traffic classification has been proposed in this research, to confront the effect of the class imbalance problem on the low-frequency traffic data detection. The developed model can attain a high level of performance, particularly for low-frequency traffic data. It outperformed the other traffic classification methods
- …