Application-Based Online Traffic Classification with Deep Learning Models on SDN Networks

The traffic classification based on the network applications is one important issue for network management. In this paper, we propose an application-based online and offline traffic classification, based on deep learning mechanisms, over software-defined network (SDN) testbed. The designed deep learning model, resigned in the SDN controller, consists of multilayer perceptron (MLP), convolutional neural network (CNN), and Stacked Auto-Encoder (SAE), in the SDN testbed. We employ an open network traffic dataset with seven most popular applications as the deep learning training and testing datasets. By using the TCPreplay tool, the dataset traffic samples are re-produced and analyzed in our SDN testbed to emulate the online traffic service. The performance analyses, in terms of accuracy, precision, recall, and F1 indicators, are conducted and compared with three deep learning models

Deep Learning for Network Traffic Monitoring and Analysis (NTMA): A Survey

Modern communication systems and networks, e.g., Internet of Things (IoT) and cellular networks, generate a massive and heterogeneous amount of traffic data. In such networks, the traditional network management techniques for monitoring and data analytics face some challenges and issues, e.g., accuracy, and effective processing of big data in a real-time fashion. Moreover, the pattern of network traffic, especially in cellular networks, shows very complex behavior because of various factors, such as device mobility and network heterogeneity. Deep learning has been efficiently employed to facilitate analytics and knowledge discovery in big data systems to recognize hidden and complex patterns. Motivated by these successes, researchers in the field of networking apply deep learning models for Network Traffic Monitoring and Analysis (NTMA) applications, e.g., traffic classification and prediction. This paper provides a comprehensive review on applications of deep learning in NTMA. We first provide fundamental background relevant to our review. Then, we give an insight into the confluence of deep learning and NTMA, and review deep learning techniques proposed for NTMA applications. Finally, we discuss key challenges, open issues, and future research directions for using deep learning in NTMA applications.publishedVersio

Darknet traffic classification and adversarial attacks using machine learning

The anonymous nature of darknets is commonly exploited for illegal activities. Previous research has employed machine learning and deep learning techniques to automate the detection of darknet traffic in an attempt to block these criminal activities. This research aims to improve darknet traffic detection by assessing a wide variety of machine learning and deep learning techniques for the classification of such traffic and for classification of the underlying application types. We find that a Random Forest model outperforms other state-of-the-art machine learning techniques used in prior work with the CIC-Darknet2020 dataset. To evaluate the robustness of our Random Forest classifier, we obfuscate select application type classes to simulate realistic adversarial attack scenarios. We demonstrate that our best-performing classifier can be degraded by such attacks, and we consider ways to effectively deal with such adversarial attacks

System for in-depth analysis of network traffic based on artificial intelligence technologies

The relevance of research is explained by the need to improve the network traffic analysis systems, including deep analysis systems, taking into account existing threats and vulnerabilities of network equipment and software of computer networks based on methods and algorithms of machine learning: • traffic analysis systems are widely used in monitoring network activity of some users or a specific user and restricting the client's access to certain types of services – VPN, HTTPS, which makes content analysis impossible; • such decisions may limit the access to prohibited resources in order to comply with legal requirements for methods of restricting access to information resources applied in accordance with the Federal Law “On Information, Information Technologies and Information Protection”. Network traffic analysis methods with the goal of defining an application layer protocol without traditional means of deep package inspection (DPI) are considered under conditions when the payload is encrypted (for example, TLS / SSL protocol). The novelty lies in the development of algorithms for analyzing network traffic on the basis of a neural network. This method differs in the way of features generation and selection, which allows classifying the existing traffic of protected connections of selected users according to a predefined set of categories. Keywords: Deep network traffic analysis, computer network, traffic encryption, VPN, neural network traffic analysis model, random trees committeeThis work is partially supported by the Russian Science Foundation under grants No 17-07-00351

Ecrypted Network Classification With Deep Learning

Дисертація складається з 84 сторінок, 59 Цифри та 29 джерел у довідковому списку. Проблема: Оскільки світ стає більш безпечним, для забезпечення належної передачі даних між сторонами, що спілкуються, було використано більше протоколів шифрування. Класифікація мережі стала більше клопоту з використанням деяких прийомів, оскільки перевірка зашифрованого трафіку в деяких країнах може бути незаконною. Це заважає інженерам мережі мати можливість класифікувати трафік, щоб відрізняти зашифрований від незашифрованого трафіку. Мета роботи: Ця стаття спрямована на проблему, спричинену попередніми методами, використовуваними в шифрованій мережевій класифікації. Деякі з них обмежені розміром даних та обчислювальною потужністю. У даній роботі використовується рішення алгоритму глибокого навчання для вирішення цієї проблеми. Основні завдання дослідження: 1. Порівняйте попередні традиційні методи та порівняйте їх переваги та недоліки 2. Вивчити попередні супутні роботи у сучасній галузі досліджень. 3. Запропонуйте більш сучасний та ефективний метод та алгоритм для зашифрованої класифікації мережевого трафіку Об'єкт дослідження: Простий алгоритм штучної нейронної мережі для точної та надійної класифікації мережевого трафіку, що не залежить від розміру даних та обчислювальної потужності. Предмет дослідження: На основі даних, зібраних із приватного потоку трафіку у нашому власному інструменті моделювання мережі. За 4 допомогою запропонованого нами методу визначаємо відмінності корисних навантажень мережевого трафіку та класифікуємо мережевий трафік. Це допомогло відокремити або класифікувати зашифровані від незашифрованого трафіку. Методи дослідження: Експериментальний метод. Ми провели наш експеримент із моделюванням мережі та збиранням трафіку різних незашифрованих протоколів та зашифрованих протоколів. Використовуючи мову програмування python та бібліотеку Keras, ми розробили згорнуту нейронну мережу, яка змогла прийняти корисне навантаження зібраного трафіку, навчити модель та класифікувати трафік у нашому тестовому наборі з високою точністю без вимоги високої обчислювальної потужності.This dissertation consists of 84 pages, 59 Figures and 29 sources in the reference list. Problem: As the world becomes more security conscious, more encryption protocols have been employed in ensuring suecure data transmission between communicating parties. Network classification has become more of a hassle with the use of some techniques as inspecting encrypted traffic can pose to be illegal in some countries. This has hindered network engineers to be able to classify traffic to differentiate encrypted from unencrypted traffic. Purpose of work: This paper aims at the problem caused by previous techniques used in encrypted network classification. Some of which are limited to data size and computational power. This paper employs the use of deep learning algorithm to solve this problem. The main tasks of the research: 1. Compare previous traditional techniques and compare their advantages and disadvantages 2. Study previous related works in the current field of research. 3. Propose a more modern and efficient method and algorithm for encrypted network traffic classification The object of research: Simple artificial neural network algorithm for accurate and reliable network traffic classification that is independent of data size and computational power. The subject of research: Based on data collected from private traffic flow in our own network simulation tool. We use our proposed method to identify the differences in network traffic payloads and classify network traffic. It helped to separate or classify encrypted from unencrypted traffic. 6 Research methods: Experimental method. We have carried out our experiment with network simulation and gathering traffic of different unencrypted protocols and encrypted protocols. Using python programming language and the Keras library we developed a convolutional neural network that was able to take in the payload of the traffic gathered, train the model and classify the traffic in our test set with high accuracy without the requirement of high computational power

Machine learning approach for detection of nonTor traffic

Intrusion detection has attracted a considerable interest from researchers and industry. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymizing the identity of internet users connecting through a series of tunnels and nodes. This work identifies two problems; classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users in using the UNB-CIC Tor Network Traffic dataset and classification of the Tor traffic flow in the network. This paper proposes a hybrid classifier; Artificial Neural Network in conjunction with Correlation feature selection algorithm for dimensionality reduction and improved classification performance. The reliability and efficiency of the propose hybrid classifier is compared with Support Vector Machine and naïve Bayes classifiers in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset. Experimental results show the hybrid classifier, ANN-CFS proved a better classifier in detecting nonTor traffic and classifying the Tor traffic flow in UNB-CIC Tor Network Traffic dataset