21,395 research outputs found
Neural Packet Classification
Packet classification is a fundamental problem in computer networking. This
problem exposes a hard tradeoff between the computation and state complexity,
which makes it particularly challenging. To navigate this tradeoff, existing
solutions rely on complex hand-tuned heuristics, which are brittle and hard to
optimize. In this paper, we propose a deep reinforcement learning (RL) approach
to solve the packet classification problem. There are several characteristics
that make this problem a good fit for Deep RL. First, many of the existing
solutions are iteratively building a decision tree by splitting nodes in the
tree. Second, the effects of these actions (e.g., splitting nodes) can only be
evaluated once we are done with building the tree. These two characteristics
are naturally captured by the ability of RL to take actions that have sparse
and delayed rewards. Third, it is computationally efficient to generate data
traces and evaluate decision trees, which alleviate the notoriously high sample
complexity problem of Deep RL algorithms. Our solution, NeuroCuts, uses
succinct representations to encode state and action space, and efficiently
explore candidate decision trees to optimize for a global objective. It
produces compact decision trees optimized for a specific set of rules and a
given performance metric, such as classification time, memory footprint, or a
combination of the two. Evaluation on ClassBench shows that NeuroCuts
outperforms existing hand-crafted algorithms in classification time by 18% at
the median, and reduces both time and memory footprint by up to 3x
Multi-view Multi-label Anomaly Network Traffic Classification based on MLP-Mixer Neural Network
Network traffic classification is the basis of many network security
applications and has attracted enough attention in the field of cyberspace
security. Existing network traffic classification based on convolutional neural
networks (CNNs) often emphasizes local patterns of traffic data while ignoring
global information associations. In this paper, we propose a MLP-Mixer based
multi-view multi-label neural network for network traffic classification.
Compared with the existing CNN-based methods, our method adopts the MLP-Mixer
structure, which is more in line with the structure of the packet than the
conventional convolution operation. In our method, the packet is divided into
the packet header and the packet body, together with the flow features of the
packet as input from different views. We utilize a multi-label setting to learn
different scenarios simultaneously to improve the classification performance by
exploiting the correlations between different scenarios. Taking advantage of
the above characteristics, we propose an end-to-end network traffic
classification method. We conduct experiments on three public datasets, and the
experimental results show that our method can achieve superior performance.Comment: 15 pages,6 figure
Klasifikasi Paket Jaringan Berbasis Analisis Statistik dan Neural Network
Distributed Denial-of-Service (DDoS) is one of network attack technique which increased every year, especially in both of intensity and volume. DDoS attacks are still one of the world's major Internet threats and become a major problem of cyber-world security. Research in this paper aims to establish a new approach on network packets classification, which can be a basis for framework development on Distributed Denial-of-Service (DDoS) attack detection systems. The proposed approach to solving the problem on network packet classification is by combining statistical data quantification methods with neural network methods. Based on the test, it is found that the average percentage of neural network classification accuracy against network data packet is 92.99%
Neural Network Architectures and Ensembles for Packet Classification: Addressing Visibility, Security and Quality of Service Challenges in Communication Networks
Increasingly researchers are turning to machine learning techniques such as artificial neural networks (ANN) to address communication network research challenges in the areas of enhanced security, quality of service, visibility and control. Central to each is the need to classify packets. Determining an effective architecture for the artificial neural network is more difficult because traditional techniques such as principal component analysis (PCA) show reduced effectiveness. Presented are the techniques for preprocessing datasets and selecting input traffic features for the multi-layer perceptron (MLP) architecture. This methodology achieves classification accuracy above 99%.
An investigation into neural network architectures revealed the optimal structure and parameters for communication packet classification. This work also studies optimization algorithms with completely balanced datasets and provides performance criteria for training time and accuracy.
The application of MLPs to security challenges is also investigated. Port scans are a persistent problem on contemporary communication networks. Sequential MLPs are investigated to classify packets and determine TCP packet type. Following classification, analysis is performed in order to discover scan attempts. Neural networks can be used to successfully classify general packet traffic and more complex TCP classes at rates that are above 99\%. The proposed methodology achieves accurate scan detection without having to utilize an intrusion detection system.
In order to harness the power of Convolutional Neural Networks (CNNs), the conversion of packets to images is investigated. Additionally, a sequence of packets are combined into larger images to gain insight into conversations, exchanges, losses and threats. The use of this technique to identify potential latency problems is demonstrated. This approach of using contemporary network traffic and convolutional neural networks has success rate for individual packets exceeding 99%. Larger images achieve the same high level of accuracy. Finally, neural network ensembles are researched that reach 100% accuracy for packet classification.
Ensembles are also studied to accurately predict Mean Opinion Score for voice traffic and explored for their use in combating adversarial attacks against the source data
Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System
We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD
Poseidon: a 2-tier Anomaly-based Intrusion Detection System
We present Poseidon, a new anomaly based intrusion detection system. Poseidon
is payload-based, and presents a two-tier architecture: the first stage
consists of a Self-Organizing Map, while the second one is a modified PAYL
system. Our benchmarks on the 1999 DARPA data set show a higher detection rate
and lower number of false positives than PAYL and PHAD
Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic with Neural Networks
The IoT (Internet of Things) technology has been widely adopted in recent
years and has profoundly changed the people's daily lives. However, in the
meantime, such a fast-growing technology has also introduced new privacy
issues, which need to be better understood and measured. In this work, we look
into how private information can be leaked from network traffic generated in
the smart home network. Although researchers have proposed techniques to infer
IoT device types or user behaviors under clean experiment setup, the
effectiveness of such approaches become questionable in the complex but
realistic network environment, where common techniques like Network Address and
Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic
analysis using traditional methods (e.g., through classical machine-learning
models) is much less effective under those settings, as the features picked
manually are not distinctive any more. In this work, we propose a traffic
analysis framework based on sequence-learning techniques like LSTM and
leveraged the temporal relations between packets for the attack of device
identification. We evaluated it under different environment settings (e.g.,
pure-IoT and noisy environment with multiple non-IoT devices). The results
showed our framework was able to differentiate device types with a high
accuracy. This result suggests IoT network communications pose prominent
challenges to users' privacy, even when they are protected by encryption and
morphed by the network gateway. As such, new privacy protection methods on IoT
traffic need to be developed towards mitigating this new issue
- …