14,165 research outputs found
Multitask Learning for Network Traffic Classification
Traffic classification has various applications in today's Internet, from
resource allocation, billing and QoS purposes in ISPs to firewall and malware
detection in clients. Classical machine learning algorithms and deep learning
models have been widely used to solve the traffic classification task. However,
training such models requires a large amount of labeled data. Labeling data is
often the most difficult and time-consuming process in building a classifier.
To solve this challenge, we reformulate the traffic classification into a
multi-task learning framework where bandwidth requirement and duration of a
flow are predicted along with the traffic class. The motivation of this
approach is twofold: First, bandwidth requirement and duration are useful in
many applications, including routing, resource allocation, and QoS
provisioning. Second, these two values can be obtained from each flow easily
without the need for human labeling or capturing flows in a controlled and
isolated environment. We show that with a large amount of easily obtainable
data samples for bandwidth and duration prediction tasks, and only a few data
samples for the traffic classification task, one can achieve high accuracy. We
conduct two experiment with ISCX and QUIC public datasets and show the efficacy
of our approach
iTeleScope: Intelligent Video Telemetry and Classification in Real-Time using Software Defined Networking
Video continues to dominate network traffic, yet operators today have poor
visibility into the number, duration, and resolutions of the video streams
traversing their domain. Current approaches are inaccurate, expensive, or
unscalable, as they rely on statistical sampling, middle-box hardware, or
packet inspection software. We present {\em iTelescope}, the first intelligent,
inexpensive, and scalable SDN-based solution for identifying and classifying
video flows in real-time. Our solution is novel in combining dynamic flow rules
with telemetry and machine learning, and is built on commodity OpenFlow
switches and open-source software. We develop a fully functional system, train
it in the lab using multiple machine learning algorithms, and validate its
performance to show over 95\% accuracy in identifying and classifying video
streams from many providers including Youtube and Netflix. Lastly, we conduct
tests to demonstrate its scalability to tens of thousands of concurrent
streams, and deploy it live on a campus network serving several hundred real
users. Our system gives unprecedented fine-grained real-time visibility of
video streaming performance to operators of enterprise and carrier networks at
very low cost.Comment: 12 pages, 16 figure
Poseidon: a 2-tier Anomaly-based Network Intrusion Detection System
We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system. Our benchmarks on the 1999 DARPA data set show a higher detection rate and lower number of false positives than PAYL and PHAD
- …