A machine learning approach for feature selection traffic classification using security analysis

© 2018, Springer Science+Business Media, LLC, part of Springer Nature. Class imbalance has become a big problem that leads to inaccurate traffic classification. Accurate traffic classification of traffic flows helps us in security monitoring, IP management, intrusion detection, etc. To address the traffic classification problem, in literature, machine learning (ML) approaches are widely used. Therefore, in this paper, we also proposed an ML-based hybrid feature selection algorithm named WMI_AUC that make use of two metrics: weighted mutual information (WMI) metric and area under ROC curve (AUC). These metrics select effective features from a traffic flow. However, in order to select robust features from the selected features, we proposed robust features selection algorithm. The proposed approach increases the accuracy of ML classifiers and helps in detecting malicious traffic. We evaluate our work using 11 well-known ML classifiers on the different network environment traces datasets. Experimental results showed that our algorithms achieve more than 95% flow accuracy results

Early Recognition of Encrypted Applications

International audienceMost tools to recognize the application associated with network con-nections use well-known signatures as basis for their classification. This approach is very effective in enterprise and campus networks to pinpoint forbidden appli-cations (peer to peer, for instance) or security threats. However, it is easy to use encryption to evade these mechanisms. In particular, Secure Sockets Layer (SSL) libraries such as OpenSSL are widely available and can easily be used to encrypt any type of traffic. In this paper, we propose a method to detect applications in SSL encrypted connections. Our method uses only the size of the first few packets of an SSL connection to recognize the application, which enables an early classi-fication. We test our method on packet traces collected on two campus networks and on manually-encrypted traces. Our results show that we are able to recognize the application in an SSL connection with more than 85% accuracy

Early Application Identification

International audienceThe automatic detection of applications associated with net-work traffic is an essential step for network security and traffic engineering. Unfortunately, simple port-based clas-sification methods are not always efficient and systematic analysis of packet payloads is too slow. Most recent re-search proposals use flow statistics to classify traffic flows once they are finished, which limit their applicability for on-line classification. In this paper, we evaluate the feasibility of application identification at the beginning of a TCP con-nection. Based on an analysis of packet traces collected on eight different networks, we find that it is possible to distin-guish the behavior of an application from the observation of the size and the direction of the first few packets of the TCP connection. We apply three techniques to cluster TCP connections: K-Means, Gaussian Mixture Model and spec-tral clustering. Resulting clusters are used together with assignment and labeling heuristics to design classifiers. We evaluate these classifiers on different packet traces. Our re-sults show that the first four packets of a TCP connection are sufficient to classify known applications with an accu-racy over 90% and to identify new applications as unknown with a probability of 60%

Malicious url classification using machine learning algorithms and comparative analysis

Exponential expansion in the application of the internet in each and every field has resulted in the escalation of data traffic over the internet. In the vastness of this data it has become important for engineers to classify the data as malicious and non-malicious so that different traffic can be treated differently. Rule-based and port-based classification exhibited a number of limitations which ultimately led to the steep decline in their usage to classify the internet traffic and gave rise to the machine learning techniques which are more promising and efficient. In this paper four popularly known machine learning classifiers: KNN, Naive Bayes, Decision Trees and Random forest have been implemented to classify the internet traffic based on whether the traffic is malicious or not and then compare their results on the basis of their accuracy score