Behavioral Analysis of Traffic Flow for an Effective Network Traffic Identification

Authors

Department of Computer Engineering and IT at Shahrood University of Technology , Iran

Abstract

Fast and accurate network traffic identification is becoming essential for network management, high quality of service control and early detection of network traffic abnormalities. Techniques based on statistical features of packet flows have recently become popular for network classification due to the limitations of traditional port and payload based methods. In this paper, we propose a method to identify network traffics. In this method, for cleaning and preparing data, we perform effective preprocessing approach. Then effective features are extracted using the behavioral analysis of application. Using the effective preprocessing and feature extraction techniques, this method can effectively and accurately identify network traffics. For this purpose, two network traffic databases namely UNIBS and the collected database on router are analyzed. In order to evaluate the results, the accuracy of network traffic identification using proposed method is analyzed using machine learning techniques. Experimental results show that the proposed method obtains an accuracy of 97%  in network traffic identification.

Keywords


1.     Foremski, P., "On different ways to classify internet traffic: A short review of selected publications", Theoretical and Applied Informatics,  Vol. 25, (2013), 147–164.

2.     Zhang, J., Xiang, Y., Wang, Y., Zhou, W., Xiang, Y. and Guan, Y., "Network traffic classification using correlation information", IEEE Transactions on Parallel and Distributed Systems,  Vol. 24, No. 1, (2013), 104-117.

3.     Wang, Y., Xiang, Y. and Zhang, J., "Network traffic clustering using random forest proximities", in Communications (ICC), IEEE International Conference on, IEEE., (2013), 2058-2062.

4.     Adami, D., Callegari, C., Giordano, S., Pagano, M. and Pepe, T., "Skype‐hunter: A real‐time system for the detection and classification of skype traffic", International Journal of Communication Systems,  Vol. 25, No. 3, (2012), 386-403.

5.     Finamore, A., Mellia, M., Meo, M. and Rossi, D., "Kiss: Stochastic packet inspection classifier for udp traffic", IEEE/ACM Transactions on Networking,  Vol. 18, No. 5, (2010), 1505-1515.

6.     Bonfiglio, D., Mellia, M., Meo, M., Rossi, D. and Tofanelli, P., "Revealing skype traffic: When randomness plays with you", in ACM SIGCOMM Computer Communication Review, ACM. Vol. 37, (2007), 37-48.

7.     Kotsiantis, S.B., Zaharakis, I. and Pintelas, P., Supervised machine learning: A review of classification techniques. 2007.

8.     AbuHmed, T., Mohaisen, A. and Nyang, D., "A survey on deep packet inspection for intrusion detection systems", arXiv preprint arXiv:0803.0037,  (2008).

9.     Kim, J., Hwang, J. and Kim, K., "High-performance internet traffic classification using a markov model and kullback-leibler divergence", Mobile Information Systems,  Vol. 2016, (2016).

10.   Muehlstein, J., Zion, Y., Bahumi, M., Kirshenboim, I., Dubin, R., Dvir, A. and Pele, O., "Analyzing https encrypted traffic to identify user's operating system, browser and application", in Consumer Communications & Networking Conference (CCNC), 2017 14th IEEE Annual, IEEE., (2017), 1-6.

11.   Loo, H.R. and Marsono, M.N., "Online network traffic classification with incremental learning", Evolving Systems,  Vol. 7, No. 2, (2016), 129-143.

12.   Qin, T., Wang, L., Liu, Z. and Guan, X., "Robust application identification methods for p2p and voip traffic classification in backbone networks", Knowledge-Based Systems,  Vol. 82, (2015), 152-162.

13.   Aliakbarian, M.S., Fanian, A., Saleh, F.S. and Gulliver, T.A., "Optimal supervised feature extraction in internet traffic classification", in Communications, Computers and Signal Processing (PACRIM), 2013 IEEE Pacific Rim Conference on, IEEE., (2013), 102-107.

14.   Zhou, W., Dong, L., Bic, L., Zhou, M. and Chen, L., "Internet traffic classification using feed-forward neural network", in Computational Problem-Solving (ICCP), 2011 International Conference on, IEEE., (2011), 641-646.

15.   Crotti, M., Dusi, M., Gringoli, F. and Salgarelli, L., "Traffic classification through simple statistical fingerprinting", ACM SIGCOMM Computer Communication Review,  Vol. 37, No. 1, (2007), 5-16.

16.   Moore, A.W. and Zuev, D., "Internet traffic classification using bayesian analysis techniques", in ACM SIGMETRICS Performance Evaluation Review, ACM. Vol. 33, (2005), 50-60.

17.   Zhang, J., Chen, C., Xiang, Y., Zhou, W. and Xiang, Y., "Internet traffic classification by aggregating correlated naive bayes predictions", IEEE Transactions on Information Forensics and Security,  Vol. 8, No. 1, (2013), 5-15.

18.   Hu, L. and Zhang, L., "Real-time internet traffic identification based on decision tree", in World Automation Congress (WAC), 2012, IEEE., (2012), 1-3.

19.   Wang, Y., Xiang, Y. and Yu, S., "Internet traffic classification using machine learning: A token-based approach", in Computational Science and Engineering (CSE), 2011 IEEE 14th International Conference on, IEEE., (2011), 285-289.