Using Burstiness for Network Applications Classification
Network traffic classification is a vital task for service operators, network engineers, and security specialists to manage network traffic, design networks, and detect threats. Identifying the type/name of applications that generate traffic is a challenging task as encrypting traffic becomes the no...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2019-01-01
|
| Series: | Journal of Computer Networks and Communications |
| Online Access: | http://dx.doi.org/10.1155/2019/5758437 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832550617638240256 |
|---|---|
| author | Hussein Oudah Bogdan Ghita Taimur Bakhshi Abdulrahman Alruban David J. Walker |
| author_facet | Hussein Oudah Bogdan Ghita Taimur Bakhshi Abdulrahman Alruban David J. Walker |
| author_sort | Hussein Oudah |
| collection | DOAJ |
| description | Network traffic classification is a vital task for service operators, network engineers, and security specialists to manage network traffic, design networks, and detect threats. Identifying the type/name of applications that generate traffic is a challenging task as encrypting traffic becomes the norm for Internet communication. Therefore, relying on conventional techniques such as deep packet inspection (DPI) or port numbers is not efficient anymore. This paper proposes a novel flow statistical-based set of features that may be used for classifying applications by leveraging machine learning algorithms to yield high accuracy in identifying the type of applications that generate the traffic. The proposed features compute different timings between packets and flows. This work utilises tcptrace to extract features based on traffic burstiness and periods of inactivity (idle time) for the analysed traffic, followed by the C5.0 algorithm for determining the applications that generated it. The evaluation tests performed on a set of real, uncontrolled traffic, indicated that the method has an accuracy of 79% in identifying the correct network application. |
| format | Article |
| id | doaj-art-503fbd0e58474f31aad35b40604b6053 |
| institution | Kabale University |
| issn | 2090-7141 2090-715X |
| language | English |
| publishDate | 2019-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | Journal of Computer Networks and Communications |
| spelling | doaj-art-503fbd0e58474f31aad35b40604b60532025-02-03T06:06:16ZengWileyJournal of Computer Networks and Communications2090-71412090-715X2019-01-01201910.1155/2019/57584375758437Using Burstiness for Network Applications ClassificationHussein Oudah0Bogdan Ghita1Taimur Bakhshi2Abdulrahman Alruban3David J. Walker4Centre for Security, Communications and Network Research, University of Plymouth, Plymouth, UKCentre for Security, Communications and Network Research, University of Plymouth, Plymouth, UKNational University of Computer & Emerging Sciences, Lahore, PakistanCentre for Security, Communications and Network Research, University of Plymouth, Plymouth, UKCentre for Robotics and Neural Systems, University of Plymouth, Plymouth, UKNetwork traffic classification is a vital task for service operators, network engineers, and security specialists to manage network traffic, design networks, and detect threats. Identifying the type/name of applications that generate traffic is a challenging task as encrypting traffic becomes the norm for Internet communication. Therefore, relying on conventional techniques such as deep packet inspection (DPI) or port numbers is not efficient anymore. This paper proposes a novel flow statistical-based set of features that may be used for classifying applications by leveraging machine learning algorithms to yield high accuracy in identifying the type of applications that generate the traffic. The proposed features compute different timings between packets and flows. This work utilises tcptrace to extract features based on traffic burstiness and periods of inactivity (idle time) for the analysed traffic, followed by the C5.0 algorithm for determining the applications that generated it. The evaluation tests performed on a set of real, uncontrolled traffic, indicated that the method has an accuracy of 79% in identifying the correct network application.http://dx.doi.org/10.1155/2019/5758437 |
| spellingShingle | Hussein Oudah Bogdan Ghita Taimur Bakhshi Abdulrahman Alruban David J. Walker Using Burstiness for Network Applications Classification Journal of Computer Networks and Communications |
| title | Using Burstiness for Network Applications Classification |
| title_full | Using Burstiness for Network Applications Classification |
| title_fullStr | Using Burstiness for Network Applications Classification |
| title_full_unstemmed | Using Burstiness for Network Applications Classification |
| title_short | Using Burstiness for Network Applications Classification |
| title_sort | using burstiness for network applications classification |
| url | http://dx.doi.org/10.1155/2019/5758437 |
| work_keys_str_mv | AT husseinoudah usingburstinessfornetworkapplicationsclassification AT bogdanghita usingburstinessfornetworkapplicationsclassification AT taimurbakhshi usingburstinessfornetworkapplicationsclassification AT abdulrahmanalruban usingburstinessfornetworkapplicationsclassification AT davidjwalker usingburstinessfornetworkapplicationsclassification |