Journal of Information Security and Cryptography (Enigma)

Reliable network traffic classification is essential to management and security tasks. Therefore, it is beneficial to analyze and improve existing techniques. Some of the most traditional methodologies for traffic classification are based on port number and packet payload, each of which presents an increasing set of problems. Port number-based classification techniques suffer from the misuse of port numbers and tunneling. This is primarily due to their reliance on the proper use of IANA (Internet Assigned Numbers Authority) assigned numbers. On the other hand, packet payload-based classification has difficulty dealing with encrypted data and legal restrictions to accessing user data. Flow feature-based classification can overcome these challenges by creating profiles based on the traffic patterns of applications. Furthermore, machine learning techniques have shown to be a good match for traffic classification. Thus, the goal of this paper is to explore the combination of these fields and to develop a set of machine learning models capable of classifying network traffic based on flow features. This was achieved by using a ready to use dataset to train two supervised and one unsupervised clustering model.
The results for the supervised classifiers were considered comparable to similar studies, while the performance of the clustering model was found to be not satisfactory.

computer networks; network traffic classification; machine learning

T. Karagiannis, A. Broido, N. Brownlee, K. C. Claffy and M. Faloutsos, “Is p2p dying or just hiding?”, in GLOBECOM, vol. 3, pp. 1532-1538, 2004, DOI: 10.1109/GLOCOM.2004.1378239

A. W. Moore and K. Papagiannaki, “Toward the accurate identification of network applications”, in PAM, vol 5, pp 41-45, 2005, DOI: 10.1007/978-3-540-31966-5_4

H. Dreger, A. Feldmann, M. Man, V. Paxson and R. Sommer, “Dynamic application-layer protocol analysis for network intrusion detection”, in USENIX Security Symposium, pp 257-272

R. Boutaba et al., “A Comprehensive Survey on Machine Learning for Networking: Evolution, Applications and Research Opportunities”, Journal of Internet Services and Applications, may, 2018, DOI: https://doi.org/10.1186/s13174-018-0087-2

L. Bernaille and R. Teixeira, “Implementation issues of early application identification”, Lecture Notes in Computer Science, 4866:156, 2007, DOI: 10.1007/978-3-540-76809-8_14

J. Erman, A. Mahanti, M. Arlitt and C. Williamson, “Identifying and discriminating between web and peer-to-peer traffic in the network core”, in Proceedings of the 16th international conference on World

Wide Web, ACM, pp; 883–892, DOI: https://doi.org/10.1145/1242572.1242692

A. W. Moore, D. Zuev and M. Crogan, “Discriminators for use in flow-based classification”, Queen Mary University of London, aug., 2005

M. Roughan et al., “Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification”, in Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 135–148, 2004, DOI: https://doi.org/10.1145/1028788.1028805

J. Park, H. Tyan and C. Kuo, “Internet traffic classification for scalable qos provision”, in IEEE International Conference on Multimedia and Expo, pp. 1221–1224, 2006, DOI: 10.1109/ICME.2006.262757

J. Erman, A. Mahanti and M. Arlitt, “Traffic Classification Using Clustering Algorithms”, in SIGCOMM Workshops, sept., 2006, DOI: https://doi.org/10.1145/1162678.1162679

A. W. Moore et al., “Architecture of a Network Monitor”, Passive & Active Measurement Workshop, 2003

A. W. Moore and D. Zuev, “Internet traffic classification using bayesian analysis techniques”, in Proc. ACM Sigmetrics, Alberta, Canada, pp. 50–59, Jun. 2005, DOI: https://doi.org/10.1145/1064212.1064220

WAND Group, “WITS: Auckland IV”, Available: https://wand.net.nz/wits/auck/4/auckland_iv.php, Accessed on: Feb. 13, 2022.

T. Karagiannis, K. Papagiannaki, and M. Faloutsos, “BLINK: Multilevel Traffic Classification in the Dark”, in SIGCOMM’05, Philadelphia, USA, Aug. 21-26, 2005, DOI: https://doi.org/10.1145/1080091.1080119

C. P. Cheeseman et al., “AutoClass: a Bayesian classification system”, in Proceedings of the Fifth International Conference on Machine Learning, pp. 54–64, 1988, DOI: https://doi.org/10.1016/B978-0-934613-64

-4.50011-6

E. Frank, M. A. Hall, I. H. Witten, “The WEKA Workbench. Online Appendix for Data Mining: Practical Machine Learning Tools and Techniques”, 4 ed.: Morgan Kaufmann, 2016

S. Zander and C. Schmoll, “NetMate - User and Developer Manual”, unpublished, 2004.

D. Arndt, “GitHub: DanielArndt/netmate-flowcalc”, Available: https://github.com/DanielArndt/netmate

-flowcalc, Accessed on: Feb. 12, 2022.