Çok Katmanlı Algılayıcı ile Ağ Trafiği Sınıflandırma Analizi
Year 2022,
Volume: 10 Issue: 2, 837 - 846, 30.04.2022
Serdar Kırışoğlu
,
Bayram Kotan
,
Kurban Kotan
Abstract
Çevrimiçi ağ trafiği sınıflandırması, uzun vadeli ilginin odak noktası olmaya devam ediyor. Ağ trafiğini izleme ve ağ trafiği analizi birçok farklı yoldan yapılabilir. Ağ trafiğini izleme, hizmet kalitesi (QoS) için ham veri girişi sağlar ve bu da ağ analistine ağ kaynaklarını nasıl kullandığını anlama ve ağ performansını belirleme olanağı sağlar. Bu bilgi ile ağ analisti, ağ kaynaklarını kontrol etmek ve yönetmek için QoS politikalarını belirleyebilir. Ağ trafiğinin izlenmesi akademik araştırma için modeller oluşturmak için de kullanılabilir. Bu makalede derin öğrenme algoritması kullanılarak ağ trafiğini doğru şekilde sınıflandıran bir makine öğrenme yaklaşımı sunulmuştur. Aynı zamanda bu çalışmada diğer makine öğrenme algoritmaları ile karşılaştırmalar yapılmıştır. Çok Katmanlı Algılayıcı (MLP), ağın sınıflandırıcısını oluşturmak için kullanılmıştır. Deney sonuçları derin öğrenme algoritmasının diğer algoritmalardan daha iyi sonuç verdiğini ve sınıflandırmada %99,0233 Detection Rate (DR) değerine, %78,3941 doğruluğa (ACC) sahip olduğunu göstermiştir.
References
- [1] V. Cerf and R. Kahn, “A Protocol for Packet Network Intercommunication,” in IEEE Transactions on Communications, vol. 22, no. 5, pp. 637-648, 1974, doi: 10.1109/TCOM.1974.1092259.
- [2] T. Karagiannis, A. Broido, M. Faloutsos, and K. Claffy, “Transport layer identification of P2P traffic,” in Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, 2004, pp. 121-134.
- [3] Y. Wu, G. Min, K. Li, and B. Javadi, “Performance analysis of communication networks in multi-cluster systems under bursty traffic with communication locality,” in GLOBECOM 2009-2009 IEEE Global Telecommunications Conference, 2009, pp. 1-6.
- [4] H. Kim, K. C. Claffy, M. Fomenkov, D. Barman, M. Faloutsos, and K. Lee, “Internet traffic classification demystified: myths, caveats, and the best practices,” in Proceedings of the 2008 ACM CoNEXT conference, 2008, pp. 1-12.
- [5] Y.-s. Lim, H.-c. Kim, J. Jeong, C.-k. Kim, T. T. Kwon, and Y. Choi, “Internet traffic classification demystified: on the sources of the discriminative power,” in Proceedings of the 6th International COnference, 2010, pp. 1-12.
- [6] T. T. Nguyen, G. Armitage, and tutorials, “A survey of techniques for internet traffic classification using machine learning,” vol. 10, no. 4, pp. 56-76, 2008.
- [7] Y. Xiang, W. Zhou, and M. Guo, “Flexible deterministic packet marking: An IP traceback system to find the real source of attacks,” vol. 20, no. 4, pp. 567-580, 2009.
- [8] J. Johnson, “Worldwide digital population as of January 2021,” 2021.
- [9] J. Korteling, G. van de Boer-Visschedijk, R. A. M. Blankendaal, R. C. Boonekamp, and A. R.. Eikelboom, “Human-versus artificial intelligence,” Front. Artif. Intell., vol. 4, 2021.
- [10] S. Ioffe and C. Szegedy, “Batch normalization: Accelerating deep network training by reducing internal covariate shift,” in International conference on machine learning, 2015, pp. 448-456: PMLR.
- [11] T. Auld, A. W. Moore, and S. F. Gull, “Bayesian neural networks for internet traffic classification,” IEEE Transactions on Neural Networks, vol. 18, no. 1, pp. 223-239, 2007.
- [12] M. Crotti, F. Gringoli, P. Pelosato, and L. Salgarelli, “A statistical approach to IP-level classification of network traffic,” in 2006 IEEE International Conference on Communications, 2006, vol. 1, pp. 170-176.
- [13] N. Namdev, S. Agrawal, and S. Silkari, “Recent advancement in machine learning based internet traffic classification,” Procedia Computer Science, vol. 60, pp. 784-791, 2015.
- [14] P. Haffner, S. Sen, O. Spatscheck, and D. Wang, “ACAS: automated construction of application signatures,” in Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data, 2005, pp. 197-202.
- [15] S. Sen, O. Spatscheck, and D. Wang, “Accurate, scalable in-network identification of p2p traffic using application signatures,” in Proceedings of the 13th international conference on World Wide Web, 2004, pp. 512-521.
- [16] A. Moore, J. Hall, C. Kreibich, E. Harris, and I. Pratt, “Architecture of a network monitor,” in Passive & Active Measurement Workshop, 2003, vol. 2003.
- [17] W. Li and A. W. Moore, “A machine learning approach for efficient traffic classification,” in 2007 15th International symposium on modeling, analysis, and simulation of computer and telecommunication systems, 2007, pp. 310-317.
- [18] P. Schneider, “Tcp/ip traffic classification based on port numbers,” 1997.
- [19] M. Degermark, B. Nordgren, and S. Pink, RFC2507: IP header compression, RFC Editor, 1999.
- [20] T. Porter, “The perils of deep packet inspection,” 2005.
- [21] M. Finsterbusch, C. Richter, E. Rocha, J.-A. Muller, K. J. I. C. S. Hanssgen, and Tutorials, “A survey of payload-based traffic classification approaches,” vol. 16, no. 2, pp. 1135-1156, 2013.
- [22] G. Hinton and T. J. Sejnowski, Unsupervised learning: foundations of neural computation, MIT Press, 1999.
- [23] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in 2009 IEEE symposium on computational intelligence for security and defense applications, 2009, pp. 1-6: IEEE.
- [24] W. Stallings, Network security essentials: Applications and standards, 4/e, Pearson Education India, 2003.
Network Traffic Classification Analysis with Multi-Layer Sensor
Year 2022,
Volume: 10 Issue: 2, 837 - 846, 30.04.2022
Serdar Kırışoğlu
,
Bayram Kotan
,
Kurban Kotan
Abstract
Online network traffic classification remains the focus of long-term interest. Network traffic monitoring and network traffic analysis can be done in many different ways. Monitoring network traffic provides raw data input for quality of service (QoS), which gives the network analyst the ability to understand how it uses network resources and determine network performance. With this information, the network analyst can set QoS policies to control and manage network resources. Network traffic monitoring can also be used to build models for academic research. In this article, a machine learning approach that correctly classifies network traffic using a deep learning algorithm is presented. At the same time, comparisons were made with other machine learning algorithms in this study. Multi-Layer Perceptron (MLP) was used to construct the classifier of the network. Experiment results showed that the deep learning algorithm gave better results than other algorithms and had a Detection Rate (DR) value of 99.0233% and an accuracy of 78.3941% (ACC) in classification.
References
- [1] V. Cerf and R. Kahn, “A Protocol for Packet Network Intercommunication,” in IEEE Transactions on Communications, vol. 22, no. 5, pp. 637-648, 1974, doi: 10.1109/TCOM.1974.1092259.
- [2] T. Karagiannis, A. Broido, M. Faloutsos, and K. Claffy, “Transport layer identification of P2P traffic,” in Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, 2004, pp. 121-134.
- [3] Y. Wu, G. Min, K. Li, and B. Javadi, “Performance analysis of communication networks in multi-cluster systems under bursty traffic with communication locality,” in GLOBECOM 2009-2009 IEEE Global Telecommunications Conference, 2009, pp. 1-6.
- [4] H. Kim, K. C. Claffy, M. Fomenkov, D. Barman, M. Faloutsos, and K. Lee, “Internet traffic classification demystified: myths, caveats, and the best practices,” in Proceedings of the 2008 ACM CoNEXT conference, 2008, pp. 1-12.
- [5] Y.-s. Lim, H.-c. Kim, J. Jeong, C.-k. Kim, T. T. Kwon, and Y. Choi, “Internet traffic classification demystified: on the sources of the discriminative power,” in Proceedings of the 6th International COnference, 2010, pp. 1-12.
- [6] T. T. Nguyen, G. Armitage, and tutorials, “A survey of techniques for internet traffic classification using machine learning,” vol. 10, no. 4, pp. 56-76, 2008.
- [7] Y. Xiang, W. Zhou, and M. Guo, “Flexible deterministic packet marking: An IP traceback system to find the real source of attacks,” vol. 20, no. 4, pp. 567-580, 2009.
- [8] J. Johnson, “Worldwide digital population as of January 2021,” 2021.
- [9] J. Korteling, G. van de Boer-Visschedijk, R. A. M. Blankendaal, R. C. Boonekamp, and A. R.. Eikelboom, “Human-versus artificial intelligence,” Front. Artif. Intell., vol. 4, 2021.
- [10] S. Ioffe and C. Szegedy, “Batch normalization: Accelerating deep network training by reducing internal covariate shift,” in International conference on machine learning, 2015, pp. 448-456: PMLR.
- [11] T. Auld, A. W. Moore, and S. F. Gull, “Bayesian neural networks for internet traffic classification,” IEEE Transactions on Neural Networks, vol. 18, no. 1, pp. 223-239, 2007.
- [12] M. Crotti, F. Gringoli, P. Pelosato, and L. Salgarelli, “A statistical approach to IP-level classification of network traffic,” in 2006 IEEE International Conference on Communications, 2006, vol. 1, pp. 170-176.
- [13] N. Namdev, S. Agrawal, and S. Silkari, “Recent advancement in machine learning based internet traffic classification,” Procedia Computer Science, vol. 60, pp. 784-791, 2015.
- [14] P. Haffner, S. Sen, O. Spatscheck, and D. Wang, “ACAS: automated construction of application signatures,” in Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data, 2005, pp. 197-202.
- [15] S. Sen, O. Spatscheck, and D. Wang, “Accurate, scalable in-network identification of p2p traffic using application signatures,” in Proceedings of the 13th international conference on World Wide Web, 2004, pp. 512-521.
- [16] A. Moore, J. Hall, C. Kreibich, E. Harris, and I. Pratt, “Architecture of a network monitor,” in Passive & Active Measurement Workshop, 2003, vol. 2003.
- [17] W. Li and A. W. Moore, “A machine learning approach for efficient traffic classification,” in 2007 15th International symposium on modeling, analysis, and simulation of computer and telecommunication systems, 2007, pp. 310-317.
- [18] P. Schneider, “Tcp/ip traffic classification based on port numbers,” 1997.
- [19] M. Degermark, B. Nordgren, and S. Pink, RFC2507: IP header compression, RFC Editor, 1999.
- [20] T. Porter, “The perils of deep packet inspection,” 2005.
- [21] M. Finsterbusch, C. Richter, E. Rocha, J.-A. Muller, K. J. I. C. S. Hanssgen, and Tutorials, “A survey of payload-based traffic classification approaches,” vol. 16, no. 2, pp. 1135-1156, 2013.
- [22] G. Hinton and T. J. Sejnowski, Unsupervised learning: foundations of neural computation, MIT Press, 1999.
- [23] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in 2009 IEEE symposium on computational intelligence for security and defense applications, 2009, pp. 1-6: IEEE.
- [24] W. Stallings, Network security essentials: Applications and standards, 4/e, Pearson Education India, 2003.