Using Burstiness for Network Applications Classification

Using Burstiness for Network Applications Classification

Network traffic classification is a vital task for service operators, network engineers, and security specialists to manage network traffic, design networks, and detect threats. Identifying the type/name of applications that generate traffic is a challenging task as encrypting traffic becomes the no...

Full description

Bibliographic Details
Main Authors: Hussein Oudah, Bogdan Ghita, Taimur Bakhshi, Abdulrahman Alruban, David J. Walker
Format: Article
Language:English
Published: Hindawi Limited 2019-01-01
Series:Journal of Computer Networks and Communications
Online Access:http://dx.doi.org/10.1155/2019/5758437
id doaj-503fbd0e58474f31aad35b40604b6053
record_format Article
spelling doaj-503fbd0e58474f31aad35b40604b60532020-11-25T02:15:30ZengHindawi LimitedJournal of Computer Networks and Communications2090-71412090-715X2019-01-01201910.1155/2019/57584375758437Using Burstiness for Network Applications ClassificationHussein Oudah0Bogdan Ghita1Taimur Bakhshi2Abdulrahman Alruban3David J. Walker4Centre for Security, Communications and Network Research, University of Plymouth, Plymouth, UKCentre for Security, Communications and Network Research, University of Plymouth, Plymouth, UKNational University of Computer & Emerging Sciences, Lahore, PakistanCentre for Security, Communications and Network Research, University of Plymouth, Plymouth, UKCentre for Robotics and Neural Systems, University of Plymouth, Plymouth, UKNetwork traffic classification is a vital task for service operators, network engineers, and security specialists to manage network traffic, design networks, and detect threats. Identifying the type/name of applications that generate traffic is a challenging task as encrypting traffic becomes the norm for Internet communication. Therefore, relying on conventional techniques such as deep packet inspection (DPI) or port numbers is not efficient anymore. This paper proposes a novel flow statistical-based set of features that may be used for classifying applications by leveraging machine learning algorithms to yield high accuracy in identifying the type of applications that generate the traffic. The proposed features compute different timings between packets and flows. This work utilises tcptrace to extract features based on traffic burstiness and periods of inactivity (idle time) for the analysed traffic, followed by the C5.0 algorithm for determining the applications that generated it. The evaluation tests performed on a set of real, uncontrolled traffic, indicated that the method has an accuracy of 79% in identifying the correct network application.http://dx.doi.org/10.1155/2019/5758437
collection DOAJ
language English
format Article
sources DOAJ
author Hussein Oudah
Bogdan Ghita
Taimur Bakhshi
Abdulrahman Alruban
David J. Walker
spellingShingle Hussein Oudah
Bogdan Ghita
Taimur Bakhshi
Abdulrahman Alruban
David J. Walker
Using Burstiness for Network Applications Classification
Journal of Computer Networks and Communications
author_facet Hussein Oudah
Bogdan Ghita
Taimur Bakhshi
Abdulrahman Alruban
David J. Walker
author_sort Hussein Oudah
title Using Burstiness for Network Applications Classification
title_short Using Burstiness for Network Applications Classification
title_full Using Burstiness for Network Applications Classification
title_fullStr Using Burstiness for Network Applications Classification
title_full_unstemmed Using Burstiness for Network Applications Classification
title_sort using burstiness for network applications classification
publisher Hindawi Limited
series Journal of Computer Networks and Communications
issn 2090-7141
2090-715X
publishDate 2019-01-01
description Network traffic classification is a vital task for service operators, network engineers, and security specialists to manage network traffic, design networks, and detect threats. Identifying the type/name of applications that generate traffic is a challenging task as encrypting traffic becomes the norm for Internet communication. Therefore, relying on conventional techniques such as deep packet inspection (DPI) or port numbers is not efficient anymore. This paper proposes a novel flow statistical-based set of features that may be used for classifying applications by leveraging machine learning algorithms to yield high accuracy in identifying the type of applications that generate the traffic. The proposed features compute different timings between packets and flows. This work utilises tcptrace to extract features based on traffic burstiness and periods of inactivity (idle time) for the analysed traffic, followed by the C5.0 algorithm for determining the applications that generated it. The evaluation tests performed on a set of real, uncontrolled traffic, indicated that the method has an accuracy of 79% in identifying the correct network application.
url http://dx.doi.org/10.1155/2019/5758437
work_keys_str_mv AT husseinoudah usingburstinessfornetworkapplicationsclassification
AT bogdanghita usingburstinessfornetworkapplicationsclassification
AT taimurbakhshi usingburstinessfornetworkapplicationsclassification
AT abdulrahmanalruban usingburstinessfornetworkapplicationsclassification
AT davidjwalker usingburstinessfornetworkapplicationsclassification
_version_ 1724895935906971648

Similar Items