NetTiSA: Extended IP flow with time-series features for universal bandwidth-constrained high-speed network traffic classification
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F24%3A10133638" target="_blank" >RIV/63839172:_____/24:10133638 - isvavai.cz</a>
Alternative codes found
RIV/68407700:21240/24:00373661
Result on the web
<a href="https://doi.org/10.1016/j.comnet.2023.110147" target="_blank" >https://doi.org/10.1016/j.comnet.2023.110147</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1016/j.comnet.2023.110147" target="_blank" >10.1016/j.comnet.2023.110147</a>
Alternative languages
Result language
angličtina
Original language name
NetTiSA: Extended IP flow with time-series features for universal bandwidth-constrained high-speed network traffic classification
Original language description
Network traffic monitoring based on IP Flows is a standard monitoring approach that can be deployed to various network infrastructures, even the large ISP networks connecting millions of people. Since flow records traditionally contain only limited information (addresses, transport ports, and amount of exchanged data), they are also commonly extended by additional features that enable network traffic analysis with high accuracy. These flow extensions are, however, often too large or hard to compute, which then allows only offline analysis or limits their deployment only to smaller-sized networks. This paper proposes a novel extended IP flow called NetTiSA (Network Time Series Analysed) flow, based on analysing the time series of packet sizes. By thoroughly testing 25 different network traffic classification tasks, we show the broad applicability and high usability of NetTiSA flow. For practical deployment, we also consider the sizes of flows extended by NetTiSA features and evaluate the performance impacts of their computation in the flow exporter. The novel features proved to be computationally inexpensive and showed excellent discriminatory performance. The trained machine learning classifiers with proposed features mostly outperformed the state-of-the-art methods. NetTiSA finally bridges the gap and brings universal, small-sized, and computationally inexpensive features for traffic classification that can be scaled up to extensive monitoring infrastructures, bringing the machine learning traffic classification even to 100 Gbps backbone lines.
Czech name
—
Czech description
—
Classification
Type
J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
<a href="/en/project/VJ02010024" target="_blank" >VJ02010024: Flow-based Encrypted Traffic Analysis</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2024
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Name of the periodical
Computer Networks
ISSN
1389-1286
e-ISSN
—
Volume of the periodical
240
Issue of the periodical within the volume
February 2024
Country of publishing house
NL - THE KINGDOM OF THE NETHERLANDS
Number of pages
22
Pages from-to
—
UT code for WoS article
001157525200001
EID of the result in the Scopus database
2-s2.0-85182028058