Network Traffic Classification Based on Single Flow Time Series Analysis

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F23%3A10133607" target="_blank" >RIV/63839172:_____/23:10133607 - isvavai.cz</a>

Nalezeny alternativní kódy

RIV/68407700:21240/23:00369772

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/10327876" target="_blank" >https://ieeexplore.ieee.org/document/10327876</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.23919/CNSM59352.2023.10327876" target="_blank" >10.23919/CNSM59352.2023.10327876</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Network Traffic Classification Based on Single Flow Time Series Analysis

Popis výsledku v původním jazyce

Network traffic monitoring using IP flows is used to handle the current challenge of analyzing encrypted network communication. Nevertheless, the packet aggregation into flow records naturally causes information loss; therefore, this paper proposes a novel flow extension for traffic features based on the time series analysis of the Single Flow Time series, i.e., a time series created by the number of bytes in each packet and its timestamp. We propose 69 universal features based on the statistical analysis of data points, time domain analysis, packet distribution within the flow timespan, time series behavior, and frequency domain analysis. We have demonstrated the usability and universality of the proposed feature vector for various network traffic classification tasks using 15 well-known publicly available datasets. Our evaluation shows that the novel feature vector achieves classification performance similar or better than related works on both binary and multiclass classification tasks. In more than half of the evaluated tasks, the classification performance increased by up to 5 %.

Název v anglickém jazyce

Network Traffic Classification Based on Single Flow Time Series Analysis

Popis výsledku anglicky

Network traffic monitoring using IP flows is used to handle the current challenge of analyzing encrypted network communication. Nevertheless, the packet aggregation into flow records naturally causes information loss; therefore, this paper proposes a novel flow extension for traffic features based on the time series analysis of the Single Flow Time series, i.e., a time series created by the number of bytes in each packet and its timestamp. We propose 69 universal features based on the statistical analysis of data points, time domain analysis, packet distribution within the flow timespan, time series behavior, and frequency domain analysis. We have demonstrated the usability and universality of the proposed feature vector for various network traffic classification tasks using 15 well-known publicly available datasets. Our evaluation shows that the novel feature vector achieves classification performance similar or better than related works on both binary and multiclass classification tasks. In more than half of the evaluated tasks, the classification performance increased by up to 5 %.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20202 - Communication engineering and systems

Projekt

<a href="/cs/project/VJ02010024" target="_blank" >VJ02010024: Analýza šifrovaného provozu pomocí síťových toků</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

19th International Conference on Network and Service Management, CNSM 2023

ISBN

978-3-903176-59-1

ISSN

2165-963X

e-ISSN

—

Počet stran výsledku

7

Strana od-do

—

Název nakladatele

IEEE

Místo vydání

Piscataway , USA

Místo konání akce

Niagara Falls, Kanada

Datum konání akce

30. 10. 2023

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—