A Scalable Approach to Network Traffic Classification for Computer Network Defense using Parallel Neural Network Classifier Architectures

The ability to recognize network traffics plays an important role in securing modern computer network infrastructures. In this chapter, we propose a machine learning approach that is based on statistical features of communication flow between two end-points. The statistical features are then used to develop and test a Parallel Neural Network Classifier Architecture (PNNCA), which is trained to recognize specific HTTP session patterns in a controlled environment, and then used to classify general traffic. The classifier’s performance and scalability measures have been compared with other neural network based approaches. The classifier’s correct classification rate (CCR) is calculated to be 96%.

[1]  Vern Paxson,et al.  Empirically derived analytic models of wide-area TCP connections , 1994, TNET.

[2]  C.-C. Jay Kuo,et al.  Internet Traffic Classification for Scalable QOS Provision , 2006, 2006 IEEE International Conference on Multimedia and Expo.

[3]  David Moore,et al.  The CoralReef Software Suite as a Tool for System and Network Administrators , 2001, LISA.

[4]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[5]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[6]  Matthew Roughan,et al.  Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification , 2004, IMC '04.

[7]  Andrew W. Moore,et al.  Bayesian Neural Networks for Internet Traffic Classification , 2007, IEEE Transactions on Neural Networks.

[8]  Sebastian Zander,et al.  Self-Learning IP Traffic Classification Based on Statistical Flow Characteristics , 2005, PAM.

[9]  Konstantina Papagiannaki,et al.  Toward the Accurate Identification of Network Applications , 2005, PAM.

[10]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[11]  Bo Yang,et al.  Traffic classification using probabilistic neural networks , 2010, 2010 Sixth International Conference on Natural Computation.

[12]  Thomas M. Cover,et al.  Geometrical and Statistical Properties of Systems of Linear Inequalities with Applications in Pattern Recognition , 1965, IEEE Trans. Electron. Comput..

[13]  Marco M. Carvalho,et al.  Network traffic classification using a parallel neural network classifier architecture , 2011, CSIIRW '11.

[14]  R. Acharyya,et al.  Infrasound signal classification using parallel RBF Neural Networks , 2008 .

[15]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[16]  Azer Bestavros,et al.  Self-similarity in World Wide Web traffic: evidence and possible causes , 1997, TNET.

[17]  G. Zecevic Web based interface to SCADA system , 1998, POWERCON '98. 1998 International Conference on Power System Technology. Proceedings (Cat. No.98EX151).

[18]  Oliver Spatscheck,et al.  Accurate, scalable in-network identification of p2p traffic using application signatures , 2004, WWW '04.

[19]  Maurizio Dusi,et al.  Traffic classification through simple statistical fingerprinting , 2007, CCRV.