Network Traffic Classifier With Convolutional and Recurrent Neural Networks for Internet of Things

A network traffic classifier (NTC) is an important part of current network monitoring systems, being its task to infer the network service that is currently used by a communication flow (e.g., HTTP and SIP). The detection is based on a number of features associated with the communication flow, for example, source and destination ports and bytes transmitted per packet. NTC is important, because much information about a current network flow can be learned and anticipated just by knowing its network service (required latency, traffic volume, and possible duration). This is of particular interest for the management and monitoring of Internet of Things (IoT) networks, where NTC will help to segregate traffic and behavior of heterogeneous devices and services. In this paper, we present a new technique for NTC based on a combination of deep learning models that can be used for IoT traffic. We show that a recurrent neural network (RNN) combined with a convolutional neural network (CNN) provides best detection results. The natural domain for a CNN, which is image processing, has been extended to NTC in an easy and natural way. We show that the proposed method provides better detection results than alternative algorithms without requiring any feature engineering, which is usual when applying other models. A complete study is presented on several architectures that integrate a CNN and an RNN, including the impact of the features chosen and the length of the network flows used for training.

[1]  Bo Yang,et al.  Network Traffic Classification Based on Error-Correcting Output Codes and NN Ensemble , 2009, 2009 Sixth International Conference on Fuzzy Systems and Knowledge Discovery.

[2]  Yanghee Choi,et al.  Internet traffic classification demystified: on the sources of the discriminative power , 2010, CoNEXT.

[3]  Andrew W. Moore,et al.  Bayesian Neural Networks for Internet Traffic Classification , 2007, IEEE Transactions on Neural Networks.

[4]  Zhuowen Tu,et al.  Generalizing Pooling Functions in Convolutional Neural Networks: Mixed, Gated, and Tree , 2015, AISTATS.

[5]  Mingtian Zhou,et al.  Internet traffic classification using feed-forward neural network , 2011, 2011 International Conference on Computational Problem-Solving (ICCP).

[6]  Michal Koziuk,et al.  A Multi-Classification Approach for the Detection and Identification of eHealth Applications , 2012, 2012 21st International Conference on Computer Communications and Networks (ICCCN).

[7]  Nitish Srivastava,et al.  Dropout: a simple way to prevent neural networks from overfitting , 2014, J. Mach. Learn. Res..

[8]  Vijay Sivaraman,et al.  Characterizing and classifying IoT traffic in smart cities and campuses , 2017, 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[9]  Carey L. Williamson,et al.  Offline/realtime traffic classification using semi-supervised learning , 2007, Perform. Evaluation.

[10]  Shengnan Hao,et al.  Network traffic classification based on improved DAG-SVM , 2015, 2015 International Conference on Communications, Management and Telecommunications (ComManTel).

[11]  Sebastian Zander,et al.  A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification , 2006, CCRV.

[12]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[13]  Michalis Faloutsos,et al.  Internet traffic classification demystified: myths, caveats, and the best practices , 2008, CoNEXT '08.

[14]  Avinash G. Keskar,et al.  Rough Set Approaches to Unsupervised Neural Network Based Pattern Classifier , 2010 .

[15]  Álvaro Herrero,et al.  Neural projection techniques for the visual inspection of network traffic , 2009, Neurocomputing.

[16]  Sven Behnke,et al.  Hierarchical Neural Networks for Image Interpretation (Lecture Notes in Computer Science) , 2003 .

[17]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[18]  Sergey Ioffe,et al.  Batch Normalization: Accelerating Deep Network Training by Reducing Internal Covariate Shift , 2015, ICML.

[19]  Yuval Elovici,et al.  ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis , 2017, SAC.

[20]  Kyunghyun Cho,et al.  Efficient Character-level Document Classification by Combining Convolution and Recurrent Layers , 2016, ArXiv.

[21]  Zachary Chase Lipton A Critical Review of Recurrent Neural Networks for Sequence Learning , 2015, ArXiv.

[22]  Jun Zhang,et al.  An Effective Network Traffic Classification Method with Unknown Flow Detection , 2013, IEEE Transactions on Network and Service Management.

[23]  M. Amaç Güvensan,et al.  Application identification via network traffic classification , 2017, 2017 International Conference on Computing, Networking and Communications (ICNC).

[24]  Albert Trelis Saiz Independent comparison of popular DPI tools for traffic classification , 2016 .

[25]  Fabrizio Granelli,et al.  Countering Intelligent-Dependent Malicious Nodes in Target Detection Wireless Sensor Networks , 2016, IEEE Sensors Journal.

[26]  Yuehui Chen,et al.  IMPROVING NEURAL NETWORK CLASSIFICATION USING FURTHER DIVISION OF RECOGNITION SPACE , 2007 .

[27]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[28]  Nabin Kumar Karn,et al.  Network Traffic Classification techniques and comparative analysis using Machine Learning algorithms , 2016, 2016 2nd IEEE International Conference on Computer and Communications (ICCC).

[29]  Bryan Ng,et al.  Developing a traffic classification platform for enterprise networks with SDN: Experiences & lessons learned , 2015, 2015 IFIP Networking Conference (IFIP Networking).

[30]  Andrew W. Moore,et al.  Discriminators for use in flow-based classification , 2013 .

[31]  Matthew Roughan,et al.  Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification , 2004, IMC '04.

[32]  Chaozheng Wang,et al.  An improved network traffic classification algorithm based on Hadoop decision tree , 2016, 2016 IEEE International Conference of Online Analysis and Computing Science (ICOACS).

[33]  Jie Wu,et al.  Robust Network Traffic Classification , 2015, IEEE/ACM Transactions on Networking.

[34]  Tara N. Sainath,et al.  Convolutional, Long Short-Term Memory, fully connected Deep Neural Networks , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[35]  Chao Wang,et al.  Network Traffic Classification with Improved Random Forest , 2015, 2015 11th International Conference on Computational Intelligence and Security (CIS).

[36]  Jürgen Schmidhuber,et al.  LSTM: A Search Space Odyssey , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[37]  Maurizio Martinelli,et al.  nDPI: Open-source high-speed deep packet inspection , 2014, 2014 International Wireless Communications and Mobile Computing Conference (IWCMC).

[38]  Marco M. Carvalho,et al.  Network traffic classification using a parallel neural network classifier architecture , 2011, CSIIRW '11.