Skip to main content
SpringerLink
Log in

Hybrid multicriteria fuzzy classification of network traffic patterns, anomalies, and protocols

  • Original Article
  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

Traffic classification in computer networks has very significant roles in network operation, management, and security. Examples include controlling the flow of information, allocating resources effectively, provisioning quality of service, detecting intrusions, and blocking malicious and unauthorized access. This problem has attracted a growing attention over years and a number of techniques have been proposed ranging from traditional port-based and payload inspection of TCP/IP packets to supervised, unsupervised, and semi-supervised machine learning paradigms. With the increasing complexity of network environments and support for emerging mobility services and applications, more robust and accurate techniques need to be investigated. In this paper, we propose a new supervised hybrid machine-learning approach for ubiquitous traffic classification based on multicriteria fuzzy decision trees with attribute selection. Moreover, our approach can handle well the imbalanced datasets and zero-day applications (i.e., those without previously known traffic patterns). Evaluating the proposed methodology on several benchmark real-world traffic datasets of different nature demonstrated its capability to effectively discriminate a variety of traffic patterns, anomalies, and protocols for unencrypted and encrypted traffic flows. Comparing with other methods, the performance of the proposed methodology showed remarkably better classification accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Cup KDD (1999) Dataset for network-based intrusion detection systems. Available on: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  2. Abt S, Wener S, Baier H (2013) Performance evaluation of classification and feature selection algorithms for netflow-based protocol recognition. GI-Jahrestagung 220:2184–2197

    Google Scholar 

  3. Al-Naymat G, Al-Kasassbeh M, Abu-Samhadanh N, Sakr S (2016) Classification of voip and non-voip traffic using machine learning approaches. J Theoretical Appl Inf Tech 92(2):403

    Google Scholar 

  4. Aljawarneh S, Aldwairi M, Yassein MB (2017) Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. Journal of Computational Science. (in press)

  5. Alshammari R, Zincir-Heywood AN (2009) Machine learning based encrypted traffic classification: Identifying ssh and skype. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications, vol. 9, pp 289–296

  6. Altwaijry H, Algarny S (2012) Bayesian based intrusion detection system. J King Saud Univ - Comput Inf Sci 24(1):1–6

    Article  Google Scholar 

  7. Baig MM, Awais MM, El-Alfy ESM (2017) A multiclass cascade of artificial neural network for network intrusion detection. J Intell Fuzzy Syst 32(4):2875–2883

    Article  Google Scholar 

  8. Bakhshi T, Ghita B (2016) On internet traffic classification: A two-phased machine learning approach. Journal of Computer Networks and Communications 2016

  9. Barker J, Hannay P, Szewczyk P (2011) Using traffic analysis to identify the second generation onion router. In: Proceedings IFIP 9th International Conference on Embedded and Ubiquitous Computing, pp 72–78

  10. Belacel N (2000) Multicriteria assignment method proaftn: Methodology and medical application. Eur J Oper Res 125(1):175–183

    Article  Google Scholar 

  11. Belacel N, Boulassel M (2001) Multicriteria fuzzy assignment method: A useful tool to assist medical diagnosis. Artif Intell Med 21(1–3):201–207

    Article  Google Scholar 

  12. Belacel N, Wang Q, Richard R (2005) Web-integration of PROAFTN methodology for acute leukemia diagnosis. Telemedicine J e-Health 11(6):652–659

    Article  Google Scholar 

  13. Bolón-Canedo V, Sánchez-Maroño N, Alonso-Betanzos A (2011) Feature selection and classification in multiple class datasets: An application to KDD cup 99 dataset. Expert Syst Appl 38(5):5947–5957

    Article  Google Scholar 

  14. Cao Z, Xiong G, Zhao Y, Li Z, Guo L (2014) A survey on encrypted traffic classification. In: International Conference on Applications and Techniques in Information Security, pp 73–81

    Chapter  Google Scholar 

  15. Carela-Español V, Barlet-Ros P, Mula-Valls O, Solé-Pareta J. (2015) An autonomic traffic classification system for network operation and management. J Netw Syst Manag 23(3):401–419

    Article  Google Scholar 

  16. Conti M, Mancini LV, Spolaor R, Verde NV (2016) Analyzing android encrypted network traffic to identify user actions. IEEE Trans Inf Forensics Secur 11(1):114–125

    Article  Google Scholar 

  17. Dainotti A, Pescape A, Claffy KC (2012) Issues and future directions in traffic classification. IEEE Netw 26(1):35–40

    Article  Google Scholar 

  18. Depren O, Topallar M, Anarim E, Ciliz MK (2005) An intelligent intrusion detection system (ids) for anomaly and misuse detection in computer networks. Expert Syst Appl 29(4):713–722

    Article  Google Scholar 

  19. El-Alfy ESM, Al-Obeidat FN (2015) Detecting cyber-attacks on wireless mobile networks using multicriterion fuzzy classifier with genetic attribute selection. Mobile Information Systems 2015

  20. Erman J, Arlitt M, Mahanti A (2006) Traffic classification using clustering algorithms. In: Proceedings SIGCOMM Workshop on Mining Network Data, pp 281–286

  21. Este A, Gringoli F, Salgarelli L (2009) Support vector machines for tcp traffic classification. Comput Netw 53(14):2476–2490

    Article  Google Scholar 

  22. Fayyad U, Irani K (1993) Multi-interval discretization of continuous-valued attributes for classification learning. In: XIII International Joint Conference on Artificial Intelligence (IJCAI93), pp 1022–1029

  23. Feng W, Zhang Q, Hu G, Huang JX (2013) Mining network data for intrusion detection through combining SVMs with ant colony networks. Future Generation Computer Systems

  24. Karagiannis T, Broido A, Faloutsos M et al (2004) Transport layer identification of p2p traffic. In: Proceedings of 4th ACM SIGCOMM Conference on Internet measurement, pp 121–134

  25. Kharrazi M, Sen S, Spatscheck O (2007) Towards real-time performance monitoring for encrypted traffic. In: Proceedings of SIGCOMM Workshop on Internet Network Management, pp 287–292

  26. Kim H, Claffy KC, Fomenkov M, Barman D, Faloutsos M, Lee K (2008) Internet traffic classification demystified: myths, caveats, and the best practices. In: Proceedings of ACM CoNEXT Conference, p 11

  27. Kumano Y, Ata S, Nakamura N, Nakahira Y, Oka I (2014) Towards real-time processing for application identification of encrypted traffic. In: International Conference on Computing, Networking and Communications (ICNC), pp 136–140

  28. li W, Liu Z (2011) A method of SVM with normalization in intrusion detection. Procedia Environ Sci 11:256–262. Part A

    Article  Google Scholar 

  29. Li W, Moore A (2007) A machine learning approach for efficient traffic classification. In: Proc. 15th International Sympos. Modeling, Analysis, and Simulation of Computer and Telecommunication Systems, pp 310–317

  30. Moore A, Zuev D, Crogan M (2005) Discriminators for use in flow-based classification. Tech. rep., Queen Mary and Westfield College, Department of Computer Science

  31. Moore A, Zuev D (2005) Internet traffic classification using bayesian analysis techniques. In: ACM SIGMETRICS Performance Evaluation Review, vol 33, pp 50–60

    Article  Google Scholar 

  32. Namdev N, Agrawal S, Silkari S (2015) Recent advancement in machine learning based internet traffic classification. Procedia Comput Sci 60:784–791

    Article  Google Scholar 

  33. Ndatinya V, Xiao Z, Manepalli VR, Meng K, Xiao Y (2015) Network forensics analysis using wireshark. Int J Secur Netw 10(2):91–106

    Article  Google Scholar 

  34. Nguyen T, Armitage G (2008) A survey of techniques for internet traffic classification using machine learning. IEEE Commun Surv Tutorials 10(4):56–76

    Article  Google Scholar 

  35. Okada Y, Ata S, Nakamura N, Nakahira Y, Oka I (2011) Comparisons of machine learning algorithms for application identification of encrypted traffic. In: 10th International Conf. Machine Learning and Applications and Workshops (ICMLA), vol 2, pp 358–361

  36. Paredes-Oliva I, Castell-Uroz I, Barlet-Ros P, Dimitropoulos X, Sole-Pareta J (2012) Practical anomaly detection based on classifying frequent traffic patterns. In: IEEE Conf. Computer Communications Workshops, pp 49–54

  37. Quinlan JR (1993) C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers, San Mateo

    Google Scholar 

  38. Quinlan JR (1996) Improved use of continuous attributes in c4.5. J Artif Intell Res 4:77–90

    Article  Google Scholar 

  39. Singh K, Agrawal S, Sohi B (2013) A near real-time ip traffic classification using machine learning. Int J Intel Syst Appl 5(3):83

    Google Scholar 

  40. Soysal M, Schmidt EG (2010) Machine learning algorithms for accurate flow-based network traffic classification: Evaluation and comparison. Perform Eval 67(6):451–467

    Article  Google Scholar 

  41. Valenti S, Rossi D, Dainotti A, Pescapè A, Finamore A, Mellia M (2013) Reviewing traffic classification. In: Data Traffic Monitoring and Analysis, pp 123–147

    Chapter  Google Scholar 

  42. Velan P, Ċermák M, Ċeleda P, Draṡar M (2015) A survey of methods for encrypted traffic classification and analysis. Int J Netw Manag 25(5):355–374

    Article  Google Scholar 

  43. Vilela DW, Ferreira ET, Shinoda AA, de Souza Araujo NV, de Oliveira R, Nascimento VE (2014) A dataset for evaluating intrusion detection systems in ieee 802.11 wireless networks. In: IEEE Colombian Conf. Communications and Computing (COLCOM), pp 1–5

  44. Wang J, Kuang Q, Duan S (2015) A new online anomaly learning and detection for large-scale service of internet of thing. Pers Ubiquit Comput 19(7):1021–1031

    Article  Google Scholar 

  45. Wang Y, Xiang Y, Zhou W, Yu S (2012) Generating regular expression signatures for network traffic classification in trusted network management. J Netw Comput Appl 35(3):992–1000

    Article  Google Scholar 

  46. Wu SX, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: A review. Appl Soft Comput 10(1):1–35

    Article  Google Scholar 

  47. Xue Y, Wang D, Zhang L (2013) Traffic classification: Issues and challenges. In: Proc. IEEE International Conf. Computing, Networking and Communications (ICNC), pp 545–549

  48. Yuan R, Li Z, Guan X, Xu L (2010) An svm-based machine learning method for accurate internet traffic classification. Inf Syst Front 12(2):149–156

    Article  Google Scholar 

  49. Zander S, Nguyen T, Armitage G (2005) Automated traffic classification and application identification using machine learning. In: IEEE Conf. Local Computer Networks 30th Anniversary (LCN’05), pp 250–257

  50. Zuev D, Moore A (2005) Traffic classification using a statistical approach. In: International Workshop on Passive and Active Network Measurement, pp 321–324

    Google Scholar 

Download references

Acknowledgments

The first author thanks Zayed University for the support during this work. The second author would like to acknowledge funding provided by King Abdulaziz City for Science and Technology (KACST) through the Science and Technology Unit at King Fahd University of Petroleum and Minerals (KFUPM) during this work through project 11-INF1658-04.

Author information

Authors and Affiliations

  1. College of Technological Innovation, Zayed University, Abu Dhabi, United Arab Emirates

    F. Al-Obeidat

  2. Information and Computer Science Department, College of Computer Sciences and Engineering, King Fahd University of Petroleum and Minerals, Dhahran, 31261, Saudi Arabia

    E.-S. M. El-Alfy

Authors
  1. F. Al-Obeidat
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. E.-S. M. El-Alfy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to E.-S. M. El-Alfy.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Al-Obeidat, F., El-Alfy, ES.M. Hybrid multicriteria fuzzy classification of network traffic patterns, anomalies, and protocols. Pers Ubiquit Comput 23, 777–791 (2019). https://doi.org/10.1007/s00779-017-1096-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-017-1096-z

Keywords

Search

Navigation