Abstract
Traffic classification in computer networks has very significant roles in network operation, management, and security. Examples include controlling the flow of information, allocating resources effectively, provisioning quality of service, detecting intrusions, and blocking malicious and unauthorized access. This problem has attracted a growing attention over years and a number of techniques have been proposed ranging from traditional port-based and payload inspection of TCP/IP packets to supervised, unsupervised, and semi-supervised machine learning paradigms. With the increasing complexity of network environments and support for emerging mobility services and applications, more robust and accurate techniques need to be investigated. In this paper, we propose a new supervised hybrid machine-learning approach for ubiquitous traffic classification based on multicriteria fuzzy decision trees with attribute selection. Moreover, our approach can handle well the imbalanced datasets and zero-day applications (i.e., those without previously known traffic patterns). Evaluating the proposed methodology on several benchmark real-world traffic datasets of different nature demonstrated its capability to effectively discriminate a variety of traffic patterns, anomalies, and protocols for unencrypted and encrypted traffic flows. Comparing with other methods, the performance of the proposed methodology showed remarkably better classification accuracy.
Similar content being viewed by others
References
Cup KDD (1999) Dataset for network-based intrusion detection systems. Available on: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Abt S, Wener S, Baier H (2013) Performance evaluation of classification and feature selection algorithms for netflow-based protocol recognition. GI-Jahrestagung 220:2184–2197
Al-Naymat G, Al-Kasassbeh M, Abu-Samhadanh N, Sakr S (2016) Classification of voip and non-voip traffic using machine learning approaches. J Theoretical Appl Inf Tech 92(2):403
Aljawarneh S, Aldwairi M, Yassein MB (2017) Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. Journal of Computational Science. (in press)
Alshammari R, Zincir-Heywood AN (2009) Machine learning based encrypted traffic classification: Identifying ssh and skype. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications, vol. 9, pp 289–296
Altwaijry H, Algarny S (2012) Bayesian based intrusion detection system. J King Saud Univ - Comput Inf Sci 24(1):1–6
Baig MM, Awais MM, El-Alfy ESM (2017) A multiclass cascade of artificial neural network for network intrusion detection. J Intell Fuzzy Syst 32(4):2875–2883
Bakhshi T, Ghita B (2016) On internet traffic classification: A two-phased machine learning approach. Journal of Computer Networks and Communications 2016
Barker J, Hannay P, Szewczyk P (2011) Using traffic analysis to identify the second generation onion router. In: Proceedings IFIP 9th International Conference on Embedded and Ubiquitous Computing, pp 72–78
Belacel N (2000) Multicriteria assignment method proaftn: Methodology and medical application. Eur J Oper Res 125(1):175–183
Belacel N, Boulassel M (2001) Multicriteria fuzzy assignment method: A useful tool to assist medical diagnosis. Artif Intell Med 21(1–3):201–207
Belacel N, Wang Q, Richard R (2005) Web-integration of PROAFTN methodology for acute leukemia diagnosis. Telemedicine J e-Health 11(6):652–659
Bolón-Canedo V, Sánchez-Maroño N, Alonso-Betanzos A (2011) Feature selection and classification in multiple class datasets: An application to KDD cup 99 dataset. Expert Syst Appl 38(5):5947–5957
Cao Z, Xiong G, Zhao Y, Li Z, Guo L (2014) A survey on encrypted traffic classification. In: International Conference on Applications and Techniques in Information Security, pp 73–81
Carela-Español V, Barlet-Ros P, Mula-Valls O, Solé-Pareta J. (2015) An autonomic traffic classification system for network operation and management. J Netw Syst Manag 23(3):401–419
Conti M, Mancini LV, Spolaor R, Verde NV (2016) Analyzing android encrypted network traffic to identify user actions. IEEE Trans Inf Forensics Secur 11(1):114–125
Dainotti A, Pescape A, Claffy KC (2012) Issues and future directions in traffic classification. IEEE Netw 26(1):35–40
Depren O, Topallar M, Anarim E, Ciliz MK (2005) An intelligent intrusion detection system (ids) for anomaly and misuse detection in computer networks. Expert Syst Appl 29(4):713–722
El-Alfy ESM, Al-Obeidat FN (2015) Detecting cyber-attacks on wireless mobile networks using multicriterion fuzzy classifier with genetic attribute selection. Mobile Information Systems 2015
Erman J, Arlitt M, Mahanti A (2006) Traffic classification using clustering algorithms. In: Proceedings SIGCOMM Workshop on Mining Network Data, pp 281–286
Este A, Gringoli F, Salgarelli L (2009) Support vector machines for tcp traffic classification. Comput Netw 53(14):2476–2490
Fayyad U, Irani K (1993) Multi-interval discretization of continuous-valued attributes for classification learning. In: XIII International Joint Conference on Artificial Intelligence (IJCAI93), pp 1022–1029
Feng W, Zhang Q, Hu G, Huang JX (2013) Mining network data for intrusion detection through combining SVMs with ant colony networks. Future Generation Computer Systems
Karagiannis T, Broido A, Faloutsos M et al (2004) Transport layer identification of p2p traffic. In: Proceedings of 4th ACM SIGCOMM Conference on Internet measurement, pp 121–134
Kharrazi M, Sen S, Spatscheck O (2007) Towards real-time performance monitoring for encrypted traffic. In: Proceedings of SIGCOMM Workshop on Internet Network Management, pp 287–292
Kim H, Claffy KC, Fomenkov M, Barman D, Faloutsos M, Lee K (2008) Internet traffic classification demystified: myths, caveats, and the best practices. In: Proceedings of ACM CoNEXT Conference, p 11
Kumano Y, Ata S, Nakamura N, Nakahira Y, Oka I (2014) Towards real-time processing for application identification of encrypted traffic. In: International Conference on Computing, Networking and Communications (ICNC), pp 136–140
li W, Liu Z (2011) A method of SVM with normalization in intrusion detection. Procedia Environ Sci 11:256–262. Part A
Li W, Moore A (2007) A machine learning approach for efficient traffic classification. In: Proc. 15th International Sympos. Modeling, Analysis, and Simulation of Computer and Telecommunication Systems, pp 310–317
Moore A, Zuev D, Crogan M (2005) Discriminators for use in flow-based classification. Tech. rep., Queen Mary and Westfield College, Department of Computer Science
Moore A, Zuev D (2005) Internet traffic classification using bayesian analysis techniques. In: ACM SIGMETRICS Performance Evaluation Review, vol 33, pp 50–60
Namdev N, Agrawal S, Silkari S (2015) Recent advancement in machine learning based internet traffic classification. Procedia Comput Sci 60:784–791
Ndatinya V, Xiao Z, Manepalli VR, Meng K, Xiao Y (2015) Network forensics analysis using wireshark. Int J Secur Netw 10(2):91–106
Nguyen T, Armitage G (2008) A survey of techniques for internet traffic classification using machine learning. IEEE Commun Surv Tutorials 10(4):56–76
Okada Y, Ata S, Nakamura N, Nakahira Y, Oka I (2011) Comparisons of machine learning algorithms for application identification of encrypted traffic. In: 10th International Conf. Machine Learning and Applications and Workshops (ICMLA), vol 2, pp 358–361
Paredes-Oliva I, Castell-Uroz I, Barlet-Ros P, Dimitropoulos X, Sole-Pareta J (2012) Practical anomaly detection based on classifying frequent traffic patterns. In: IEEE Conf. Computer Communications Workshops, pp 49–54
Quinlan JR (1993) C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers, San Mateo
Quinlan JR (1996) Improved use of continuous attributes in c4.5. J Artif Intell Res 4:77–90
Singh K, Agrawal S, Sohi B (2013) A near real-time ip traffic classification using machine learning. Int J Intel Syst Appl 5(3):83
Soysal M, Schmidt EG (2010) Machine learning algorithms for accurate flow-based network traffic classification: Evaluation and comparison. Perform Eval 67(6):451–467
Valenti S, Rossi D, Dainotti A, Pescapè A, Finamore A, Mellia M (2013) Reviewing traffic classification. In: Data Traffic Monitoring and Analysis, pp 123–147
Velan P, Ċermák M, Ċeleda P, Draṡar M (2015) A survey of methods for encrypted traffic classification and analysis. Int J Netw Manag 25(5):355–374
Vilela DW, Ferreira ET, Shinoda AA, de Souza Araujo NV, de Oliveira R, Nascimento VE (2014) A dataset for evaluating intrusion detection systems in ieee 802.11 wireless networks. In: IEEE Colombian Conf. Communications and Computing (COLCOM), pp 1–5
Wang J, Kuang Q, Duan S (2015) A new online anomaly learning and detection for large-scale service of internet of thing. Pers Ubiquit Comput 19(7):1021–1031
Wang Y, Xiang Y, Zhou W, Yu S (2012) Generating regular expression signatures for network traffic classification in trusted network management. J Netw Comput Appl 35(3):992–1000
Wu SX, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: A review. Appl Soft Comput 10(1):1–35
Xue Y, Wang D, Zhang L (2013) Traffic classification: Issues and challenges. In: Proc. IEEE International Conf. Computing, Networking and Communications (ICNC), pp 545–549
Yuan R, Li Z, Guan X, Xu L (2010) An svm-based machine learning method for accurate internet traffic classification. Inf Syst Front 12(2):149–156
Zander S, Nguyen T, Armitage G (2005) Automated traffic classification and application identification using machine learning. In: IEEE Conf. Local Computer Networks 30th Anniversary (LCN’05), pp 250–257
Zuev D, Moore A (2005) Traffic classification using a statistical approach. In: International Workshop on Passive and Active Network Measurement, pp 321–324
Acknowledgments
The first author thanks Zayed University for the support during this work. The second author would like to acknowledge funding provided by King Abdulaziz City for Science and Technology (KACST) through the Science and Technology Unit at King Fahd University of Petroleum and Minerals (KFUPM) during this work through project 11-INF1658-04.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Al-Obeidat, F., El-Alfy, ES.M. Hybrid multicriteria fuzzy classification of network traffic patterns, anomalies, and protocols. Pers Ubiquit Comput 23, 777–791 (2019). https://doi.org/10.1007/s00779-017-1096-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00779-017-1096-z