Real-Time Analysis of Big Network Packet Streams by Learning the Likelihood of Trusted Sequences

  • John YoonEmail author
  • Michael DeBiase
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10968)


Deep Packet Inspection (DPI) is a basic monitoring step for intrusion detection and prevention, where the sequences of packed packets are to be unpacked according to the layered network structure. DPI is performed against overwhelming network packet streams. By nature, network packet data is big data of real-time streaming. The DPI big data analysis, however are extremely expensive, likely to generate false positives, and less adaptive to previously unknown attacks. This paper presents a novel machine learning approach to multithreaded analysis for network traffic streams. The contribution of this paper includes (1) real-time packet data analysis, (2) learning the likelihood of trusted and untrusted packet sequences, and (3) improvement of adaptive detection against previous unknown intrusive attacks.


Network traffic packet streams Multithreading data analysis Intrusion detection and prevention Genetic algorithmic fitness 


  1. 1.
    Cesare, S., Xiang, Y.: Classification of malware using structured control flow. In: Proceedings of 8th Australasian Symposium on Parallel and Distributed Computing, vol. 107 (2010)Google Scholar
  2. 2.
    Kumar, S., Dhamapurikar, S., Yu, F., Crowley, P., Tumer, J.: Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In: The ACM SIGCOMM Computer Communication Review, vol. 36, no. 4 (2006)CrossRefGoogle Scholar
  3. 3.
    Cascarano, N., Ciminiera, L., Risso, F.: Improving cost and accuracy of DPI traffic classifiers. In: Proceedings of ACM Symposium on Applied Computing, Switzerland (2010)Google Scholar
  4. 4.
    Miura, R., Takano, Y., Miwa, S., Inoue, T.: GINTATE: scalable and extensible deep packet inspection system for encrypted network traffic. In: Proceedings of ACM Conference on SoICT, Viet Nam (2017)Google Scholar
  5. 5.
    Wireshark. Accessed 15 Feb 2018
  6. 6.
    How to block traffic by country in the CSF firewall. Accessed 15 Feb 2018
  7. 7.
    Caruccio, L., Deufemia, V., Polese, G.: Evolutionary mining of relaxed dependencies from big data collections. In: Proceedings of the 7th International Conference on Web Intelligence, Mining and Semantics (2017)Google Scholar
  8. 8. Accessed 22 Feb 2018
  9. 9.
    Fan, J., Guan, C., Ren, K., Cui, Y., Qiao, C.: SPABox: safeguarding privacy during deep packet inspection at a MiddleBox. IEEE/ACM Trans. Netw. 25, 3753–3766 (2017)CrossRefGoogle Scholar
  10. 10.
    Lin, Z.: TLS session resumption: full-speed and secure. Accessed 9 Mar (2018)
  11. 11.
    Gill, H., Lin, D., Sarna, L., Mead, R., Lee, K., Loo, B.: SP4: scalable programmable packet processing platform. In: ACM SIGCOMM Computer Communication Review, October 2012CrossRefGoogle Scholar
  12. 12.
    Goldberg, D.: Genetic Algorithms in Search, Optimization, and Machine Learning. Addison-Wesley, Boston (1989)zbMATHGoogle Scholar
  13. 13.
    Nareddy, S., Westover, E., Hillesland, K., Kim, W.: Genome dynamics in coevolved genomes: database management system for tracing mutations. In: Proceedings of the 5th ACM Conference on Bioinformatics, Computational Biology and Health Informatics, pp. 633–634 (2014)Google Scholar
  14. 14.
    Bogard, J.: A probabilistic functional crossover operator for genetic programming. In: Proceedings of the 12th Annual Conference on Genetic and Evolutionary Computation, pp. 925–931 (2010)Google Scholar
  15. 15.
    Stanhope, S.A., Daida, J.M.: Optimal mutation and crossover rates for a genetic algorithm operating in a dynamic environment. In: Porto, V.W., Saravanan, N., Waagen, D., Eiben, A.E. (eds.) EP 1998. LNCS, vol. 1447, pp. 693–702. Springer, Heidelberg (1998). Scholar
  16. 16.
  17. 17.
    LeFevre, J., Sankaranarayanan, J., Hacigumus, H., Tatemura, J., Polyzotis, N.: Towards a workload for evolutionary analytics. In: Proceedings of the 2nd Workshop on Data Analytics in the Cloud (2013)Google Scholar
  18. 18.
    Fan, W., Geerts, F., Cao, Y., Deng, T., Lu, P.: Querying big data by accessing small data. In: ACM Symposium of Principles of Database Systems, pp. 173–184 (2015)Google Scholar
  19. 19. Accessed 29 Jan 2016
  20. 20.
    The R project for statistical computing. Accessed 29 Jan 2016
  21. 21.
    Tumoyan, E., Kavchuk, D.: The method of optimizing the automatic vulnerability validation. In: Proceedings of the 5th International Conference on Security of Information and Networks (2012)Google Scholar
  22. 22.
    Bergmann, K., Scheidler, R., Jacob, C.: Cryptanalysis using genetic algorithms. In: Proceedings of the 10th Annual Conference on Genetic and Evolutionary Computation, July 2008Google Scholar
  23. 23.
    Hoque, M., Mukit, M., Bikas, M.: An implementation of intrusion detection system using genetic algorithm. Int. J. Netw. Secur. Appl. 4 (2012)Google Scholar
  24. 24.
    Hashemi, M., Muda, Z., Yassin, W.: Improving intrusion detection using genetic algorithm. Inf. Technol. J. 12, 2167–2173 (2013)CrossRefGoogle Scholar
  25. 25.
    Khan, A., Gleich, D., Pothen, A., Halappanavar, M.: A multithreaded algorithm for network alignment via approximate matching. In: Proceedings of the International Conference on High Performance Computing, Networking, Storage and Analysis (2012)Google Scholar
  26. 26.
    RFC Sourcebook, TCP/UDP ports. Accessed 1 Mar 2018

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Mercy CollegeDobbs FerryUSA
  2. 2.IT DepartmentWestchester County GovernmentWhite PlainsUSA

Personalised recommendations