NETWORK APPLICATION-LAYER PROTOCOL CLASSIFICATION BASED ON FUZZY DATA AND NEURAL NETWORK PROCESSING
Keywords:Artificial intelligence, classification of network packets, Artificial Neural Networks, fuzzy logic, network traffic analysis, deep package analysis, Machine Learning
A technique of network packet classification on the application layer is proposed. It is based on fuzzy data processing and artificial neural networks to define the network packet belongingness to one of the known network protocols. In the suggested technique, two main data processing stages are distinguished. At the first stage data is preprocessed by fuzzy logic methods. At the second stage the packets are classified by means of an artificial neural network. An artificial neural network having the proposed architecture allows one to determine the following aspects: the type of secure network protocol, the internal state of the network protocol based on the application of logical decision rules, and the type of network application using the identified protocol. The architecture of the bench environment for field tests is considered. During the experiments, the traffic of real network applications that are used around the world was used. Experimental assessment of the offered technique showed rather high quality and work speed of the developed classifier.
T.T.T. Nguyen, G.A. Armitage, “Survey of techniques for internet traffic classification using machine learning,” IEEE Communications Surveys & Tutorials, vol. 10, issue 4, pp. 56-76, 2008.
H. Kawai, S. Ata, N. Nakamura, I. Oka, “Identification of communication devices from analysis of traffic patterns,” Proceedings of the 13th IEEE International Conference on Machine Learning and Applications, Tokyo, Japan, November 26-30, 2017, pp. 1-5.
V. Carela-Español, Network Traffic Classification: From Theory to Practice. Universitat Politècnica de Catalunya Barcelona Tech Department d’Arquitectura de Computadors, Barcelona, 2014.
M. Pietrzyk, Methods and Algorithms for Network Traffic Classification, PhD Thesis, Telecom Paris Tech Thesis, 2011.
G. Sun, T. Chen, Y. Su, Ch. Li, “Internet traffic classification based on incremental support vector machines,” Mob. Netw. Appl., vol. 23, issue 4, pp. 789-796, 2018.
A.A. Branitskiy, I.V. Kotenko, “Analysis and classification of methods for network attack detection,” SPIIRAS Proceedings, vol. 2, issue 45, pp. 207-244, 2016.
R.A. Demidov, A.I. Pechenkin, P.D. Zegzhda, M.O. Kalinin, “Application model of modern artificial neural network methods for the analysis of information systems security,” Automatic Control and Computer Sciences, vol. 52, issue 8, pp. 965-970, 2018.
O. Mula-Valls, A Practical Retraining Mechanism for Network Traffic Classification in Operational Environments, Master Thesis, Universitat Politecnica de Catalunya, 2011.
A. Saied, R.E. Overill, T. Radzik, “Detection of known and unknown DDoS attacks using artificial neural networks,” Neurocomputing, vol. 172, pp. 385-393, 2016.
C. Jie, F. Zhiyi, “Network traffic classification using genetic algorithms based on support vector machine,” International Journal of Security and Its Applications, vol. 10, issue 2, pp. 237-246, 2016.
R. Xu, D. Wunsch, “Survey of clustering algorithms,” IEEE Trans. Neural Networks, vol. 16, issue 3, pp. 645-678, 2005.
A.I. Getman, Yu.V. Markin, E.F. Evstropov, D.O. Obydenkov, “A survey of problems and solution methods in network traffic classification,” Trudy ISP RAN/Proc. ISP RAS, vol. 29, issue 3, pp. 117-150, 2017.
Y.-S. Lim, H.-Ch. Kim, J. Jeong, Ch.-K. Kim, T. T. Kwon, Y. Choi, Internet Traffic Classification Demystified: On the Sources of the Discriminative Power, 2010, [Online] Available at: http http://conferences.sigcomm.org/co-next/2010/CoNEXT_papers/09-Lim.pdf.
M. Rehak, M. Pechoucek, M. Grill, J. Stiborek, K. Bartos, P. Celeda, “Adaptive multiagent system for network traffic monitoring,” IEEE Intelligent Systems, vol. 24, issue 3, pp. 16-25, 2009.
M.-Y. Liao, M.-Y. Luo, Ch.-S. Yang, C.-H. Chen, P.-C. Wu, Y.-C. Chen, “Design and evaluation of deep packet inspection system: A case study,” Networks, IET, vol. 1, pp. 2-9, 2012.
R. Bendrath, M. Mueller, “The end of the net as we know it? Deep packet inspection and internet governance”, New Media & Society, vol. 13, issue 7, pp. 1142-1160, 2011.
J. Singh, M.J. Nene, “A survey on machine learning techniques for intrusion detection systems,” International Journal of Advanced Research in Computer and Communication Engineering, vol. 2, issue 11, pp. 43-49, 2013.
S. Abraham, S. Nair, “Cyber security analytics: A stochastic model for security quantification using absorbing Markov chains,” Journal of Communications, vol. 9, issue 12, pp. 899-907, 2014.
L.A. Zadeh, “Fuzzy sets,” Information and Control, vol. 8, issue 3, pp. 338-353, 1965.
L.A. Zadeh, “Fuzzy algorithms,” Information and Control, vol. 12, issue 2, pp. 94-102, 1968.
I. Kotenko, I. Saenko, S. Ageev, “Applying fuzzy computing methods for on-line monitoring of new generation network elements,” Proceedings of the Third International Scientific Conference “Intelligent Information Technologies for Industry”. Advances in Intelligent Systems and Computing, vol. 874, Springer, Cham, 2018, pp. 331-340.
A. Piegat, Fuzzy Modeling and Control, Springer, 2014.
H. Lim, J. Kim, J. Heo, K. Kim, Y. Hong, Y. Han, “Packet-based network traffic classification using deep learning,” Proceedings of the 2019 International Conference on Artificial Intelligence in Information and Communication, 2019, pp. 046-051.
S. Rezaei, X. Liu, “Deep learning for encrypted traffic classification: An overview,” IEEE Communications Magazine, vol. 57, issue 5, pp. 76-81, 2019.
T. Terano, K. Asai, M. Sugeno (eds.), Applied Fuzzy Systems, Omsya, Tokyo, 1989.
C.M. Bishop, Neural Networks for Pattern Recognition, Department of Computer Science and Applied Mathematics Aston University Birmingham, UK, 1995.
K. Dias, M. Pongelupe, W. Caminhas, L. Errico, “An innovative approach for real-time network traffic classification,” Computer Networks, vol. 158, pp. 143-157, 2019.
G. Aceto, D. Ciuonzo, A. Montieri, A. Pescapè, “Mobile encrypted traffic classification using deep learning,” Proceedings of the IEEE/ACM Network Traffic Measurement and Analysis Conference, Vienna, 2018, pp. 1-8.
Service Name and Transport Protocol Port Number Registry, 2020 [Online]. Available at: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml.
The Transport Layer Security (TLS) Protocol. Version 1.2, 2008 [Online]. Available at: https://tools.ietf.org/html/rfc5246.
E.H. Mamdani, S. Assilian, “An experiment in linguistic synthesis thesis with a fuzzy logic controller,” International Journal of Man-Machine Studies, vol. 7, issue 1, pp. 1-13, 1975.
E.H. Mamdani, “Advances in the linguistic synthesis of fuzzy controllers,” International Journal of Man-Machine Studies, vol. 8, pp. 669-678, 1976.
E.H. Mamdani, “Applications of fuzzy logic to approximate reasoning using linguistic synthesis,” IEEE Transactions on Computers, vol. 26, issue 12, pp. 1182-1191, 1977.
M.L. Minsky, S. Papert, Perceptrons: An Introduction to Computational Geometry, Cambridge, MA, MIT Press, 1987.
S. Raschka, Python Machine Learning, Kindle Edition, 2016.
M. Soysal, E. Schmidt, “Machine learning algorithms for accurate flow-based network traffic classification: Evaluation and comparison,” Perform. Eval., vol. 67, pp. 451-467, 2010.
Y. Okada, S. Ata, N. Nakamura, I. Oka, “Comparisons of machine learning algorithms for application identification of encrypted traffic,” Proceedings of the 10th International Conference on Machine Learning and Applications and Workshops, Honolulu, HI, 2011, pp. 358–361.
S. Osowski, Sieci Neuronowe do Przetwarzania Informacji, Oficyna Wydawnicza Politechniki Warszawskiej, Warszawa, Polsha, 2000. (in Polish)
R. Garreta, G. Moncecchi, Learning scikit-learn: Machine Learning in Python. Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK, 2013.
A. Gulli, S. Pal, Deep Learning with Keras, Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK, 2017.
H. Karau, A. Konwinski, P. Wendell, M. Zaharia, Learning Spark: Lightning-Fast Big Data Analysis, O'Reilly Media, Inc., 2015.
N. Pentreath, Machine Learning with Spark, Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK, 2015.
N. McClure, TensorFlow Machine Learning Cookbook, Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK, 2017.
R. Bonnin, Building Machine Learning Projects with TensorFlow, Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK, 2016.
S. Abrahams, D. Hafner, E. Erwitt, A. Scarpinelli, Tensorflow for machine intelligence, Bleeding Edge Press, Santa Rosa, CA 95404, 2016.
C. Bourez, Deep learning with Theano, Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK, 2017.
A. Kaehler, G. Bradski, Learning OpenCV 3: Computer Vision in C++ with the OpenCV Library, 1st O'Reilly Media, Inc., 2016.
M. Beyeler, Machine Learning for OpenCV, Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK, 2017.
Introduction to Intel® Deep Learning Deployment Toolkit, 2020 [Online]. Available at: https://docs.openvinotoolkit.org/latest/_docs_IE_DG_Introduction.html.
J. Dean, Machine Learning for Systems and Systems for Machine Learning, 2017 [Online]. Available at: https://buzzrobot.com/machine-learning-for-systems-and-systems-for-machine-learning-41438c234e10.
T. Dettmers, Which GPU(s) to Get for Deep Learning: My Experience and Advice for Using GPUs in Deep Learning, 2019 [Online]. Available at: https://timdettmers.com/2019/04/03/which-gpu-for-deep-learning/.
How to Cite
LicenseInternational Journal of Computing is an open access journal. Authors who publish with this journal agree to the following terms:
• Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
• Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
• Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.