Network traffic classification method supporting unknown protocol detection

Hongyu Liu; Bo Lang

doi:10.1109/LCN52139.2021.9525009

Network traffic classification method supporting unknown protocol detection

Hongyu Liu
, Bo Lang

计算机学院

Beihang University

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

7 引用（Scopus）

摘要

At present, private protocols are widely used on the Internet. As a result, traditional traffic classification methods including port-based and DPI methods have become restricted. Existing machine learning-based methods depend on feature engineering, which makes feature design difficult. In addition, classification models can only classify data as predefined categories, which restricts the models when they are used to detect unknown protocol traffic. To address the above problems, we propose a two-stage traffic classification method combining a CNN model and a density-based clustering algorithm, which can classify known protocol traffic and detect arbitrary kinds of unknown protocol traffic simultaneously. We conducted sufficient experiments on the Information Security Centre of Excellence (ISCX) VPN-nonVPN and Defense Advanced Research Projects Agency (DARPA) 1998 datasets, and the accuracies on the test sets containing known and unknown protocol traffic achieved 97.03% and 98.50%, respectively, which are superior to other studies.

源语言	英语
主期刊名	Proceedings of the IEEE 46th Conference on Local Computer Networks, LCN 2021
编辑	Lyes Khoukhi, Sharief Oteafy, Eyuphan Bulut
出版商	IEEE Computer Society
页	311-314
页数	4
ISBN（电子版）	9780738124766
DOI	https://doi.org/10.1109/LCN52139.2021.9525009
出版状态	已出版 - 4 10月 2021
活动	46th IEEE Conference on Local Computer Networks, LCN 2021 - Edmonton, 加拿大期限: 4 10月 2021 → 7 10月 2021

出版系列

姓名	Proceedings - Conference on Local Computer Networks, LCN
卷	2021-October

会议

会议	46th IEEE Conference on Local Computer Networks, LCN 2021
国家/地区	加拿大
市	Edmonton
时期	4/10/21 → 7/10/21

访问文件

10.1109/LCN52139.2021.9525009

其它文件与链接

链接到 Scopus 的出版物

引用此

Liu, H., & Lang, B. (2021). Network traffic classification method supporting unknown protocol detection. 在 L. Khoukhi, S. Oteafy, & E. Bulut (编辑), Proceedings of the IEEE 46th Conference on Local Computer Networks, LCN 2021 (页码 311-314). (Proceedings - Conference on Local Computer Networks, LCN; 卷 2021-October). IEEE Computer Society. https://doi.org/10.1109/LCN52139.2021.9525009

@inproceedings{e8dbaaa3acfa485db63efc123e20b385,

title = "Network traffic classification method supporting unknown protocol detection",

abstract = "At present, private protocols are widely used on the Internet. As a result, traditional traffic classification methods including port-based and DPI methods have become restricted. Existing machine learning-based methods depend on feature engineering, which makes feature design difficult. In addition, classification models can only classify data as predefined categories, which restricts the models when they are used to detect unknown protocol traffic. To address the above problems, we propose a two-stage traffic classification method combining a CNN model and a density-based clustering algorithm, which can classify known protocol traffic and detect arbitrary kinds of unknown protocol traffic simultaneously. We conducted sufficient experiments on the Information Security Centre of Excellence (ISCX) VPN-nonVPN and Defense Advanced Research Projects Agency (DARPA) 1998 datasets, and the accuracies on the test sets containing known and unknown protocol traffic achieved 97.03\% and 98.50\%, respectively, which are superior to other studies.",

author = "Hongyu Liu and Bo Lang",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 46th IEEE Conference on Local Computer Networks, LCN 2021 ; Conference date: 04-10-2021 Through 07-10-2021",

year = "2021",

month = oct,

day = "4",

doi = "10.1109/LCN52139.2021.9525009",

language = "英语",

series = "Proceedings - Conference on Local Computer Networks, LCN",

publisher = "IEEE Computer Society",

pages = "311--314",

editor = "Lyes Khoukhi and Sharief Oteafy and Eyuphan Bulut",

booktitle = "Proceedings of the IEEE 46th Conference on Local Computer Networks, LCN 2021",

address = "美国",

}

Liu, H & Lang, B 2021, Network traffic classification method supporting unknown protocol detection. 在 L Khoukhi, S Oteafy & E Bulut (编辑), Proceedings of the IEEE 46th Conference on Local Computer Networks, LCN 2021. Proceedings - Conference on Local Computer Networks, LCN, 卷 2021-October, IEEE Computer Society, 页码 311-314, 46th IEEE Conference on Local Computer Networks, LCN 2021, Edmonton, 加拿大, 4/10/21. https://doi.org/10.1109/LCN52139.2021.9525009

Network traffic classification method supporting unknown protocol detection. / Liu, Hongyu; Lang, Bo.
Proceedings of the IEEE 46th Conference on Local Computer Networks, LCN 2021. 编辑 / Lyes Khoukhi; Sharief Oteafy; Eyuphan Bulut. IEEE Computer Society, 2021. 页码 311-314 (Proceedings - Conference on Local Computer Networks, LCN; 卷 2021-October).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - Network traffic classification method supporting unknown protocol detection

AU - Liu, Hongyu

AU - Lang, Bo

PY - 2021/10/4

Y1 - 2021/10/4

N2 - At present, private protocols are widely used on the Internet. As a result, traditional traffic classification methods including port-based and DPI methods have become restricted. Existing machine learning-based methods depend on feature engineering, which makes feature design difficult. In addition, classification models can only classify data as predefined categories, which restricts the models when they are used to detect unknown protocol traffic. To address the above problems, we propose a two-stage traffic classification method combining a CNN model and a density-based clustering algorithm, which can classify known protocol traffic and detect arbitrary kinds of unknown protocol traffic simultaneously. We conducted sufficient experiments on the Information Security Centre of Excellence (ISCX) VPN-nonVPN and Defense Advanced Research Projects Agency (DARPA) 1998 datasets, and the accuracies on the test sets containing known and unknown protocol traffic achieved 97.03% and 98.50%, respectively, which are superior to other studies.

AB - At present, private protocols are widely used on the Internet. As a result, traditional traffic classification methods including port-based and DPI methods have become restricted. Existing machine learning-based methods depend on feature engineering, which makes feature design difficult. In addition, classification models can only classify data as predefined categories, which restricts the models when they are used to detect unknown protocol traffic. To address the above problems, we propose a two-stage traffic classification method combining a CNN model and a density-based clustering algorithm, which can classify known protocol traffic and detect arbitrary kinds of unknown protocol traffic simultaneously. We conducted sufficient experiments on the Information Security Centre of Excellence (ISCX) VPN-nonVPN and Defense Advanced Research Projects Agency (DARPA) 1998 datasets, and the accuracies on the test sets containing known and unknown protocol traffic achieved 97.03% and 98.50%, respectively, which are superior to other studies.

UR - https://www.scopus.com/pages/publications/85118461227

U2 - 10.1109/LCN52139.2021.9525009

DO - 10.1109/LCN52139.2021.9525009

M3 - 会议稿件

AN - SCOPUS:85118461227

T3 - Proceedings - Conference on Local Computer Networks, LCN

SP - 311

EP - 314

BT - Proceedings of the IEEE 46th Conference on Local Computer Networks, LCN 2021

A2 - Khoukhi, Lyes

A2 - Oteafy, Sharief

A2 - Bulut, Eyuphan

PB - IEEE Computer Society

T2 - 46th IEEE Conference on Local Computer Networks, LCN 2021

Y2 - 4 October 2021 through 7 October 2021

ER -

Network traffic classification method supporting unknown protocol detection

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此