Open-Source Framework for Encrypted Internet and Malicious Traffic
Classification
- URL: http://arxiv.org/abs/2206.10144v1
- Date: Tue, 21 Jun 2022 07:01:57 GMT
- Title: Open-Source Framework for Encrypted Internet and Malicious Traffic
Classification
- Authors: Ofek Bader, Adi Lichy, Amit Dvir, Ran Dubin, Chen Hajaj
- Abstract summary: Internet traffic classification plays a key role in network visibility, Quality of Services (QoS), intrusion detection, Quality of Experience (QoE) and traffic-trend analyses.
In this paper, we propose an open-source framework, named OSF-EIMTC, which can provide the full pipeline of the learning process.
- Score: 4.495583520377878
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Internet traffic classification plays a key role in network visibility,
Quality of Services (QoS), intrusion detection, Quality of Experience (QoE) and
traffic-trend analyses. In order to improve privacy, integrity,
confidentiality, and protocol obfuscation, the current traffic is based on
encryption protocols, e.g., SSL/TLS. With the increased use of Machine-Learning
(ML) and Deep-Learning (DL) models in the literature, comparison between
different models and methods has become cumbersome and difficult due to a lack
of a standardized framework. In this paper, we propose an open-source
framework, named OSF-EIMTC, which can provide the full pipeline of the learning
process. From the well-known datasets to extracting new and well-known
features, it provides implementations of well-known ML and DL models (from the
traffic classification literature) as well as evaluations. Such a framework can
facilitate research in traffic classification domains, so that it will be more
repeatable, reproducible, easier to execute, and will allow a more accurate
comparison of well-known and novel features and models. As part of our
framework evaluation, we demonstrate a variety of cases where the framework can
be of use, utilizing multiple datasets, models, and feature sets. We show
analyses of publicly available datasets and invite the community to participate
in our open challenges using the OSF-EIMTC.
Related papers
- MetaTrading: An Immersion-Aware Model Trading Framework for Vehicular Metaverse Services [94.61039892220037]
We present a novel immersion-aware model trading framework that incentivizes metaverse users (MUs) to contribute learning models for augmented reality (AR) services in the vehicular metaverse.
Considering dynamic network conditions and privacy concerns, we formulate the reward decisions of MSPs as a multi-agent Markov decision process.
Experimental results demonstrate that the proposed framework can effectively provide higher-value models for object detection and classification in AR services on real AR-related vehicle datasets.
arXiv Detail & Related papers (2024-10-25T16:20:46Z) - Generic Multi-modal Representation Learning for Network Traffic Analysis [6.372999570085887]
Network traffic analysis is fundamental for network management, troubleshooting, and security.
We propose a flexible Multi-modal Autoencoder (MAE) pipeline that can solve different use cases.
We argue that the MAE architecture is generic and can be used to learn representations useful in multiple scenarios.
arXiv Detail & Related papers (2024-05-04T12:24:29Z) - Many or Few Samples? Comparing Transfer, Contrastive and Meta-Learning
in Encrypted Traffic Classification [68.19713459228369]
We compare transfer learning, meta-learning and contrastive learning against reference Machine Learning (ML) tree-based and monolithic DL models.
We show that (i) using large datasets we can obtain more general representations, (ii) contrastive learning is the best methodology.
While ML tree-based cannot handle large tasks but fits well small tasks, by means of reusing learned representations, DL methods are reaching tree-based models performance also for small tasks.
arXiv Detail & Related papers (2023-05-21T11:20:49Z) - Multi-view Multi-label Anomaly Network Traffic Classification based on
MLP-Mixer Neural Network [55.21501819988941]
Existing network traffic classification based on convolutional neural networks (CNNs) often emphasizes local patterns of traffic data while ignoring global information associations.
We propose an end-to-end network traffic classification method.
arXiv Detail & Related papers (2022-10-30T01:52:05Z) - Active Learning Framework to Automate NetworkTraffic Classification [0.0]
The paper presents a novel ActiveLearning Framework (ALF) to address this topic.
ALF provides components that can be used to deploy an activelearning loop and maintain an ALF instance that continuouslyevolves a dataset and ML model.
The resultingsolution is deployable for IP flow-based analysis of high-speed(100 Gb/s) networks.
arXiv Detail & Related papers (2022-10-26T10:15:18Z) - Visualization Of Class Activation Maps To Explain AI Classification Of
Network Packet Captures [0.0]
The number of connections and the addition of new applications in our networks causes a vast amount of log data.
Deep learning methods provide both feature extraction and classification from data in a single system.
We present a visual interactive tool that combines the classification of network data with an explanation technique to form an interface between experts, algorithms, and data.
arXiv Detail & Related papers (2022-09-05T16:34:43Z) - When a RF Beats a CNN and GRU, Together -- A Comparison of Deep Learning
and Classical Machine Learning Approaches for Encrypted Malware Traffic
Classification [4.495583520377878]
We show that in the case of malicious traffic classification, state-of-the-art DL-based solutions do not necessarily outperform the classical ML-based ones.
We exemplify this finding using two well-known datasets for a varied set of tasks, such as: malware detection, malware family classification, detection of zero-day attacks, and classification of an iteratively growing dataset.
arXiv Detail & Related papers (2022-06-16T08:59:53Z) - Extensible Machine Learning for Encrypted Network Traffic Application
Labeling via Uncertainty Quantification [0.0]
We present a new, public dataset of network traffic that includes labeled, Virtual Private Network (VPN)-encrypted network traffic generated by 10 applications and corresponding to 5 application categories.
We also present an ML framework that is designed to rapidly train with modest data requirements and provide both calibrated, predictive probabilities as well as an interpretable out-of-distribution'' (OOD) score to flag novel traffic samples.
arXiv Detail & Related papers (2022-05-11T16:54:37Z) - RoFL: Attestable Robustness for Secure Federated Learning [59.63865074749391]
Federated Learning allows a large number of clients to train a joint model without the need to share their private data.
To ensure the confidentiality of the client updates, Federated Learning systems employ secure aggregation.
We present RoFL, a secure Federated Learning system that improves robustness against malicious clients.
arXiv Detail & Related papers (2021-07-07T15:42:49Z) - Deep Learning and Traffic Classification: Lessons learned from a
commercial-grade dataset with hundreds of encrypted and zero-day applications [72.02908263225919]
We share our experience on a commercial-grade DL traffic classification engine.
We identify known applications from encrypted traffic, as well as unknown zero-day applications.
We propose a novel technique, tailored for DL models, that is significantly more accurate and light-weight than the state of the art.
arXiv Detail & Related papers (2021-04-07T15:21:22Z) - Edge-assisted Democratized Learning Towards Federated Analytics [67.44078999945722]
We show the hierarchical learning structure of the proposed edge-assisted democratized learning mechanism, namely Edge-DemLearn.
We also validate Edge-DemLearn as a flexible model training mechanism to build a distributed control and aggregation methodology in regions.
arXiv Detail & Related papers (2020-12-01T11:46:03Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.