research-article

A Method of Detecting the Abnormal Encrypted Traffic Based on Machine Learning and Behavior Characteristics

Authors:

Bin Kong,

Zhangpu Liu,

Guangming Zhou,

Xiaoyan YuAuthors Info & Claims

ICCNS '19: Proceedings of the 2019 9th International Conference on Communication and Network Security

Pages 47 - 50

https://doi.org/10.1145/3371676.3371705

Published: 13 January 2020 Publication History

Get Access

Abstract

Classification of network traffic using port-based or deep packet-based analysis is becoming increasingly difficult with many peer-to-peer(P2P) applications using dynamic port numbers, especially in massive data streams. In view of the problem that traditional method cannot be self-learning and self-evolving in dynamic networks, this paper proposed an abnormally encrypted traffic detection method based on machine learning and behavior characteristics, this approach can not only identify unknown abnormal traffic, but eliminate specific feature extraction in advance, which can effectively improve the accuracy of the abnormal encrypted traffic detection system. In this paper, we processed the network traffic data with using a machine learning approach combined behavior characteristics of applications, the experimental results show that in the complex network, the abnormal encrypted data stream detection method based on machine learning and behavior characteristics has higher recognition accuracy and can more effectively solve the problem of abnormally encrypted traffic identification.

References

[1]

Chen Sheng, Zhu Guoshneg, Qi Xiaoyun, Lei Longfei, Zhen Jia, Wu Shanchao, and Wu Mengyu. 2017. Research on Abnormal Network Traffic Detection Based on Machine Learning[J]. Information and Communication, 2017(12):39--42.

Google Scholar

[2]

Wang Haizhong. 2014. Design and Implementation of Network Traffic Classification System Based on Decision Tree [D]. University of Chinese Academy of Sciences(School of Engineering Management and Information Technology).

Google Scholar

[3]

Aceto, G. Dainotti, A. Donato, W. and Pescapé, A. 2010. PortLoad: Taking the best of two worlds in traffic classification. In: Proc. of the INFOCOM IEEE Conf. on Computer Communications Workshops. San Diego: IEEE Press, 2010. 1--5.

Google Scholar

[4]

Guo, ZB. and Qiu, ZD. 2008. Identification of BitTorrent traffic for high speed network using packet sampling and application signatures.Journal of Computer Research and Development, 45(2):227--236.

Google Scholar

[5]

Smith, R. Estan, C. Jha, S. and Kong, SJ. 2008. Deflating the big bang: Fast and scalable deep packet inspection with extended finite automata.In: Bahl V, Wetherall D, Savage S, Stoica I, eds. Proc. of the ACM SIGCOMM 2008 Conf. on Data Communication (SIGCOMM 2008). New York: ACM Press. 207--218.

Google Scholar

[6]

Xu, K. Zhang, M. Ye, MJ. Chiu, DM. and Wu, JP. 2010. Identify P2P traffic by inspecting data transfer behavior. Journal of Computer Communications, 33(10):1141--1150.

Digital Library

Google Scholar

[7]

Sen, S. Spatscheck, O. and Wang, D. 2004. Accurate, scalable in network identification of P2P traffic using application signatures [C] //In WWW2004. New York(USA), 2004.

Google Scholar

[8]

Nguyen, T. T. and Armitage, G. 2008. A survey of techniques for internet traffic classification using machine learning[J]. IEEE Communications Surveys & Tutorials, 10(4):56--76.

Digital Library

Google Scholar

[9]

Alshammari, R. and Zincir-Heywood, A N. 2011. Can encrypted traffic be identified without port numbers, IP addresses and payload inspection?[J]. Computer Networks, 55(6):1326--1350.

Crossref

Google Scholar

[10]

Wang, Y. and Yu, S Z. 2009. Supervised Learning Real-time Traffic Classifiers[J]. Journal of Networks, 4(7):622-62

Crossref

Google Scholar

[11]

Karagiannis, T., Papagiannaki, K., and Faloutsos, M. 2005. BLINC:multilevel traffic classification in the dark [C]. Proceedings of SIGCOMM, Philadelphia, PA, USA, 2005: 229--240.

Digital Library

Google Scholar

[12]

Marques Neto, H. T., Almeida, J. M., and Rocha, L. C. D., et al. 2004. A characterization of broadband user behavior and their e-business activities[J]. ACM SIGMETRICS Performance Evaluation Review, 2004, 32(3): 3--13.

Google Scholar

Cited By

View all

Quan WXu ZLiu MCheng NLiu GGao DZhang HShen XZhuang W(2023)AI-Driven Packet Forwarding With Programmable Data Plane: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2022.321761325:1(762-790)Online publication date: Sep-2024
https://doi.org/10.1109/COMST.2022.3217613
Liang XLi HHuang CChen WChen YGao ZSun MChia H(2023)Outlier-based Anomaly Detection in Firewall Logs2023 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI)10.1109/CCCI58712.2023.10290797(1-10)Online publication date: 18-Oct-2023
https://doi.org/10.1109/CCCI58712.2023.10290797

Index Terms

A Method of Detecting the Abnormal Encrypted Traffic Based on Machine Learning and Behavior Characteristics
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems

Recommendations

Machine Learning Based Abnormal Flow Analysis of University Course Teaching Network
Machine Learning for Cyber Security
Abstract
Due to the influence of abnormal traffic of university course teaching network, the accuracy of analysis results is low, this paper presents a method for analyzing the network traffic of university course teaching based on machine learning. ...
Video crowd detection and abnormal behavior model detection based on machine learning method

Pedestrian detection and abnormal behavior detection is the computer for a given image and video, to determine whether there are pedestrians and their behavior is normal. Pedestrian detection is the basis and premise of pedestrian tracking, behavior ...
Abnormal traffic detection system in SDN based on deep learning hybrid models
Abstract
Software defined network (SDN) provides technical support for network construction of smart cities. However, the openness of SDN is also prone to more network attacks. Traditional abnormal traffic detection algorithms are complex and time-...

Comments

Information & Contributors

Information

Published In

ICCNS '19: Proceedings of the 2019 9th International Conference on Communication and Network Security

November 2019

172 pages

ISBN:9781450376624

DOI:10.1145/3371676

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

University of Tokyo
Chongqing University of Posts and Telecommunications

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 January 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICCNS 2019

ICCNS 2019: 2019 the 9th International Conference on Communication and Network Security

November 15 - 17, 2019

Chongqing, China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
192
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)1

Reflects downloads up to 23 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Quan WXu ZLiu MCheng NLiu GGao DZhang HShen XZhuang W(2023)AI-Driven Packet Forwarding With Programmable Data Plane: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2022.321761325:1(762-790)Online publication date: Sep-2024
https://doi.org/10.1109/COMST.2022.3217613
Liang XLi HHuang CChen WChen YGao ZSun MChia H(2023)Outlier-based Anomaly Detection in Firewall Logs2023 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI)10.1109/CCCI58712.2023.10290797(1-10)Online publication date: 18-Oct-2023
https://doi.org/10.1109/CCCI58712.2023.10290797

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Machine Learning Based Abnormal Flow Analysis of University Course Teaching Network

Video crowd detection and abnormal behavior model detection based on machine learning method

Abnormal traffic detection system in SDN based on deep learning hybrid models

Comments

Published In

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Machine Learning Based Abnormal Flow Analysis of University Course Teaching Network

Video crowd detection and abnormal behavior model detection based on machine learning method

Abnormal traffic detection system in SDN based on deep learning hybrid models

Comments

Information

Published In

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations