Yi-Chuan Wang,Bin-Bin Bai,Xin-Hong Hei,Ju Ren,Wen-Jiang Ji

DOI: https://doi.org/10.6688/jise.202007_36(4).0005

2020-01-01

Journal of information science and engineering

Abstract:In recent years, unscrupulous hacker attacks have led to the information leakage of enterprise and individual network users, which makes the network security issue unprecedented concerned. Botnet and dark network, which use C & C channel of unknown protocol format to communicate, are the important parts. With the development of wireless mobile networks technology, this problem becomes more prominent. Classifying and identifying the unknown protocol features can help us to judge and predict the unknown attack behavior in the Internet of things environment, so as to protect the network security. Firstly, this paper compares the protocol features to be detected with the existing protocol features in the feature base through the vectorization operation of protocol features, selects the feature set with high recognition rate, and judges the similarity between protocols. The extracted composite features are digitized to generate 0-1 matrix, then Principal Component Analysis (PCA) dimension reduction is processed, and finally clustering analysis is carried out. A Clique to Protocol Feature Vectorization (CPFV) algorithm is designed to improve the efficiency of protocol clustering and finally generate a new protocol format. The experimental results show that compared with the traditional Clique and BIRCH algorithms, the proposed optimization algorithm improves the accuracy by 20% and the stability by 15%. It can cluster and identify unknown protocols accurately and quickly.

YoungGiu Jung,Chang-Min Jeong

DOI: https://doi.org/10.1007/s11227-019-03108-w

IF: 3.3

2020-01-01

The Journal of Supercomputing

Abstract:The protocol reverse engineering technique can be used to extract the specification of an unknown protocol. However, there is no standardized method, and in most cases, the extracting process is executed manually or semiautomatically. Since only frequently seen values are extracted as fields from the messages of a protocol, it is difficult to understand the complete specification of the protocol. Therefore, if the information about the structure of an unknown protocol could be acquired in advance, it would be easy to conduct reverse engineering. As such, one of the most important techniques for classifying unknown protocols is a feature extraction algorithm. In this paper, we propose a new feature extraction algorithm based on average histogram for classification of an unknown protocol and design unknown protocol classifier using deep belief networks, one of deep learning algorithms. In order to verify the performance of the proposed system, we performed the training using eight open protocols to evaluate the performance using unknown data. Experimental results show that the proposed technique gives significantly more reliable results of about 99% classification performance, regardless of the strength of the modification of the protocol.

Jun Li,Shunyi Zhang,Yanqing Lu,Junrong Yan

DOI: https://doi.org/10.1007/s11767-007-0110-4

2009-01-01

Abstract:Accurate and real-time classification of network traffic is significant to network operation and management such as QoS differentiation, traffic shaping and security surveillance. However, with many newly emerged P2P applications using dynamic port numbers, masquerading techniques, and payload encryption to avoid detection, traditional classification approaches turn to be ineffective. In this paper, we present a layered hybrid system to classify current Internet traffic, motivated by variety of network activities and their requirements of traffic classification. The proposed method could achieve fast and accurate traffic classification with low overheads and robustness to accommodate both known and unknown/encrypted applications. Furthermore, it is feasible to be used in the context of real-time traffic classification. Our experimental results show the distinct advantages of the proposed classification system, compared with the one-step Machine Learning (ML) approach.

Jiaxin Shi,Lin Ye,Zhongwei Li,Dongyang Zhan

DOI: https://doi.org/10.32604/cmes.2022.017467

2022-01-01

Computer Modeling in Engineering & Sciences

Abstract:With the rapid development of the Internet, a large number of private protocols emerge on the network. However, some of them are constructed by attackers to avoid being analyzed, posing a threat to computer network security. The blockchain uses the P2P protocol to implement various functions across the network. Furthermore, the P2P protocol format of blockchain may differ from the standard format specification, which leads to sniffing tools such as Wireshark and Fiddler not being able to recognize them. Therefore, the ability to distinguish different types of unknown network protocols is vital for network security. In this paper, we propose an unsupervised clustering algorithm based on maximum frequent sequences for binary protocols, which can distinguish various unknown protocols to provide support for analyzing unknown protocol formats. We mine the maximum frequent sequences of protocol message sets in bytes. And we calculate the fuzzy membership of the protocol message to each maximum frequent sequence, which is based on fuzzy set theory. Then we construct the fuzzy membership vector for each protocol message. Finally, we adopt K-means++ to split different types of protocol messages into several clusters and evaluate the performance by calculating homogeneity, integrity, and Fowlkes and Mallows Index (FMI). Besides, the clustering algorithms based on Needleman-Wunsch and the fixed-length prefix are compared with the algorithm presented in this paper. Compared with these traditional clustering methods, we demonstrate a certain improvement in the clustering performance of our work.

Xiaohang Zhang,Yuqi Li,Zhengren Li

DOI: https://doi.org/10.1007/s11036-022-01913-x

2022-02-10

Mobile Networks and Applications

Abstract:Under the configuration of the new generation communication network, the algorithm based on machine learning has been widely used in network optimization and mobile user behavior prediction. Therefore, the optimization method with hyper-parameters will have a huge development space in the field of mobile communication network. However, for non-professionals, the bottleneck that restricts the further development and application of the whole machine learning is the selection of suitable machine learning algorithm and the determination of suitable algorithm hyper-parameters. Researchers have proposed to use automatic machine learning algorithm to solve this remarkable problem. This article forms a technical manual that can be easily searched by researchers with summarizing related hyper-parameter optimization methods and proposing the corresponding algorithm framework. Moreover, through the comparison of related optimization methods, we highlight the characteristics and deficiencies of related algorithms in the new generation of mobile networks, and put forward suggestions for future improvement.

computer science, information systems,telecommunications, hardware & architecture

Yipeng Wang,Xiaochun Yun,Yongzheng Zhang

DOI: https://doi.org/10.1109/icnp.2015.43

2015-01-01

Abstract:Protocol traffic analysis is important for a variety of networking and security infrastructures, such as intrusion detection and prevention systems, network management systems, and protocol specification parsers. In this paper, we propose ProHacker, a nonparametric approach that extracts robust and accurate protocol keywords from network traces and effectively identifies the protocol trace from mixed Internet traffic. ProHacker is based on the key insight that the n-grams of protocol traces have highly predictable statistical nature that can be effectively captured by statistical language models and leveraged for robust and accurate protocol identification. In ProHacker, we first extract protocol keywords using a nonparametric Bayesian statistical model, and then use the corresponding protocol keywords to classify protocol traces by a semi-supervised learning algorithm. We implement and evaluate ProHacker on real-world traces, including SMTP, FTP, PPLive, SopCast, and PPStream, and our experimental results show that ProHacker can accurately identify the protocol trace with an average precision of about 99.42% and an average recall of about 98.64%. We also compare the results of ProHacker to two state-of-the-art approaches ProWord and Securitas using backbone traffic. We show that ProHacker provides significant improvements on precision and recall for online protocol identification.

Wumei Du,Dong Liang,Yiqin Lv,Xingxing Liang,Guanlin Wu,Qi Wang,Zheng Xie

2024-12-09

Abstract:Internet services have led to the eruption of network traffic, and machine learning on these Internet data has become an indispensable tool, especially when the application is risk-sensitive. This paper focuses on network traffic classification in the presence of class imbalance, which fundamentally and ubiquitously exists in Internet data analysis. This existence of class imbalance mostly drifts the optimal decision boundary and results in a less optimal solution. This brings severe safety concerns in the network traffic field when pattern recognition is challenging with numerous minority malicious classes. To alleviate these effects, we design a \textit{group \& reweight} strategy for alleviating the class imbalance. Inspired by the group distributionally optimization framework, our approach heuristically clusters classes into groups, iteratively updates the non-parametric weights for separate classes and optimizes the learning model by minimizing reweighted losses. We theoretically interpret the optimization process from a Stackelberg game and perform extensive experiments on typical benchmarks. Results show that our approach can not only suppress the negative effect of class imbalance but also improve the comprehensive performance in prediction.

Machine Learning

Qian Tan,Yanni Han,Hui Tang,Song Ci

DOI: https://doi.org/10.1109/icon.2012.6506546

2012-01-01

Abstract:By integrating different radio technologies, the heterogeneous wireless network is excepted to support end-to-end QoS and provide the "best" user experience. However these integrated networks have different access technologies and complex designed parameters. Current researches on the uncertain relationship among those parameters in such a dynamic and complicated system made it difficult to optimize the global network performance. As their inter-dependencies of each parameter may have a nonlinear relationship on the system performance metric of interest. This paper proposes a novel approach to analyze the global optimization problem in a heterogeneous network. We adopt a non-additive model based on Choquet integral to deal with the observed data in order to determine the network parameters' significance. By adjusting the most significant parameter, we can optimize network transfer performance. A simulation platform, which is deployed two applications such as voice and video conferencing, has been developed using OPNET to support our approach. Experimental evaluation shows that the proposed method's feasibility and effectiveness.

Shidong Zhang,Yanzhen Li,Zhimin Shao,Yong Sun

DOI: https://doi.org/10.1109/DCABES.2015.69

2015-01-01

Abstract:In this paper, we study the approach of user classification and service optimization for the file sharing application to P2P network. The user classification model is proposed which is based on user interest similarity and time feature similarity, and the method for determining user similarity is given. By analyzing the component features of user classification model, the results show that the model is consistent with the behavior of network users, and the efficiency and success rate of network resource search can be improved.

Jianhua Huang,Jianhe Zhou,Zhe Wang,Quanliang wang,Yong Peng

DOI: https://doi.org/10.1145/3421766.3421811

2020-01-01

Abstract:A network traffic classification model and optimization method based on PSO-SVM is proposed in this paper to solve the difficulties of traffic classification and its low-performance model in intrusion detection system. Based on the expansion of SVM from the two-category traffic classification structure into the five-category structure, a hybrid kernel function combining Poly and RBF is constructed by model to ensure the generalization ability and model learning; and then after conducting particle swarm optimization on the various parameters of SVM model, the search spaces tablished by nonlinear inertia weight coefficient and learning factor of asynchronous optimization are conducted with fitness evaluation to achieve the optimal solution and enhance the convergence ability of algorithm. The experimental results show that the network traffic classification model and optimization method based on PSO-SVM proposed in this paper can achieve traffic classification and improve the performance of classification model.

Murillo G. Carneiro,Liang Zhao,Ran Cheng,Yaochu Jin

DOI: https://doi.org/10.1109/ijcnn.2016.7727681

2016-01-01

Abstract:While most part of the complex network models are described in function of some growth mechanism, the optimization of a goal or certain characteristics can be desirable for some problems. This paper investigates structural optimization of networks in the highlevel classification context, where the classification produced by a traditional classifier is combined with the classification provided by complex network measures. Using the recently proposed social learning particle swarm optimization (SL-PSO), a bio-inspired optimization framework, which is responsible to build up the network and adjust the parameters of the hybrid model while conducting the optimization of a quality function, is proposed. Experiments on two real-world problems, the Handwritten Digits Recognition and the Semantic Role Labeling (SRL), were performed. In both problems, the optimization framework is able to improve the classification given by a state-of-the-art algorithm to SRL. Furthermore, the optimization framework proposed here can be extended to other machine learning tasks.

Huijun Gao,Dongxu Lei,Songlin Zhuang,Baruch Barzel,Stefano Boccaletti

DOI: https://doi.org/10.21203/rs.3.rs-4963495/v1

2024-01-01

Abstract:Modern society takes connectivity for granted. We, therefore, rely quite heavily on our communication networks, both to sustain interpersonal connections, but also to support our technological infrastructure, e.g., health, power or transportation. This dependence will further strengthen as 5G technology becomes more pervasive and communication traffic sharply increases. It is, therefore, crucial to develop methods to optimize the efficiency and reliability of our ever-expanding networks. Such methods must account for the interplay between the static network infrastructure and the dynamic user connection preferences. The problem is that the user preferences arise from each individual’s mobility and communication patterns - data that are strictly protected by privacy concerns, and hence cannot be used for the network optimization. To address this challenge we develop CLUSTER, an interpretable Bayesian non-parametric framework, that uses aggregate, low resolution, user data, to detect user groups with predictably correlated connection patterns. We show that CLUSTER offers actionable insights on the network management, such as setting each base-station’s activation cycles, detecting critical stations and guiding the deployment of new stations. All, without violating user privacy. More broadly, CLUSTER illustrates a general approach to extract meaningful information from privacy protected data.

Yaxuan Qi,Lianghong Xu,Baohua Yang,Yibo Xue,Jun Li

DOI: https://doi.org/10.1109/infcom.2009.5061972

2009-01-01

Abstract:During the past decade, the packet classification problem has been widely studied to accelerate network applications such as access control, traffic engineering and intrusion detection. In our research, we found that-although a great number of packet classification algorithms have been proposed in recent years, unfortunately most of them stagnate in mathematical analysis or software simulation stages and few of them have been implemented in commercial products as a generic solution. To fill the gap between theory and practice, in this paper, we propose a novel packet classification algorithm named HyperSplit. Compared to the well-known HiCuts and HSM algorithms, HyperSplit achieves superior performance in terms of classification speed, memory usage and preprocessing time. The practicability of the proposed algorithm is manifested by two facts in our test: HyperSplit is the only algorithm that can successfully handle all the rule sets; HyperSplit is also the only algorithm that reaches more than 6Gbps throughput on the Octeon3860 multi-core platform when tested with 64-byte Ethernet packets against 10K ACL rules.

Zhou Wengang,Chen Leiting,Dong Shi

DOI: https://doi.org/10.3724/sp.j.1187.2013.01114

2013-01-01

JOURNAL OF ELECTRONIC MEASUREMENT AND INSTRUMENT

Abstract:A number of network activities can benefit from accurate traffic classification and identification. However, the current classification methods, either port-based or payload-based, are becoming ineffective as many P2P applications use dynamic port numbers, masquerading techniques, and encryption to avoid detection. This paper discusses and explores a new method that is based on supervised machine learning mechanisms, which eliminate the inherent limitations of port-based or payload-based methods. A series of experiments show that, combined with a fast correlation-based feature selection filter, better performance and more accurate identification results can be obtained using the neural network method. Due to all the favorable features and satisfactory performance, the proposed methods are promising for internet traffic classification.

R.J. Kuo,Cian-Ying Wu,Timothy Kuo

DOI: https://doi.org/10.1016/j.cie.2024.110066

IF: 7.18

2024-03-20

Computers & Industrial Engineering

Abstract:Due to challenges posed by mixed data clustering, this study aims to introduce an innovative clustering-based classification algorithm that possesses the advantages of both classification and clustering techniques for mixed data analysis. The proposed algorithm employs the K -prototypes algorithm with a genetic algorithm to optimize weights and centroids and utilizes the bagging method to build multiple classifiers, thereby enhancing classification performance. Furthermore, it incorporates four mutation mechanisms, including Gaussian, Cauchy, Levy, and single-point mutations, to explore optimal solutions. This study suggests using a 20% sampling ratio for the bootstrap sampling in the proposed algorithm. This ratio has been proven to be sufficient for achieving good classification performance while reducing computational time. Experimental results indicate that the proposed algorithm outperforms benchmark classifiers, demonstrating superior classification performance across five performance indicators. In addition, the loan eligibility case study offers valuable insights into applying the proposed algorithm in real-world scenarios, demonstrating that the proposed algorithm can achieve superior classification performance compared to other algorithms. It also offers managerial implications to help different industries and fields understand the appropriate timing and scenarios for implementing the algorithm.

computer science, interdisciplinary applications,engineering, industrial

Yuan Yuan,Yuangang Li

DOI: https://doi.org/10.1155/2022/5985426

IF: 1.43

2022-10-02

Mathematical Problems in Engineering

Abstract:Data anomaly detection plays a vital role in protecting network security and developing network technology. Aiming at the detection problems of large data volume, complex information, and difficult identification, this paper constructs a modified hybrid anomaly detection (MHAD) method based on the K-means clustering algorithm, particle swarm optimization, and genetic algorithm. First, by designing coding rules and fitness functions, the multiattribute data is effectively clustered, and the inheritance of good attributes is guaranteed. Second, by applying selection, crossover, and mutation operators to particle position and velocity updates, local optima problems are avoided and population diversity is ensured. Finally, the Fisher score expression for data attribute extraction is constructed, which reduces the required sample size and improves the detection efficiency. The experimental results show that the MHAD method has better performance than the K-means clustering algorithm, the support vector machine, decision trees, and other methods in the four indicators of recall, precision, prediction accuracy, and F-measure. The main advantages of the proposed method are that it achieves a balance between global and local search and ensures a high detection rate and a low false positive rate.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Yx Qi,B Xu,J Li

DOI: https://doi.org/10.1109/ICAS-ICNS.2005.74

2005-01-01

Abstract:Packet classification is crucial to implementation of several advanced services require the capability to distinguish traffic in flows, such as firewalls, intrusion detection systems, and many QoS implementations. Although hardware solutions, such as TCAMs, provide high search speed, they do not scale to large rulesets. Instead, some of the most promising algorithmic research embraces the practice of leveraging the data redundancy in real-life rulesets to improve high performance packet classification. In this paper, we provide a general framework for discerning relationships distinctions of the design-space of existing packet classification algorithms. Several best-known algorithms, such as RFC and HiCuts/HyperCuts, are carefully analyzed based on this framework, and an improved scheme for each algorithm is proposed. All algorithms studied in this paper, along with their variations, are objectively assessed using both real-life and synthetic rulesets. The source codes of these algorithms are made publicly available on web-site.

Yipeng Wang,Xiaochun Yun,Yongzheng Zhang,Liwei Chen,Tianning Zang

DOI: https://doi.org/10.1016/j.comnet.2017.09.006

IF: 5.493

2017-01-01

Computer Networks

Abstract:Protocol traffic analysis is a fundamental problem regarding a variety of networking and security applications, such as intrusion detection and prevention systems, network management systems, and protocol specification parsers. In this paper, we propose ProHacker, a nonparametric approach that extracts robust and accurate protocol keywords from the byte sequences generated by an application protocol, and effectively identifies the protocol trace from mixed Internet traffic. ProHacker is based on the key insight that the n-grams of protocol traces have highly predictable statistical nature that can be effectively captured by statistical language models and be leveraged for robust and accurate protocol identification. In ProHacker, we first extract protocol keywords using a nonparametric Bayesian statistical model, and then use the corresponding protocol keywords to classify protocol traces by a semi-supervised learning algorithm. We implement and evaluate ProHacker on real-world traces, and our experimental results show that ProHacker can accurately identify the protocol trace with an average precision of about 99.4% and an average recall of about 99.28%. We compare the results of ProHacker to one state-of-the-art approach, ProWord, and one our previous work, Securitas, using backbone traffic. We note that ProHacker provides significant improvements on precision and recall for online protocol identification.

Peiqi Liu,Zengzhi Li

DOI: https://doi.org/10.1109/itcs.2009.167

2009-01-01

Abstract:The iterative optimization algorithm is a traditional classification method of the pattern recognition. In the iterative optimization algorithm, the primary center of classes is selected by random method. This choice method causes the iterative time increase greatly in the optimization at anaphase. It also has some serious defects which are the selected samples blindly, the presented a local extremum and the omitted clustering tendency of samples. By the researching and analyzing the iterative optimization algorithm, the newly algorithm, clustering optimization algorithm based on neighborhood of samples distribution, is designed according to the conception of the clustering tendency and neighborhood of patterns in this paper. The time complexity of the newly algorithm is O(n) and n is a number of samples in sets. This algorithm is applied in the faults analysis in network management based on SNMP protocol. The analysis results were consistent with faults type and this algorithm provides a feasible method for faults analysis.

Shun Yang,Xian'ai Long,Hao Peng,Haibo Gao

DOI: https://doi.org/10.1155/2022/4327414

IF: 2.336

2022-01-01

Journal of Sensors

Abstract:Wireless sensor network technology is widely used in various modern scenarios, and various industries have higher and higher requirements for the performance indicators of wireless sensor networks. A reasonable and effective layout of wireless sensor networks is conducive to the monitoring of environmental quality, various transactions, and status and transmits a large number of sensing data to the data aggregation center for processing and analysis. However, the operation and development of traditional wireless sensor networks are extremely dependent on the energy supply of the network. When the corresponding supply energy is limited, the operation life of the corresponding wireless sensor network will be greatly reduced. Based on the above situation, this paper proposes a nonuniform clustering routing protocol optimization algorithm from the energy loss of cluster head and clustering form algorithm in wireless sensor networks. At the level of cluster head calculation in wireless sensor networks, firstly, based on the adaptive estimation clustering algorithm, the core density is used as the estimation element to calculate the cluster head radius of wireless sensor networks. At the same time, this paper creatively proposes a fuzzy logic algorithm to further solve the uncertainty of cluster head selection, integrate the residual energy of cluster head nodes, and finally complete the reasonable distribution of cluster heads and realize the balance of node energy consumption. In order to further reduce the algorithm overhead of transmission between cluster heads and realize energy optimization, an intercluster routing optimization algorithm based on the ant colony algorithm is proposed. The pheromone is updated and disturbed by introducing chaotic mapping to ensure the optimal solution of the algorithm, and the optimal path is selected from the perspective of energy dispersion coefficient and distance coefficient, so as to optimize the energy consumption between cluster heads. The experimental results show that compared with the traditional algorithm, the proposed nonuniform clustering routing protocol optimization algorithm prolongs the corresponding life cycle by 75% and reduces the total network energy consumption by about 20%. Therefore, the algorithm achieves the purpose of optimizing network energy consumption and prolonging network life to a certain extent and has certain practical value.