Muhammad Shafiq,Xiangzhan Yu,Ali Kashif Bashir,Hassan Nazeer Chaudhry,Dawei Wang

DOI: https://doi.org/10.1007/s11227-018-2263-3

IF: 3.3

2018-01-01

The Journal of Supercomputing

Abstract:Class imbalance has become a big problem that leads to inaccurate traffic classification. Accurate traffic classification of traffic flows helps us in security monitoring, IP management, intrusion detection, etc. To address the traffic classification problem, in literature, machine learning (ML) approaches are widely used. Therefore, in this paper, we also proposed an ML-based hybrid feature selection algorithm named WMI_AUC that make use of two metrics: weighted mutual information (WMI) metric and area under ROC curve (AUC). These metrics select effective features from a traffic flow. However, in order to select robust features from the selected features, we proposed robust features selection algorithm. The proposed approach increases the accuracy of ML classifiers and helps in detecting malicious traffic. We evaluate our work using 11 well-known ML classifiers on the different network environment traces datasets. Experimental results showed that our algorithms achieve more than 95% flow accuracy results.

Hongli Zhang,Gang Lu,Mahmoud T. Qassrawi,Yu Zhang,Xiangzhan Yu

DOI: https://doi.org/10.1016/j.comcom.2012.04.012

IF: 5.047

2012-01-01

Computer Communications

Abstract:Machine learning (ML) algorithms have been widely applied in recent traffic classification. However, due to the imbalance in the number of traffic flows, ML based classifiers are prone to misclassify flows as the traffic type that occupies the majority of flows on the Internet. To address the problem, a novel feature selection metric named Weighted Symmetrical Uncertainty (WSU) is proposed. We design a hybrid feature selection algorithm named WSU_AUC, which prefilters most of features with WSU metric and further uses a wrapper method to select features for a specific classifier with Area Under roc Curve (AUC) metric. Additionally, to overcome the impacts of dynamic traffic flows on feature selection, we propose an algorithm named SRSF that Selects the Robust and Stable Features from the results achieved by WSU_AUC. We evaluate our approaches using three classifiers on the traces captured from entirely different networks. Experimental results obtained by our algorithms are promising in terms of true positive rate (TPR) and false positive rate (FPR). Moreover, our algorithms can achieve 94% flow accuracy and 80% byte accuracy on average.

Muhammad Shafiq,Xiangzhan Yu,Asif Ali Laghari,Dawei Wang

DOI: https://doi.org/10.1155/2017/6805056

2017-01-01

Mobile Information Systems

Abstract:Recently, machine learning (ML) algorithms have widely been applied in Internet traffic classification. However, due to the inappropriate features selection, ML-based classifiers are prone to misclassify Internet flows as that traffic occupies majority of traffic flows. To address this problem, a novel feature selection metric named weighted mutual information (WMI) is proposed. We develop a hybrid feature selection algorithm named WMI_ ACC, which filters most of the features with WMI metric. It further uses a wrapper method to select features for ML classifiers with accuracy (ACC) metric. We evaluate our approach using five ML classifiers on the two different network environment traces captured. Furthermore, we also apply Wilcoxon pairwise statistical test on the results of our proposed algorithm to find out the robust features from the selected set of features. Experimental results show that our algorithm gives promising results in terms of classification accuracy, recall, and precision. Our proposed algorithm can achieve 99% flow accuracy results, which is very promising.

Muhammad Shafiq,Xiangzhan Yu,Dawei Wang

DOI: https://doi.org/10.1109/hpcc-smartcity-dss.2017.31

2017-01-01

Abstract:Identification of network traffic accurately at its early stage is very important for network traffic management and application traffic classification. In recent years, this becomes very hot topic to identify traffic at its early stage. Unidirectional and bidirectional statistical features are effective features and widely used in Internet traffic classification. However, it is important to evaluate and select effective features for Instant Messaging (IM) application traffic classification at early stage. In this paper we are interested to find out robust and effective features at early stage. We firstly extract 22 statistical features of the first flow on two different network environment traffic datasets include on HIT and NIMS datasets. Then mutual information is conducted between the extract statistical features to select the effective features. Additionally to select robust features, we execute attribute selection cfsSubsetEval with Best search evaluator that select the robust and stable features from the result achieved by mutual information. And then, we execute 10 well-known machine learning classifiers. Our experimental results show that max_fpktl, std_bpktl, max_biat, mean_fpktl, mean_bpktl and min_biat feature are robust features at early stage traffic classification.

Liu Zhen,Liu Qiong

DOI: https://doi.org/10.1016/j.phpro.2012.05.220

2012-01-01

Abstract:If 248 statistical features are used to characterize network traffic flows, the computation cost of classifier will be overlarge. The feature selection methods referenced here improve the accuracy of majority classes and meanwhile decrease the accuracy in minority classes as the cost. As a result, it brings about the multi-class imbalance problem. In this paper, main contributions include two aspects below. 1) An evaluation criterion based on information theory was proposed to assess how much do one feature bias towards one class. 2) A new feature selection method named BFS was proposed to reduce features and alleviate multi-class imbalance. BFS was compared with fast correlation-based filter (FCBF) and full feature set using Naive Bayes and ten skewed datasets. The results show that 1) BFS is more advantage to maintain the balance of multi-class classification results than FCBF, such as the reduction of g-mean is just about 8% using BFS, 2) classification accuracy of Naive Bayes using BFS can achieve to 90%. (C) 2012 Published by Elsevier B.V. Selection and/or peer review under responsibility of ICMPBE International Committee.

Yanpei Hua

DOI: https://doi.org/10.1109/ictc49638.2020.9123302

2020-05-01

Abstract:Machine Learning (ML) techniques have been widely used in anomaly-based Intrusion Detection System (IDS) in the big data era. Although many advanced approaches are proposed recently, there are still several key limitations that should not be ignored. Firstly, data pre-processing methods have not gained sufficient attention, and they are vital to efficiency of model training especially with massive volume of collected samples. Secondly, in spite that deep learning is able to acquire more hidden interrelations from input data, it usually suffers from high complexity with numerous parameters tuned and much training time consumed. Thirdly, KDD99 data sets and their variants are leveraged by most of the literature for traffic classification, but they are proved to be outdated and inadequate for IDS evaluation. Therefore, to cope with these challenges, in this paper, we firstly propose a data pre-processing approach with under-sampling and embedded feature selection, in order to relieve the imbalance of traffic samples and extract dominant features of incoming flows. Then, we utilize LightGBM to build an traffic classification approach for IDS with better accuracy and efficiency. Finally, we evaluate our proposed approaches based on CIC-IDS2018, the data set issued in 2018 that contains comprehensive real network traffic. Extensive experiments are performed, and related results have confirmed the advantages of our proposed approaches over several other comparisons.

Dai Lei,Yun Xiaochun,Xiao Jun

DOI: https://doi.org/10.1109/WAIM.2008.30

2008-01-01

Abstract:The identification of network applications is of fundamental important to numerous network activities. Unfortunately, traditional port-based classification and packet payload-based analysis exhibit a number of shortfalls. A promising alternative is to use Machine Learning (ML) techniques and identify network applications based on per-flow features. Since a lot of flow features can be used for flow classification, the flow classifier may deal with huge amount of data, which contains irrelevant and redundant features causing slower training and testing process, higher resource consumption as well as poor classification accuracy. Therefore, feature selection plays a vital role in performance optimizing. In this paper, we propose a hybrid feature selection method for flow classification using Chi-Squared and C4.5 algorithm (ChiSquared-C4.5). The experiments demonstrate our approach can greatly improve computational performance without negative impact on classification accuracy.

Hongtao Shi,Hongping Li,Dan Zhang,Chaqiu Cheng,Wei Wu

DOI: https://doi.org/10.1016/j.comnet.2017.03.011

IF: 5.493

2017-01-01

Computer Networks

Abstract:Given the limitations of traditional classification methods based on port number and payload inspection, a large number of studies have focused on developing classification approaches that use Transport Layer Statistics (TLS) features and Machine Learning (ML) techniques. However, classifying Internet traffic data using these approaches is still a difficult task because (1) TLS features are not very robust for traffic classification because they cannot capture the complex non-linear characteristics of Internet traffic, and (2) the existing Feature Selection (FS) techniques cannot reliably provide optimal and stable features for ML algorithms. With the aim of addressing these problems, this paper presents a novel feature extraction and selection approach. First, multifractal features are extracted from traffic flows using a Wavelet Leaders Multifractal Formalism(WLMF) to depict the traffic flows; next, a Principal Component Analysis (PCA)-based FS method is applied on these multifractal features to remove the irrelevant and redundant features. Based on real traffic traces, the experimental results demonstrate significant improvement in accuracy of Support Vector Machines (SVMs) comparing to the TLS features studied in existing ML-based approaches. Furthermore, the proposed approach is suitable for real time traffic classification because of the ability of classifying traffic at the early stage of traffic transmission.

Shuai Liu,Yong Zhang,Lei Jin,Xiaojuan Wang,Mei Song,Da Guo

DOI: https://doi.org/10.1007/978-3-030-15127-0_60

2018-01-01

Abstract:Machine learning becomes an effective method to detect malicious traffic. With the proliferation of network traffic, malicious traffic categories are greatly increased, which puts forward higher requirements for the computation time and detection accuracy of machine learning. A feature selection framework is proposed to balance the computation time and detection accuracy. First, we construct a feature repository of traffic information with high dimensions. In order to reduce the computation time and minimize the loss of accuracy, we investigate the feature selection algorithms. The algorithm based on chi-square test and xgboost algorithm are adopted to evaluate the proposal. The experiments on CTU dataset show that the proposal can reduce the computation time while ensuring the accuracy.

Chao Fei,Nian Xia,Pang-Wei Tsai,Yang Lu,Xiaonan Pan,Junli Gong

DOI: https://doi.org/10.1109/asiajcis64263.2024.00024

2024-01-01

Abstract:Malicious traffic detection is important to defend network attacks. Traditional machine learning-based malicious traffic detection methods aim to improve detection performance and ignore resource consumption. For Internet of Things devices with constrained resources, reducing resource consumption in traffic detection while ensuring the detection accuracy is challenging. In order to solve this problem, this paper proposed an effective feature selection algorithm based on chi-squared test (EFS-CST), which selects the most relevant features to train machine learning (ML) models like random forest, naive bayes, decision tree, and convolutional neural networks. The proposed algorithm was evaluated in terms of accuracy, precision, F1 score, AUROC (area under the receiver operating characteristic curve), AUC-PR (area under the precision-recall curve), model size, training time, and dataset size. Results proved that ML models with EFS-CST could obtain similar detection performance compared to ML models with all features on both UNSW-NBls and TII-SSRC-23 datasets. The detection performance of some ML models with EFS-CST could even outperform that of ML models without feature selection. The dataset sizes for TII-SSRC-23 and UNSW-NB15 were reduced by 48.8% and 47.8%, respectively. In addition, the model training time for TII-SSRC-23 and UNSW-NB15 datasets can be reduced by up to 86.1 % and 48.9%, respectively. Finally, the model sizes for TII-SSRC-23 and UNSW-NB15 datasets could be reduced by up to 60.0% and 65.6 %” respectively.

Qiuhong Wang,Lei Wang,Ji Xiang

DOI: https://doi.org/10.4028/www.scientific.net/AMR.756-759.3506

2013-09-01

Abstract:Traffic classification is a critical technology in the areas of network management and security monitoring. Traditional port-based and payload-based classification are no longer effective due to the fact that many applications utilize unpredictable port numbers and packet encryption. Researchers tend to apply machine learning (ML) techniques to identify the traffic flows by recognizing statistical features. Unfortunately, looking back upon the related work, most of the ML-based classification algorithms have similar performance, and what really matters now is how to optimize these techniques. In this paper, we analyzed two critical issues (Feature Selection, Configuration of Parameters) of ML classification, and presented the corresponding viable methods to optimize the classification model. This paper also reported the experimental evaluation to assess the performance improvements introduced by our optimized methods; experimental results on real-life datasets and network traffic show that the classification model successfully achieves significant accuracy improvement.

Computer Science

Yu Wang,Shun-Zheng Yu

DOI: https://doi.org/10.1109/iita.2008.536

2008-01-01

Abstract:Network traffic classification plays an important role in various network activities. Due to the ineffectiveness of traditional port-based and payload-based methods, recent works proposed using machine learning methods to classify flows based on statistical characteristics. In this study, we evaluate the effectiveness of machine learning techniques on the real-time traffic classification problem. We identify the most suitable ML, classifier for network traffic classification by comparing various ML schemes, including both supervised and unsupervised methods. We also apply feature selection to identify significant features. Finally, we simulate real-time classification by using features derived from the first few packets of each flow. The results show that classifiers based on decision tree outperform others on both accuracy and performance; and that classifiers based on early flow properties can achieve high accuracy while reducing the computational complexity.

MIAO Chang-sheng,YUAN Chang-qing,WANG Xing-wei,CHANG Gui-ran

DOI: https://doi.org/10.3969/j.issn.1005-3026.2014.11.003

2014-01-01

Abstract:Under the memetic framework,a new feature selection method combining filter and wrapper models was proposed.In the hybrid algorithm,classifier accruracy was used as fitness function to ensure global optimization,while joint mutual information was used as evaluation indicator to accelerate the process.The experimental results indicated that the proposed method outperformed the existing methods in computational efficeicecy and number of selected features.Applying this algorithm to traffic classification resulted in the improved accuracy with fewer features.

Muhammad Shafiq,Zhihong Tian,Ali Kashif Bashir,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1016/j.cose.2020.101863

IF: 5.105

2020-01-01

Computers & Security

Abstract:Machine Learning (ML) plays very significant role in the Internet of Things (IoT) cybersecurity for malicious and intrusion traffic identification. In other words, ML algorithms are widely applied for IoT traffic identification in IoT risk management. However, due to inaccurate feature selection, ML techniques misclassify a number of malicious traffic in smart IoT network for secured smart applications. To address the problem, it is very important to select features set that carry enough information for accurate smart IoT anomaly and intrusion traffic identification. In this paper, we firstly applied bijective soft set for effective feature selection to select effective features, and then we proposed a novel CorrACC feature selection metric approach. Afterward, we designed and developed a new feature selection algorithm named Corracc based on CorrACC, which is based on wrapper technique to filter the features and select effective feature for a particular ML classifier by using ACC metric. For the evaluation our proposed approaches, we used four different ML classifiers on the BoT-IoT dataset. Experimental results obtained by our algorithms are promising and can achieve more than 95% accuracy.

Meng Shen,Yiting Liu,Liehuang Zhu,Ke Xu,Xiaojiang Du,Nadra Guizani

DOI: https://doi.org/10.1109/mnet.011.1900366

IF: 10.294

2020-01-01

IEEE Network

Abstract:Traffic classification is a technology for classifying and identifying sensitive information from cluttered traffic. With the increasing use of encryption and other evasion technologies, traditional content- based network traffic classification becomes impossible, and traffic classification is increasingly related to security and privacy. Many studies have been conducted to investigate traffic classification in various scenarios. A major challenge to existing schemes is extending traffic classification technology to a broader space. In other words, most traffic classification work is not universal and can only show great performance on specific datasets. In this article, we present a systematic approach to optimizing feature selection for encrypted traffic classification. We summarize the optional encrypted traffic features and analyze the approaches of feature selection in detail for different datasets. The experimental result demonstrates that our scheme is more accurate and universal than other state-of-the-art approaches. More precisely, our mechanism provides a guideline for future research in the field of traffic classification.

Z. Liu,Q. Liu

DOI: https://doi.org/10.1049/iet-net.2011.0049

2012-01-01

IET Networks

Abstract:In Internet traffic classification, the class imbalance problem is mainly addressed by adjusting the class distribution. In the meanwhile, feature selection is also a key factor evoking this problem. Therefore a new filter feature selection method called balanced feature selection (BFS) is proposed. Every feature is measured both locally and globally and then an optimal feature subset is selected by our search model. A certainty coefficient is presented to measure the correlation between a feature and a certain class locally. The symmetric uncertainty is utilised to measure a feature and all classes globally. Through experiments on two real traffic traces using three classification algorithms, BFS is compared with five existing feature selection methods. Results show that it outperforms others by more than 15.29% g-mean improvement. Classification results are averaged over all datasets and classifiers here, 59.54% g-mean, 86.35% Mauc and 91.42% overall accuracy are achieved, respectively, when it is used.

Shijun Huang,Kai Chen,Chao Liu,Alei Liang,Haibing Guan

DOI: https://doi.org/10.1109/icumt.2009.5345539

2009-01-01

Abstract:This Internet traffic classification using Machine Learning is an emerging research field since 1990's, and now it is widely used in numerous network activities. The classification technique focuses on modeling attributes and features of data flows to accomplish the identification of applications. In the paper we design and implement the classification model based on header-derived flow statistical features. Compared with the traditional methods, the model designed here, which is totally insensitive to port numbers and contents of payload on application level, overcomes difficulty in operation caused by unreliable port numbers and complexity of payload interpretation. Rather than relatively complex ML algorithms or even in mixture, supervised k-Nearest Neighbor estimator is adopted for the sake of computational efficiency, along with the effective and easy-to-calculate statistical features selected according to the operational background. Our results indicate that about 90% accuracy on per-flow classification can be achieved, which is a vast improvement over traditional techniques that achieve 50-70%.

Reehan Ali Shah,Yuntao Qian,Dileep Kumar,Munwar Ali,Muhammad Bux Alvi

DOI: https://doi.org/10.3390/fi9040081

2017-01-01

Future Internet

Abstract:Intrusion detection system (IDS) is a well-known and effective component of network security that provides transactions upon the network systems with security and safety. Most of earlier research has addressed difficulties such as overfitting, feature redundancy, high-dimensional features and a limited number of training samples but feature selection. We approach the problem of feature selection via sparse logistic regression (SPLR). In this paper, we propose a discriminative feature selection and intrusion classification based on SPLR for IDS. The SPLR is a recently developed technique for data analysis and processing via sparse regularized optimization that selects a small subset from the original feature variables to model the data for the purpose of classification. A linear SPLR model aims to select the discriminative features from the repository of datasets and learns the coefficients of the linear classifier. Compared with the feature selection approaches, like filter (ranking) and wrapper methods that separate the feature selection and classification problems, SPLR can combine feature selection and classification into a unified framework. The experiments in this correspondence demonstrate that the proposed method has better performance than most of the well-known techniques used for intrusion detection.

Muhammad Shafiq,Xiangzhan Yu,Asif Ali Laghari,Lu Yao,Abin Kumar Karn,Oudil Abdessamia

DOI: https://doi.org/10.1109/compcomm.2016.7925139

2016-01-01

Abstract:Network Traffic Classification is a central topic nowadays in the field of computer science. It is a very essential task for Internet service providers (ISPs) to know which types of network applications flow in a network. Network Traffic Classification is the first step to analyze and identify different types of applications flowing in a network. Through this technique, internet service providers or network operators can manage the overall performance of a network. There are many methods traditional technique to classify internet traffic like Port Based, Pay Load Based and Machine Learning Based technique. The most common technique used these days is Machine Learning (ML) technique. Which is used by many researchers and got very effective accuracy results. In this paper, we discuss network traffic classification techniques step by step and real time internet data set is develop using network traffic capture tool, after that feature extraction tool is use to extract features from the capture traffic and then four machine learning classifiers Support Vector Machine, C4.5 decision tree, Naïve Bays and Bayes Net classifiers are applied. Experimental analysis shows that C4.5 classifiers gives very good accuracy result as compare to other classifies.