Network traffic classification (NTC) is a technique that allows IT operators to identify the type of data flowing in the network and mapping them to applications generating them. This knowledge is important for many reasons including network security monitoring, characterization of the network applications behavior, anomaly detection, performing traffic engineering or Quality of Service enforcement. Classification of network traffic can be achieved using traditional port-based approaches, Deep Packet inspection (DPI) or Machine Learning techniques. The latter has proven to be a faster and more precise method, as well as more immune to obfuscation or encryption techniques. The main objective of this paper is to explore various Machine Learning techniques in order to identify a neural network architecture that best classifies the data flowing in today's networks. The aim is to develop classifiers able to characterize traffic at a granular level (at least, at the application level) with better efficiency and scalability with respect to alternative methods such as DPI or port-based classification.
Network Traffic Classification using Machine Learning
A De Vita
2021
Abstract
Network traffic classification (NTC) is a technique that allows IT operators to identify the type of data flowing in the network and mapping them to applications generating them. This knowledge is important for many reasons including network security monitoring, characterization of the network applications behavior, anomaly detection, performing traffic engineering or Quality of Service enforcement. Classification of network traffic can be achieved using traditional port-based approaches, Deep Packet inspection (DPI) or Machine Learning techniques. The latter has proven to be a faster and more precise method, as well as more immune to obfuscation or encryption techniques. The main objective of this paper is to explore various Machine Learning techniques in order to identify a neural network architecture that best classifies the data flowing in today's networks. The aim is to develop classifiers able to characterize traffic at a granular level (at least, at the application level) with better efficiency and scalability with respect to alternative methods such as DPI or port-based classification.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
