NetTiSA: : Extended IP flow with time-series features for universal bandwidth-constrained high-speed network traffic classification
References
[1]
Heidari A., Navimipour N.J., Unal M., Applications of ML/DL in the management of smart cities and societies based on new trends in information technologies: A systematic literature review, Sustainable Cities Soc. 85 (2022),.
[2]
Plageras A.P., Psannis K.E., Stergiou C., Wang H., Gupta B., Efficient IoT-based sensor BIG Data collection–processing and analysis in smart buildings, Future Gener. Comput. Syst. 82 (2018) 349–357,.
[3]
Pan X., Yamaguchi S., Machine learning white-hat worm launcher for tactical response by zoning in botnet defense system, Sensors 22 (13) (2022) 4666,.
[4]
Rescorla E., The Transport Layer Security (TLS) Protocol Version 1.3, 2018,. Request for Comments 8446, RFC Editor, URL https://www.rfc-editor.org/info/rfc8446.
[5]
Hoffman P.E., McManus P., DNS queries over HTTPS (DoH), 2018,. Request for Comments 8484 RFC Editor URL https://www.rfc-editor.org/info/rfc8484.
[6]
Rescorla E., et al., TLS Encrypted Client Hello, Internet Engineering Task Force, 2023.
[7]
Paraskevi D., Fajfer J., Müller N., Papadogiannaki E., Rekleitis E., Střasák F., Encrypted Traffic Analysis, Use Cases & Security Challenges, European Union Angency for Cybersecurity, 2020, URL https://www.enisa.europa.eu/publications/encrypted-traffic-analysis.
[8]
Aqil A., Khalil K., Atya A.O., Papalexakis E.E., Krishnamurthy S.V., Jaeger T., Ramakrishnan K.K., Yu P., Swami A., Jaal: Towards network intrusion detection at ISP scale, in: Proceedings of the 13th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT ’17, Association for Computing Machinery, New York, NY, USA, 2017, pp. 134–146,.
[9]
Claise B., Trammell B., Aitken P., Specification of the IP flow information export (IPFIX) protocol for the exchange of flow information, 2013, pp. 1–76,. RFC 7011.
[10]
Claise B., Cisco systems NetFlow services export version 9, 2004, pp. 1–33,. RFC 3954.
[11]
Hofstede R., Čeleda P., Trammell B., Drago I., Sadre R., Sperotto A., Pras A., Flow monitoring explained: From packet capture to data analysis with NetFlow and IPFIX, IEEE Commun. Surv. Tutor. 16 (4) (2014) 2037–2064,.
[12]
Sperotto A., Schaffrath G., Sadre R., Morariu C., Pras A., Stiller B., An overview of IP flow-based intrusion detection, IEEE Commun. Surv. Tutor. 12 (3) (2010) 343–356,.
[13]
Jerabek K., Hynek K., Rysavy O., Burgetova I., DNS over HTTPS detection using standard flow telemetry, IEEE Access 11 (2023) 50000–50012,.
[14]
Zebin T., et al., An explainable AI-based intrusion detection system for DNS over HTTPS (DoH) attacks, IEEE Trans. Inf. Forensics Secur. 17 (2022) 2339–2349,.
[15]
Mahdavifar S., et al., Classifying malicious domains using DNS traffic analysis, in: DASC/PiCom/CBDCom/CyberSciTech 2021, IEEE, 2021, pp. 60–67,.
[16]
Luxemburk J., Cejka T., Fine-grained TLS services classification with reject option, Comput. Netw. 220 (2023),.
[17]
Shaikh S., Rupa C., Srivastava G., Reddy Gadekallu T., Botnet attack intrusion detection in IoT enabled automated guided vehicles, in: 2022 IEEE International Conference on Big Data, Big Data, IEEE, 2022,.
[18]
Madwanna Y., Annappa B., Sneha H., et al., YARS-IDS: A novel IDS for multi-class classification, in: 2023 IEEE 8th International Conference for Convergence in Technology, I2CT, IEEE, 2023, pp. 1–6.
[19]
Heidari A., Navimipour N.J., Jamali M.A.J., Akbarpour S., A hybrid approach for latency and battery lifetime optimization in IoT devices through offloading and CNN learning, Sustain. Comput. Inform. Syst. 39 (2023),.
[20]
Heidari A., Navimipour N.J., Jamali M.A.J., Akbarpour S., A green, secure, and deep intelligent method for dynamic IoT-edge-cloud offloading scenarios, Sustain. Comput. Inform. Syst. 38 (2023),.
[21]
Heidari A., Jamali M.A.J., Navimipour N.J., Akbarpour S., A QoS-aware technique for computation offloading in IoT-edge platforms using a convolutional neural network and Markov decision process, IT Prof. 25 (1) (2023) 24–39,.
[22]
Luxemburk J., Hynek K., Čejka T., Encrypted traffic classification: the QUIC case, in: 2023 7th Network Traffic Measurement and Analysis Conference, TMA, IEEE, 2023, pp. 1–10.
[23]
Tropková Z., et al., Novel HTTPS classifier driven by packet bursts, flows, and machine learning, in: CNSM 2021, IEEE, 2021, pp. 345–349,.
[24]
Plný R., et al., DeCrypto: Finding cryptocurrency miners on ISP networks, in: NordSec 2022, Vol. 13700, Springer, 2022, pp. 139–158,.
[25]
Velasco-Mata J., González-Castro V., Fernández E.F., Alegre E., Efficient detection of botnet traffic by features selection and decision trees, IEEE Access 9 (2021) 120567–120579.
[26]
Koumar J., Hynek K., Čejka T., Network traffic classification based on single flow time series analysis, in: 2023 19th International Conference on Network and Service Management, CNSM, 2023, pp. 1–7,.
[27]
Koumar J., Čejka T., Unevenly spaced time series from network traffic, in: 2023 7th Network Traffic Measurement and Analysis Conference, TMA, IEEE, 2023, pp. 1–4.
[28]
Koumar J., Hynek K., Pešek J., Čejka T., Network Traffic Datasets with Novel Extended IP Flow Called Nettisa Flow, Zenodo, 2023,.
[29]
Velan P., Čermák M., Čeleda P., Drašar M., A survey of methods for encrypted traffic classification and analysis, Int. J. Netw. Manage. 25 (5) (2015) 355–374.
[30]
Hu Z., Zhu L., Heidemann J., Mankin A., Wessels D., Hoffman P.E., Specification for DNS over Transport Layer Security (TLS), 2016,. Request for Comments 7858, RFC Editor, URL https://www.rfc-editor.org/info/rfc7858.
[31]
García S., Hynek K., Vekshin D., Čejka T., Wasicek A., Large scale measurement on the adoption of encrypted DNS, 2021, arXiv preprint arXiv:2107.04436.
[32]
Tsiatsikas Z., Karopoulos G., Kambourakis G., Measuring the adoption of TLS encrypted client hello extension and its forebear in the wild, in: European Symposium on Research in Computer Security, Springer, 2022, pp. 177–190.
[33]
Shamsimukhametov D., Kurapov A., Liubogoshchev M., Khorov E., Is encrypted ClientHello a challenge for traffic classification?, IEEE Access 10 (2022) 77883–77897.
[34]
Aceto G., et al., DISTILLER: encrypted traffic classification via multimodal multitask deep learning, J. Netw. Comput. Appl. 183–184 (2021),.
[35]
Lopez-Martin M., et al., Network traffic classifier with convolutional and recurrent neural networks for internet of things, IEEE Access 5 (2017) 18042–18050.
[36]
Vekshin D., Hynek K., Cejka T., Doh insight: Detecting DNS over HTTPS by machine learning, in: Volkamer M., Wressnegger C. (Eds.), ARES 2020: The 15th International Conference on Availability, Reliability and Security, Virtual Event, Ireland, August 25-28, 2020, ACM, 2020, pp. 87:1–87:8,.
[37]
Hynek K., Beneš T., Čejka T., Kubátová H., Refined detection of SSH brute-force attackers using machine learning, in: ICT Systems Security and Privacy Protection: 35th IFIP TC 11 International Conference, SEC 2020, Maribor, Slovenia, September 21–23, 2020, Proceedings 35, Springer, 2020, pp. 49–63.
[38]
Amiri Z., Heidari A., Navimipour N.J., Unal M., Mousavi A., Adventures in data analysis: a systematic review ofdeep learning techniques for pattern recognition in cyber-physical-social systems, Multimedia Tools Appl. (2023),.
[39]
Chen Z., He K., Li J., Geng Y., Seq2img: A sequence-to-image based approach towards ip traffic classification using convolutional neural networks, in: 2017 IEEE International Conference on Big Data, Big Data, IEEE, 2017, pp. 1271–1276.
[40]
Shapira T., et al., Flowpic: Encrypted internet traffic classification is as easy as image recognition, in: IEEE INFOCOM 2019, IEEE, 2019.
[41]
Hofstede R., Jonker M., Sperotto A., Pras A., Flow-based web application brute-force attack and compromise detection, J. Netw. Syst. Manage. (2017),.
[42]
Wang W., Zhu M., Wang J., Zeng X., Yang Z., End-to-end encrypted traffic classification with one-dimensional convolution neural networks, in: 2017 IEEE International Conference on Intelligence and Security Informatics, ISI, IEEE, 2017, pp. 43–48.
[43]
I. Sharafaldin, et al., Toward generating a new intrusion detection dataset and intrusion traffic characterization, in: ICISSp, Vol. 1, 2018, pp. 108–116.
[44]
G. Agrafiotis, et al., Image-based Neural Network Models for Malware Traffic Classification using PCAP to Picture Conversion, in: Proceedings of the 17th International Conference on Availability, Reliability and Security, 2022, pp. 1–7.
[45]
Ding H., et al., Imbalanced data classification: A KNN and generative adversarial networks-based hybrid approach for intrusion detection, Future Gener. Comput. Syst. 131 (2022) 240–254.
[46]
Cvitić I., Peraković D., Periša M., Gupta B., Ensemble machine learning approach for classification of IoT devices in smart home, Int. J. Mach. Learn. Cybern. 12 (11) (2021) 3179–3202,.
[47]
MontazeriShatoori M., et al., Detection of DoH tunnels using time-series classification of encrypted traffic, in: DASC/PiCom/CBDCom/CyberSciTech 2020, IEEE, 2020, pp. 63–70,.
[48]
Moore A., Zuev D., Michael C., Discriminators for Use in Flow-Based Classification, Queen Mary and Westfield College, Department of Computer Science, 2005, URL https://www.cl.cam.ac.uk/~awm22/publications/moore2005discriminators.pdf.
[49]
Nasr M., Houmansadr A., Mazumdar A., Compressive traffic analysis: A new paradigm for scalable traffic analysis, in: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS ’17, Association for Computing Machinery, New York, NY, USA, 2017, pp. 2053–2069,.
[50]
Yeom S., Choi C., Kim K., AutoEncoder Based Feature Extraction for Multi-Malicious Traffic Classification, in: SMA 2020, Association for Computing Machinery, New York, NY, USA, 2021, pp. 285–287,.
[51]
Yan R., Liu R., Principal component analysis based network traffic classification, J. Comput. 9 (5) (2014) 1234–1240,.
[52]
Uhříček D., Hynek K., Čejka T., Kolář D., BOTA: Explainable IoT malware detection in large networks, IEEE Internet Things J. 10 (10) (2023) 8416–8431,.
[53]
García S., et al., An empirical comparison of botnet detection methods, Comput. Secur. 45 (2014) 100–123,.
[54]
Stergiopoulos G., et al., Automatic detection of various malicious traffic using side channel features on TCP packets, in: ESORICS 2018, Vol. 11098, Springer, 2018, pp. 346–362,.
[55]
Luxemburk J., Hynek K., Cejka T., HTTPS Brute-Force Dataset with Extended Network Flows, Zenodo, 2020,.
[56]
Luxemburk J., et al., Detection of HTTPS brute-force attacks with packet-level feature set, in: CCWC 2021, 2021, pp. 0114–0122,.
[57]
Plný R., et al., Datasets of Cryptomining Communication, Zenodo, 2022,.
[58]
Kumaar M., et al., A hybrid framework for intrusion detection in healthcare systems using deep learning, Front. Public Health 9 (2021).
[59]
MontazeriShatoori M., et al., Detection of doh tunnels using time-series classification of encrypted traffic, in: DASC/PiCom/CBDCom/CyberSciTech 2020, IEEE, 2020, pp. 63–70.
[60]
Behnke M., Briner N., Cullen D., Schwerdtfeger K., Warren J., Basnet R., Doleck T., Feature engineering and machine learning model comparison for malicious activity detection in the dns-over-https protocol, IEEE Access 9 (2021) 129902–129916.
[61]
Jeřábek K., et al., Collection of datasets with DNS over HTTPS traffic, Data Brief 42 (2022),.
[62]
Koroniotis N., et al., Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset, Future Gener. Comput. Syst. 100 (2019) 779–796,.
[63]
Shafiq M., et al., Selection of effective machine learning algorithm and bot-IoT attacks traffic identification for internet of things in smart city, Future Gener. Comput. Syst. 107 (2020) 433–442,.
[64]
Garcia S., et al., IoT-23: A Labeled Dataset with Malicious and Benign IoT Network Traffic, Zenodo, 2020,. More details here https://www.stratosphereips.org/datasets-iot23.
[65]
Sahu A.K., et al., Internet of Things attack detection using hybrid deep learning model, Comput. Commun. 176 (2021) 146–154.
[66]
Ferrag M.A., et al., Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications: Centralized and Federated Learning, IEEE Dataport, 2022,.
[67]
Khacha A., Saadouni R., Harbi Y., Aliouat Z., Hybrid deep learning-based intrusion detection system for industrial internet of things, in: 2022 5th International Symposium on Informatics and Its Applications, ISIA, IEEE, 2022, pp. 1–6.
[68]
Moustafa N., A new distributed architecture for evaluating AI-based security systems at the edge: Network TON_IoT datasets, Sustainable Cities Soc. 72 (2021).
[69]
Dai J., Xu X., Xiao F., GLADS: A global-local attention data selection model for multimodal multitask encrypted traffic classification of IoT, Comput. Netw. 225 (2023).
[70]
Moustafa N., Slay J., UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set), in: 2015 Military Communications and Information Systems Conference, MilCIS, IEEE, 2015, pp. 1–6.
[71]
Nawir M., Amir A., Lynn O.B., Yaakob N., Badlishah Ahmad R., Performances of machine learning algorithms for binary classification of network anomaly detection system, J. Phys. Conf. Ser. 1018 (2018).
[72]
Lashkari A.H., et al., Characterization of tor traffic using time based features, in: ICISSP 2017, SciTePress, 2017, pp. 253–262,.
[73]
G. Draper-Gil, et al., Characterization of Encrypted and VPN Traffic Using Time-Related, in: Proceedings of the 2nd International Conference on Information Systems Security and Privacy, ICISSP, 2016, pp. 407–414.
[74]
Jorgensen S., et al., Extensible machine learning for encrypted network traffic application labeling via uncertainty quantification, 2022,. CoRR abs/2205.05628, arXiv:2205.05628.
[75]
Marín G., et al., Deep in the dark - deep learning-based malware traffic detection without expert knowledge, in: SPW 2019, 2019, pp. 36–42,.
[76]
Tareq I., Elbagoury B.M., El-Regaily S., El-Horbaty E.-S.M., Analysis of ToN-IoT, UNW-NB15, and edge-IIoT datasets using DL in cybersecurity for IoT, Appl. Sci. 12 (19) (2022) 9572.
[77]
Kunang Y.N., Nurmaini S., Stiawan D., Suprapto B.Y., Attack classification of an intrusion detection system using deep learning and hyperparameter optimization, J. Inf. Secur. Appl. 58 (2021).
[78]
Dener M., Al S., Ok G., RFSE-GRU: Data balanced classification model for mobile encrypted traffic in big data environment, IEEE Access 11 (2023) 21831–21847.
[79]
Brownlee N., Claffy K.C., Understanding internet traffic streams: Dragonflies and tortoises, IEEE Commun. Mag. 40 (10) (2002) 110–117.
[80]
Luxemburk J., et al., CESNET-QUIC22: a large one-month QUIC network traffic dataset from backbone lines, Data Brief (2023).
[81]
Hamilton J.D., Time Series Analysis, Princeton University Press, 2020.
[82]
Moayedi H.Z., Masnadi-Shirazi M., Arima model for network traffic prediction and anomaly detection, in: 2008 International Symposium on Information Technology, Vol. 4, IEEE, 2008, pp. 1–6.
[83]
Cook A.A., Mısırlı G., Fan Z., Anomaly detection for IoT time-series data: A survey, IEEE Internet Things J. 7 (7) (2019) 6481–6494.
[84]
Ghojogh B., Crowley M., The theory behind overfitting, cross validation, regularization, bagging, and boosting: tutorial, 2019, arXiv preprint arXiv:1905.12787.
[85]
Bergstra J., Yamins D., Cox D., Making a science of model search: Hyperparameter optimization in hundreds of dimensions for vision architectures, in: International Conference on Machine Learning, PMLR, 2013, pp. 115–123.
[86]
Linux Foundation J., Data plane development kit (DPDK), 2015, URL http://www.dpdk.org.
[87]
Ferrag M.A., et al., Edge-IIoTset: A new comprehensive realistic cyber security dataset of IoT and IIoT applications for centralized and federated learning, IEEE Access 10 (2022) 40281–40306,.
Recommendations
Sync-TCP: A new approach to high speed congestion control
ICNP '09: Proceedings of the 2009 17th IEEE International Conference on Network Protocols. ICNP 2009As bandwidth in the Internet continues to grow, there will be more and more long fat network pipes with abundant residual bandwidth. At the same time, there is also a gradual and steady increase in the deployment of Internet endpoints equipped with ...
A test lab for the performance analysis of TCP over ethernet LAN on windows operating system
A test laboratory for the performance analysis of the Transmission Control Protocol (TCP) and the teaching of its basic concepts is proposed. The laboratory environment is a small Ethernet local area network (LAN) with PCs running different versions of ...
ITP: an image transport protocol for the internet
Images account for a significant and growing fraction of Web downloads. The traditional approach to transporting images uses TCP, which provides a generic reliable in-order bytestream abstraction, but which is overly restrictive for image data. We ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
The Author(s).
Publisher
Elsevier North-Holland, Inc.
United States
Publication History
Published: 16 May 2024
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 04 Oct 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in