Information technology for classification of encrypted traffic in corporate networks using machine learning

Abstract

Currently, there is growing interest in the tasks of effective management of packet networks, namely: quality of service, ensuring information security, optimization of the use of hardware and software resources of the network. All these tasks are largely based on the analysis and classification of network traffic.

Traffic classification allows you to identify packets of various applications and services and ensure their prioritization during transmission over the network. Today, the task is relevant both from the point of view of network administration and from the point of view of ensuring its security. Given the fact that a large number of applications now have encryption, traffic classification is of particular interest, which makes it possible to indirectly identify anomalies in the network.

All of the above confirms that the identification and classification of traffic of data transmission networks is an important topic of research, as they determine the main steps in creating a traffic management model when solving the problems of correct application of the security policy.

The article considers the problem of network traffic classification using machine learning methods. Various statements of the task are presented, the characteristics used for its solution, existing approaches and areas of their applicability are described. The properties of network traffic are analyzed, due to the characteristics of the transmission environment, as well as the technologies used, which somehow affect the classification process.

Keywords: Network traffic analysis, network security, network traffic classification, machine learning.

References:

1. Manish J., Hassn H.T. A Review of Network Traffic Analysis and Prediction Techniques (2015)
2. Usama M. et al., Unsupervised Machine Learning for Networking: Techniques, Applications and Research Challenges, vol. 7, pp. 655-659, 2019.
3. Singh K., Guntuku S.C., Thakur A., Hota C. Big data analytics framework for peer-to-peer botnet detection using random forests (2014) pp. 488–497
4. Casas P., D’Alconzo A., Zseby T., Mellia M. Big-DAMA: Big Data Analytics for Network Traffic Monitoring and Analysis (2016) pp. 1–3
5. Chitrakar R., Huang C. Anomaly based Intrusion Detection using Hybrid Learning Approach of combining k-MedoidsClustering and Naive Bayes Classification. 8th International Conference in Wireless Communications, Networking and Mobile Computing (WiCOM). 2012, pp. 1–5.
6. Kesavulu Reddy E. Neural Networks for Intrusion Detection and Its Applications. Proceedings of the World Congress on Engineering. 2013. London, pp. 12–15.
7. Risso F., Baldi M., Morandi O., Baldini A., Monclus P. Lightweight, payload-based traffic classification: An experimental evaluation, in Proc. IEEE ICC, 2008,pp. 869-875.
8. Callado A., Kamienski C., Szabo G., Gero B., Kelner J., Fernandes S., Sadok D. A Survey on Internet Traffic Identification, Communications Surveys & Tutorials, Vol. 11, pp. 37-52.
9. Hong J.W., Park SU., Kang YM. Enterprise Network Traffic Monitoring, Analysis, and Reporting Using Web Technology. Journal of Network and Systems Management 9, 89–111 (2001).