Granular classifier: Building traffic granules for encrypted traffic classification based on granular computing

Xuyang Jing , Jingjing Zhao , Zheng Yan , Witold Pedrycz , Xian Li

›› 2024, Vol. 10 ›› Issue (5) : 1428 -1438.

PDF
›› 2024, Vol. 10 ›› Issue (5) :1428 -1438. DOI: 10.1016/j.dcan.2022.12.017
Research article
research-article

Granular classifier: Building traffic granules for encrypted traffic classification based on granular computing

Author information +
History +
PDF

Abstract

Accurate classification of encrypted traffic plays an important role in network management. However, current methods confronts several problems: inability to characterize traffic that exhibits great dispersion, inability to classify traffic with multi-level features, and degradation due to limited training traffic size. To address these problems, this paper proposes a traffic granularity-based cryptographic traffic classification method, called Granular Classifier (GC). In this paper, a novel Cardinality-based Constrained Fuzzy C-Means (CCFCM) clustering algorithm is proposed to address the problem caused by limited training traffic, considering the ratio of cardinality that must be linked between flows to achieve good traffic partitioning. Then, an original representation format of traffic is presented based on granular computing, named Traffic Granules (TG), to accurately describe traffic structure by catching the dispersion of different traffic features. Each granule is a compact set of similar data with a refined boundary by excluding outliers. Based on TG, GC is constructed to perform traffic classification based on multi-level features. The performance of the GC is evaluated based on real-world encrypted network traffic data. Experimental results show that the GC achieves outstanding performance for encrypted traffic classification with limited size of training traffic and keeps accurate classification in dynamic network conditions.

Keywords

Encrypted traffic classification / Semi-supervised clustering / Granular computing / Anomaly detection

Cite this article

Download citation ▾
Xuyang Jing, Jingjing Zhao, Zheng Yan, Witold Pedrycz, Xian Li. Granular classifier: Building traffic granules for encrypted traffic classification based on granular computing. , 2024, 10(5): 1428-1438 DOI:10.1016/j.dcan.2022.12.017

登录浏览全文

4963

注册一个新账户 忘记密码

References

Publishing order | Descend order by publishing year | Descend order by cited within
[1]

J. Zhao, X. Jing, Z. Yan, W. Pedrycz, Network traffic classification for data fusion: a survey, Inf. Fusion 72 (2021) 22-47.
[2]

F. Pacheco, E. Exposito, M. Gineste, C. Baudoin, J. Aguilar, Towards the deployment of machine learning solutions in network traffic classification: a systematic survey, IEEE.Commun. Surv. Tutorials 21 (2) (2018) 1988-2014.
[3]

A. Callado, C. Kamienski, G. Szabo, B.P. Gero, J. Kelner, S. Fernandes, D. Sadok, A survey on internet traffic identification, IEEE.Commun. Surv. Tutorials 11 (3)(2009) 37-52.
[4]

S. Wassermann, M. Seufert, P. Casas, L. Gang, K. Li, Vicrypt to the rescue: real-time, machine-learning-driven video-QoE monitoring for encrypted streaming traffic, IEEE.Trans. Netw. Serv. Manag 17 (4) (2020) 2007-2023.
[5]

B. Xu, G. He, H. Zhu, Me-box: a reliable method to detect malicious encrypted traffic, J. Inf. Secur. Appl. 59 (2021) 102823.
[6]

N. Garcia, T. Alcaniz, A. Gonzalez-Vidal, J.B. Bernabe, D. Rivera, A. Skarmeta, Distributed real-time slowdos attacks detection over encrypted traffic using artificial intelligence, J. Netw. Comput. Appl. 173 (2021) 102871.
[7]

S. Wassermann, M. Seufert, P. Casas, L. Gang, K. Li, I see what you see: real time prediction of video quality from encrypted streaming traffic,in: Proceedings of the 4th Internet-QoE Workshop on QoE-Based Analysis and Management of Data Communication Networks, 2019, pp. 1-6.
[8]

A. Dainotti, A. Pescape, K.C. Claffy, Issues and future directions in traffic classification, IEEE network 26 (1) (2012) 35-40.
[9]

S. Gurubaran,Cisco eta-provides solution for detecting malware in encrypted traffic, http://gbhackers.com/cisco-eta-encrypted-traffic/.

[10]

S. Rezaei, X. Liu, Deep learning for encrypted traffic classification: an overview, IEEE Commun. Mag. 57 (5) (2019) 76-81.
[11]

X. Jing, Z. Yan, W. Pedrycz, Security data collection and data analytics in the internet: a survey, IEEE.Commun. Surv. Tutorials 21 (1) (2018) 586-618.
[12]

V.F. Taylor, R. Spolaor, M. Conti, I. Martinovic, Appscanner, Automatic fingerprinting of smartphone apps from encrypted network traffic, in: Proceedings of 2016 IEEE European Symposium on Security and Privacy, S&P), 2016, pp. 439-454.
[13]

G. Lu, R. Guo, Y. Zhou, J. Du, An accurate and extensible machine learning classifier for flow-level traffic classification, China Communications 15 (6) (2018) 125-138.
[14]

C. Hou, J. Shi, C. Kang, Z. Cao, X. Gang, Classifying user activities in the encrypted wechat traffic, in: Proceedings of 2018 IEEE 37th International Performance Computing and Communications Conference, IPCCC), 2018, pp. 1-8.
[15]

C. Rong, G. Gou, M. Cui, G. Xiong, Z. Li, L. Guo, MalFinder, An ensemble learning-based framework for malicious traffic detection, in: Proceedings of 2020 IEEE Symposium on Computers and Communications, ISCC), 2020, p. 7, 7.
[16]

A. Dvir, A.K. Marnerides, R. Dubin, N. Golan, C. Hajaj, Encrypted video traffic clustering demystified, Comput. Secur. 96 (2020) 101917.
[17]

R. Zheng, J. Liu, W. Niu, L. Liu, K. Li, S. Liao, Preprocessing Method for Encrypted Traffic Based on Semi-supervised Clustering, Security and Communication Networks, 2020.
[18]

J. Liu, Z. Tian, R. Zheng, L. Liu, A distance-based method for building an encrypted malware traffic identification framework, IEEE Access 7 (2019) 100014-100028.
[19]

Y. Wang, Y. Xiang, J. Zhang, W. Zhou, G. Wei, L.T. Yang, Internet traffic classification using constrained clustering, IEEE Trans. Parallel Distr. Syst. 25 (11)(2013) 2932-2943.
[20]

K. Lin, X. Xu, H. Gao, TSCRNN, A novel classification scheme of encrypted traffic based on flow spatiotemporal features for efficient management of IIoT, Comput. Network. 190 (2021) 107974.
[21]

M. Shen, J. Zhang, L. Zhu, K. Xu, X. Du, Accurate decentralized application identification via encrypted traffic analysis using graph neural networks, IEEE Trans. Inf. Forensics Secur. 16 (2021) 2367-2380.
[22]

M. Lotfollahi, M.J. Siavoshani, R.S.H. Zade, M. Saberian, Deep packet: a novel approach for encrypted traffic classification using deep learning, Soft Comput. 24 (3) (2020) 1999-2012.
[23]

X. Wang, S. Chen, J. Su, App-Net: a hybrid neural network for encrypted mobile traffic classification,in:Proceedings of 2020 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS), 2020, pp. 424-429.
[24]

G. Aceto, D. Ciuonzo, A. Montieri, A. Pescape, Mobile encrypted traffic classification using deep learning: experimental evaluation, lessons learned, and challenges, IEEE.Trans. Netw. Serv. Manag 16 (2) (2019) 445-458.
[25]

W. Pedrycz, Granular computing for data analytics: a manifesto of human-centric computing, IEEE/CAA Journal of Automatica Sinica 5 (6) (2018) 1025-1034.
[26]

W. Pedrycz, A. Bargiela, An optimization of allocation of information granularity in the interpretation of data structures: toward granular fuzzy clustering, IEEE Trans. Syst. Man Cybern. 42 (3) (2011) 582-590.
[27]

M.E. Ahmed, S. Ullah, H. Kim, Statistical application fingerprinting for DDoS attack mitigation, IEEE Trans. Inf. Forensics Secur. 14 (6) (2018) 1471-1484.
[28]

A.S. Khatouni, N.Z. Heywood, How much training data is enough to move a ML-based classifier to a different network? Procedia Comput. Sci. 155 (2019) 378-385.
[29]

J. Zhang, Y. Xiang, Y. Wang, W. Zhou, Y. Xiang, Y. Guan, Network traffic classification using correlation information, IEEE Trans. Parallel Distr. Syst. 24 (1)(2012) 104-117.
[30]

J. Zhang, X. Chen, Y. Xiang, W. Zhou, J. Wu, Robust network traffic classification, IEEE/ACM Trans. Netw. 23 (4) (2014) 1257-1270.
[31]

R. Alshammari, A.N. Zincir-Heywood, Identification of VoIP encrypted traffic using a machine learning approach, J. King Saud Univ. Comput. Inf.Sci. 27 (1) (2015) 77-92.
[32]

E. Mahdavi, A. Fanian, H. Hassannejad, Encrypted traffic classification using statistical features, ISeCure 10 (1) (2018) 29-43.
[33]

G. Draper-Gil, A.H. Lashkari, M.S.I. Mamun, A.A. Ghorbani, Characterization of encrypted and vpn traffic using time-related, in: Proceedings of the 2nd International Conference on Information Systems Security and Privacy, ICISSP), 2016, pp. 407-414.
[34]

R. Dubin, A. Dvir, O. Pele, O. Hadar, I know what you saw last minute—encrypted http adaptive video streaming title classification, IEEE Trans. Inf. Forensics Secur. 12 (12) (2017) 3039-3049.
[35]

G. Sun, L. Liang, T. Chen, F. Xiao, F. Lang, Network traffic classification based on transfer learning, Comput. Electr. Eng. 69 (2018) 920-927.
[36]

H. Shi, H. Li, D. Zhang, C. Cheng, X. Cao, An efficient feature generation approach based on deep learning and feature selection techniques for traffic classification, Comput. Network. 132 (2018) 81-98.
[37]

Y. Yang, C. Kang, G. Gou, Z. Li, G. Xiong, TLS/SSL encrypted traffic classification with autoencoder and convolutional neural network, in: Proceedings of 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City, IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), 2018, pp. 362-369.
[38]

B. Anderson, D. McGrew,Identifying encrypted malware traffic with contextual flow data, in:Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, 2016, pp. 35-46.
[39]

A. Sivanathan, H.H. Gharakheili, F. Loi, A. Radford, C. Wijenayake, A. Vishwanath, V. Sivaraman, Classifying IoT devices in smart environments using network traffic characteristics, IEEE Trans. Mobile Comput. 18 (8) (2018) 1745-1759.
[40]

T. van Ede, R. Bortolameotti, A. Continella, J. Ren, D.J. Dubois, M. Lindorfer, D. Choffnes, M. van Steen, A. Peter, FlowPrint: semi-supervised mobile-app fingerprinting on encrypted network traffic,in: Proceedings of Network and Distributed System Security Symposium (NDSS), vol. 27, 2020.
[41]

D. Barradas, N. Santos, L. Rodrigues, S. Signorello, F.M. Ramos, A. Madeira, FlowLens: enabling efficient flow classification for ML-based network security applications,in: Proceedings of Network and Distributed System Security Symposium (NDSS), vol. 27, 2021.
[42]

M. Shen, Y. Liu, L. Zhu, X. Du, J. Hu, Fine-grained webpage fingerprinting using only packet length information of encrypted traffic, IEEE Trans. Inf. Forensics Secur. 16 (2020) 2046-2059.
[43]

W. Chen, F. Lyu, F. Wu, P. Yang, G. Xue, M. Li, Sequential message characterization for early classification of encrypted internet traffic, IEEE Trans. Veh. Technol. 70 (4)(2021) 3746-3760.
[44]

C. Wang, W. Pedrycz, J. Yang, M. Zhou, Z. Li, Wavelet frame-based fuzzy c-means clustering for segmenting images on graphs, IEEE Trans. Cybern. 50 (9) (2019) 3938-3949.
[45]

C. Wang, W. Pedrycz, Z. Li, M. Zhou, Residual-driven fuzzy c-means clustering for image segmentation, IEEE/CAA Journal of Automatica Sinica 8 (4) (2020) 876-889.
[46]

C. Wang, W. Pedrycz, Z. Li, M. Zhou, S.S. Ge, G-image segmentation: similarity-preserving fuzzy c-means with spatial information constraint in wavelet space, IEEE Trans. Fuzzy Syst. 29 (12) (2020) 3887-3898.
[47]

X. Zhu, W. Pedrycz, Z. Li, Granular representation of data: a design of families of ϵ-information granules, IEEE Trans. Fuzzy Syst. 26 (4) (2017) 2107-2119.
[48]

W. Pedrycz, R. Al-Hmouz, A. Morfeq, A. Balamash, The design of free structure granular mappings: the use of the principle of justifiable granularity, IEEE Trans. Cybern. 43 (6) (2013) 2105-2113.
[49]

T. Ouyang, W. Pedrycz, O.F. Reyes-Galaviz, N.J. Pizzi, Granular Description of Data Structures: A Two-phase Design, IEEE transactions on cybernetics 51 (4) (2021) 1902-1912.
[50]

D. Wang, W. Pedrycz, Z. Li, Granular data aggregation: an adaptive principle of the justifiable granularity approach, IEEE Trans. Cybern. 49 (2) (2018) 417-426.
[51]

Z.-H. Zhan, J. Zhang, Y. Li, H.S.-H. Chung, Adaptive particle swarm optimization, IEEE Trans. Syst. Man Cybern. 39 (6) (2009) 1362-1381.
[52]

A.H. Lashkari, G. Draper-Gil, M.S.I. Mamun, A.A. Ghorbani,Characterization of tor traffic using time based features, in:Proceeding of the 3rd International Conference on Information System Security and Privacy, 2017, pp. 253-262.
[53]

CICflowmeter, https://www.unb.ca/cic/research/applications.html.

[54]

UNIBS, http://netweb.ing.unibs.it/ntw/tools/traces/index.php.

[55]

W. Wang, M. Zhu, X. Zeng, X. Ye, Y. Sheng, Malware traffic classification using convolutional neural network for representation learning, in: Proceedings of 2017 International Conference on Information Networking, ICOIN), 2017, pp. 712-717.
[56]

Z. Jin, Z. Liang, Y. Wang, W. Meng, Mobile network traffic pattern classification with incomplete a priori information, Comput. Commun. 166 (2021) 262-270.
AI Summary AI Mindmap
PDF

106

Accesses

0

Citation

Detail
Sections
Recommended

AI思维导图

/