Network Traffic Classification Based on Deep Learning

Similar documents
The Comparative Study of Machine Learning Algorithms in Text Data Classification*

A Data Classification Algorithm of Internet of Things Based on Neural Network

Network Traffic Measurements and Analysis

Fast Learning for Big Data Using Dynamic Function

A Method and System for Thunder Traffic Online Identification

A Novel Image Super-resolution Reconstruction Algorithm based on Modified Sparse Representation

Application of Redundant Backup Technology in Network Security

A Network Intrusion Detection System Architecture Based on Snort and. Computational Intelligence

Face recognition based on improved BP neural network

Optimization Model of K-Means Clustering Using Artificial Neural Networks to Handle Class Imbalance Problem

Yunfeng Zhang 1, Huan Wang 2, Jie Zhu 1 1 Computer Science & Engineering Department, North China Institute of Aerospace

COMPUTATIONAL INTELLIGENCE

A platform for automatic identification of phishing URLs in mobile text messages

Report: Privacy-Preserving Classification on Deep Neural Network

Coordinated and Unified Control Scheme of IP and Optical Networks for Smart Power Grid

The design and implementation of TPC encoder and decoder

Recognition of the smart card iconic numbers

Study of Residual Networks for Image Recognition

CS6220: DATA MINING TECHNIQUES

Automated Crystal Structure Identification from X-ray Diffraction Patterns

Logical Rhythm - Class 3. August 27, 2018

The Application Research of Neural Network in Embedded Intelligent Detection

Application of Augmented Reality Technology in Workshop Production Management

DECISION TREES & RANDOM FORESTS X CONVOLUTIONAL NEURAL NETWORKS

More Learning. Ensembles Bayes Rule Neural Nets K-means Clustering EM Clustering WEKA

Face Recognition Using Vector Quantization Histogram and Support Vector Machine Classifier Rong-sheng LI, Fei-fei LEE *, Yan YAN and Qiu CHEN

CLASSIFICATION WITH RADIAL BASIS AND PROBABILISTIC NEURAL NETWORKS

The Design and Optimization of Database

Machine Learning With Python. Bin Chen Nov. 7, 2017 Research Computing Center

CS489/698: Intro to ML

Unknown Malicious Code Detection Based on Bayesian

Data Mining and Business Process Management of Apriori Algorithm

Looking deeper: Using deep learning to identify internet communications traffic. Cheng-Chew Lim The University of Adelaide

Video Inter-frame Forgery Identification Based on Optical Flow Consistency

Ensemble methods in machine learning. Example. Neural networks. Neural networks

Multi-label classification using rule-based classifier systems

Keras: Handwritten Digit Recognition using MNIST Dataset

Discovering Advertisement Links by Using URL Text

Discussion of GPON technology application in communication engineering Zhongbo Feng

Neural Networks. CE-725: Statistical Pattern Recognition Sharif University of Technology Spring Soleymani

Dynamic Routing Between Capsules

Traffic Signs Recognition using HP and HOG Descriptors Combined to MLP and SVM Classifiers

T-S Neural Network Model Identification of Ultra-Supercritical Units for Superheater Based on Improved FCM

Performance Analysis of Data Mining Classification Techniques

Machine Learning. The Breadth of ML Neural Networks & Deep Learning. Marc Toussaint. Duy Nguyen-Tuong. University of Stuttgart

Application of Improved Lzc Algorithm in the Discrimination of Photo and Text ChengJing Ye 1, a, Donghai Zeng 2,b

Comprehensive analysis and evaluation of big data for main transformer equipment based on PCA and Apriority

TensorFlow and Keras-based Convolutional Neural Network in CAT Image Recognition Ang LI 1,*, Yi-xiang LI 2 and Xue-hui LI 3

Dynamic Analysis of Structures Using Neural Networks

Deep Learning with Tensorflow AlexNet

Dropout. Sargur N. Srihari This is part of lecture slides on Deep Learning:

4.12 Generalization. In back-propagation learning, as many training examples as possible are typically used.

COMPUTATIONAL INTELLIGENCE

Study on Improving the Quality of Reconstructed NURBS Surfaces

Research on Evaluation Method of Product Style Semantics Based on Neural Network

Learning to Match. Jun Xu, Zhengdong Lu, Tianqi Chen, Hang Li

EFFICIENT ATTRIBUTE REDUCTION ALGORITHM

Intelligent management of on-line video learning resources supported by Web-mining technology based on the practical application of VOD

Optimizing Number of Hidden Nodes for Artificial Neural Network using Competitive Learning Approach

BP Neural Network Based On Genetic Algorithm Applied In Text Classification

International Journal of Software and Web Sciences (IJSWS)

Data Mining in the Application of E-Commerce Website

A New Type of ART2 Architecture and Application to Color Image Segmentation

A Partition Method for Graph Isomorphism

Neural Networks. Theory And Practice. Marco Del Vecchio 19/07/2017. Warwick Manufacturing Group University of Warwick

A Kind of Wireless Sensor Network Coverage Optimization Algorithm Based on Genetic PSO

COMP 551 Applied Machine Learning Lecture 16: Deep Learning

Machine Learning 13. week

An Improved DFSA Anti-collision Algorithm Based on the RFID-based Internet of Vehicles

Research on Applications of Data Mining in Electronic Commerce. Xiuping YANG 1, a

Architecture Design and Experimental Platform Demonstration of Optical Network based on OpenFlow Protocol

Simple Model Selection Cross Validation Regularization Neural Networks

Time Series Clustering Ensemble Algorithm Based on Locality Preserving Projection

Image Compression: An Artificial Neural Network Approach

Research on Design and Application of Computer Database Quality Evaluation Model

Bayes Classifiers and Generative Methods

Detecting Spam with Artificial Neural Networks

Novel Method For Low-Rate Ddos Attack Detection

Parallel Evaluation of Hopfield Neural Networks

Research Article Research on Plaintext Restoration of AES Based on Neural Network

Neural Network and Deep Learning. Donglin Zeng, Department of Biostatistics, University of North Carolina

Bayesian model ensembling using meta-trained recurrent neural networks

The comparison of performance by using alternative refrigerant R152a in automobile climate system with different artificial neural network models

A *69>H>N6 #DJGC6A DG C<>C::G>C<,8>:C8:H /DA 'D 2:6G, ()-"&"3 -"(' ( +-" " " % '.+ % ' -0(+$,

CS 4510/9010 Applied Machine Learning

Deep Learning. Practical introduction with Keras JORDI TORRES 27/05/2018. Chapter 3 JORDI TORRES

Text Clustering Incremental Algorithm in Sensitive Topic Detection

Transfer Forest Based on Covariate Shift

An Integrated Face Recognition Algorithm Based on Wavelet Subspace

A study of classification algorithms using Rapidminer

Random Forest A. Fornaser

A paralleled algorithm based on multimedia retrieval

Crop Production Management Information System Design and Implementation

Lecture 20: Neural Networks for NLP. Zubin Pahuja

Link Prediction for Social Network

Lecture 2 Notes. Outline. Neural Networks. The Big Idea. Architecture. Instructors: Parth Shah, Riju Pahwa

Low Overhead Geometric On-demand Routing Protocol for Mobile Ad Hoc Networks

Research on the raw data processing method of the hydropower construction project

Deep Learning Basic Lecture - Complex Systems & Artificial Intelligence 2017/18 (VO) Asan Agibetov, PhD.

Human Identification at a Distance Using Body Shape Information

Transcription:

Journal of Physics: Conference Series PAPER OPEN ACCESS Network Traffic Classification Based on Deep Learning To cite this article: Jun Hua Shu et al 2018 J. Phys.: Conf. Ser. 1087 062021 View the article online for updates and enhancements. This content was downloaded from IP address 148.251.232.83 on 01/02/2019 at 01:40

Network Traffic Classification Based on Deep Learning Jun Hua SHU 1, Jiang JIANG 2, Jing Xuan SUN 3 School of control and computer engineering, North China Electric Power University, Beijing 102206, China. xxdyx110@126.com Abstract. With the rapid development of the Internet, the network has been expanding. In order to allow network operators to provide better quality of service, but also the effective supervision and management of the network, identify the traffic type of network traffic classification technology has become a hot topic in recent years. In this paper, a method of network traffic classification based on deep learning is proposed. Compared with the traditional machine learning method, the accuracy of network traffic classification based on deep learning has been improved obviously. 1. Introduction In recent years, with the rapid development of the Internet, the network traffic data also showed explosive growth, while giving people convenience, but also to the effective network management, security, network environment has brought great challenges, such as virus flooding it is difficult to monitor the network of unhealthy content, P2P applications take a lot of network bandwidth and other issues. In view of the problems in these networks, network researchers have proposed capacity planning, traffic scheduling and other strategies to improve the operational efficiency of the network. However, the premise of these strategies is to classify the traffic, so the network traffic classification technology is more and more by many network research scholars and network service providers. At present, the network traffic classification technology is mainly used in service quality and traffic engineering, network security monitoring, network management technology [1]. 2. Research status The traditional method of network traffic classification is based on the network port implementation. Through the network protocol and application software for data transmission when the general port requirements, the port number and the specific network protocol, application software one by one to determine the use of the port of the network traffic type to complete the identification of network traffic. However, there are many new applications (Streaming, Gaming and P2P) appearing in addition to traditional applications, the port-based protocol identification method is no longer reliable [2]. The classification method based on feature field recognition is to pre-establish the application layer identification rule base for network traffic generated by each network application. It is to establish the application layer identification rule base of the network traffic generated by each network application in advance, to rule out the data content of the data stream to be identified, and to determine the application type of network traffic according to the matching result. However, the classification method based on feature field recognition can only identify the existing traffic type, but also can not contribute to the encrypted data. Therefore, in today's widely used load encryption technology and traffic types continue Content from this work may be used under the terms of the Creative Commons Attribution 3.0 licence. Any further distribution of this work must maintain attribution to the author(s) and the title of the work, journal citation and DOI. Published under licence by Ltd 1

to emerge, based on the feature field recognition classification method has a greater limitation. In view of the limitations of the above methods, in recent years, more and more network researchers use the statistical characteristics of network traffic and machine learning methods to classify network traffic. Commonly used in the network traffic classification of machine learning methods are Naive Bayesian method and C4.5 decision tree method. 3. Machine learning classification method 3.1. Naive Bayesian The naive Bayesian method is a method of modeling the probability relation between attribute set and type variable by Bayes theorem. Suppose there are n data streams, x,x,,x in the network, each data stream has m attributes A,A,,A, x = A ( ),A ( ),,A ( ) represented the characteristic attribute of the i-th data stream. Y= y,y,,y denote k traffic application types, that is, the target type. For each data stream x, need to find a mapping F: x Y, indicates that each network traffic x is classified as a traffic application type. For an unclassified data stream x, the network type y to which it belongs depends on the posterior probability p y x. The Bayesian method calculates the posterior probability as follows: x y x y p y x = (1) p y is the prior probability of y, which is independent of the traffic to be classified. p x y is the probability density function of x in the case of given y. The key to naive Bayesian is to give the probability p x y. Naive Bayesian assumes that all attributes A are independent and obey the Gaussian distribution. Calculate the maximum posterior probability: p(y x) =max p y x jε(1, Y ) (2) you can calculate the best category y of x. Although the Naive Bayesian independence hypothesis is difficult to set up, the Naive Bayesian method performs better than most of the more complex classification methods and can handle very complex situations. However, the naive Bayesian method uses the proportion of various types of samples in the training data to estimate the prior probabilities of the various samples, which can lead to the instability of classification accuracy [3,4]. 3.2. C4.5 Decision Tree C4.5 Decision tree method is to use the information entropy in the training data set to construct the classification model, so as to realize the classification of unknown samples. The training phase of the decision tree consists of two processes of building and pruning. In the process of building the algorithm, the training samples are selected and the samples are divided according to certain rules. Each partition is divided according to a certain attribute, and a node is generated. This attribute is the basis for dividing the sample in the classification [5]. The pruning process uses the remaining training samples as the test set, prudently verifies the generated decision tree records, trims or adds nodes to the incorrectly classified branches, and finally forms the decision tree. C4.5 algorithm occupies an important position in the research of network traffic classification based on machine learning. It has good classification accuracy and data processing speed. However, in the case of huge amount of network traffic data, tree generation time is greatly affected [6,7]. 4. Network traffic classification based on deep learning: With the rise of Big Data and the improvement of computer computing ability, the deep learning has been getting more and more researchers attention. Machine learning algorithms such as naive Bayesian and decision trees are highly dependent on the choice of feature attributes, such as the absence of feature selection for naive Bayesian classification, the accuracy rate is only about 65%. However, the average 2

classification accuracy after feature selection is about 95%, it can be seen the importance of feature selection for machine learning. Deep learning can automatically combine the low-order features of the input, transform, arrange the combination, get high-order features, eliminating the need for manual construction of high-order features of the workload [8]. In a broad sense, the deep learning network structure is also a multi-layer neural network, multi-layer neural network mainly includes input layer, hidden layer and output layer: Figure 1 Deep Learning Network Structure The hidden layer can have multiple layers. The parameters in the network are randomly initialized, and the weighting parameters in the network are adjusted by the Back Propagation (BP) algorithm. Assuming the network result is shown in Fig. 1, the input of the j-th output neuron: β = w b (3) The input of the h-th hidden neurons: α = v x (4) For a training sample (x,y ), it is assumed that the output of the neural network is y = (y,y,,y ), ie y =f(β ε ), Where ε is the offset term, the mean square error of the network on (x,y ) is: E = (y y ) (5) BP algorithm is based on gradient descent strategy, the goal is to minimize the mean square error E : w = θ (6) Application of chain rules for derivation, can eventually get: w =θ y (1 y )(y y ) b (7) Through the BP algorithm can be based on the input training samples automatically adjust the weight of the entire network parameters to reduce the mean square error. The traditional multi-layer neural network increases the number of layers, resulting in the gradient in the reverse propagation, the deeper the spread of the gradient closer to 0, resulting in the gradient disappeared. And with the increase in the number of layers, the number of weight parameters will be correspondingly increased, the more complex the model, and thus easier to overfit [9,10]. Deep learning by using the new activation function ReLU, the new weight initialization method, the new loss function, the new anti-fitting method (Dropout, regularization, etc.) to solve the traditional multilayer Disadvantages in the network. 5. Experimental environment and experimental data: 5.1. Experimental data: This article uses the experimental dataset used by Moore et al. There are 10 types of data, each of which is abstracted from a complete TCP bidirectional stream containing 249 network flow attributes. Since the number of samples of some traffic types such as GAMES is too small, we only use eight of these 3

types, each of which is shown in the following table: Type WWW MAI L Numb er 32809 2 2856 7 Table 1 Number of each type FTPDA DATABAS FTPC FTPPA P2P SERVIC TA E ONTR SV ES OL 5797 2648 3054 2688 2094 2099 The same number of samples are taken from each flow type as experimental data, and when a certain type of sample is insufficient, all samples of this type are taken. 5.2. Experimental environment: The deep learning framework used in this article is Google's TensorFlow, relative to other deep learning framework, TensorFlow has four following advantages : usability flexibility efficiency and support. TensorFlow is supported by Google, and Google has invested a lot of effort in developing TensorFlow, which expect TensorFlow to become a general framework for machine learning researchers and developers. 6. Experimental results and analysis: This experiment uses a random forest, naive Bayesian and deep learning neural network algorithm for classification, the maximum tree depth of the random forest is 3, and the neural network has two hidden layers, and the number of neurons is 500 and 100 respectively. First, 100 samples of each type were extracted, the experimental data were randomly divided into two parts, one was trained as a training set and the other as a test set. The accuracy of the test set was obtained. Then gradually increase the number of samples of each type, the final results as shown below: Figure 2 The Accuracy Of The Three Algorithms It can be seen from the results that the Naive Bayesian method can not accurately fit the distribution of network flow attributes due to the direct use of the independence hypothesis, resulting in poor classification results. While the random forest can maintain a high accuracy, but the accuracy of the model with the increasing number of samples fluctuate. Deep learning neural network algorithm accuracy rate can reach 98.5% or more, and compared to the other two classification algorithms, the deep learning neural network algorithm accuracy is not only higher, but also more stable. 7. Concluding Using the machine learning method to deal with the traffic classification problem is a hotspot of network traffic classification in recent years. However, with the rise of Big Data and the improvement of hardware computing ability, the deep learning has quickly become the new darling. In this paper, we compare the differences between depth learning and naive Bayesian and random forest algorithms in network traffic classification. The deep learning neural network has higher accuracy and better stability 4

than other machine learning algorithms. It s accuracy rate can reach more than 98.5%. The deep learning neural network has a great advantage in the classification of network traffic without the need of characteristic selection and extremely powerful fitting ability. References: [1] Hong Zhi Wang,Li Hui Yan. A New Network Traffic Classification Method Based on Optimized Hadamard Matrix and ECOC-SVM[J]. Advanced Materials Research,2014,3326(989):. [2] HaiTao He,XiaoNan Luo,FeiTeng Ma,ChunHui Che,JianMin Wang. Network traffic classification based on ensemble learning and co-training[j]. Science in China Series F: Information Sciences,2009,52(2):. [3] Mikhail Dashevskiy,Zhiyuan Luo. Two methods for reliable classification of network traffic[j]. Progress in Artificial Intelligence,2012,1(3):. [4] Haitao He,Chunhui Che,Feiteng Ma,Xiaonan Luo,Jianmin Wang. Improve Flow Accuracy and Byte Accuracy in Network Traffic Classification[M].Springer Berlin Heidelberg:2008. [5] Alberto Dainotti,Antonio Pescapé,Carlo Sansone. Early Classification of Network Traffic through Multi-classification[M].Springer Berlin Heidelberg:2011. [6] Xiaoling Tao,Yong Wang,Yi Wei,Ye Long. Network Traffic Classification Based on Multi- Classifier Selective Ensemble[J]. Recent Advances in Electrical & Electronic Engineering,2015,8(2):. [7] Aiqing Zhu. A P2P Network Traffic Classification Method Based on C4.5 Decision Tree Algorithm[M].Springer Berlin Heidelberg:2014. [8] Sweta Keshapagu,Shan Suthaharan. Analysis of Datasets for Network Traffic Classification[M].Springer New York:2013. [9] Lei Ding,Fei Yu,Sheng Peng,Chen Xu. A Classification Algorithm for Network Traffic based on Improved Support Vector Machine[J]. Journal of Computers,2013,8(4):. [10] Auld Tom,Moore Andrew W,Gull Stephen F. Bayesian neural networks for internet traffic classification.[j]. IEEE Transactions on Neural Networks,2007,18(1):. 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback