Measuring the accuracy of open-source payload-based traffic classifiers using popular Internet applications

Alcock, Shane; Nelson, Richard

doi:10.1109/lcnw.2013.6758538

Cited by 16 publications

(14 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sensitivity measures the proportion of true positives, that is cases where the firewall correctly blocked data traffic, while specificity measures the proportion of true negatives, that is data traffic that was correctly allowed to pass through the firewall. Accuracy is a term that encompasses both sensitivity and specificity (Zhu et al, 2010) (Alcock & Nelson, 2013). Calculation of sensitivity and specificity value are defined as follows:…”

Section: A Assessment Methodologymentioning

confidence: 99%

Improving Network Security - A Comparison of Open Source DPI Software

Satrya

Nugroho

Brotoharsono

2017

ijoict

View full text Add to dashboard Cite

The classification of data traffic in a firewall using parameters such as port number, IP address, and MAC address is not sufficient. For example, currently, many applications can be used without a port number meaning they can easily circumvent a firewall. Firewalls inspecting up to only layer four could allow malicious data to pass. Next-generation deep packet inspection (DPI) is a method that can be used for firewalls as a method of classification up to layer seven in data traffic control. This research recommends the use of nDPI and L7-filter by network administrators on existing open source firewalls. Eleven internet applications were used to test and analyze nDPI and L7-filter which are capable of detecting traffic based on the data signature. nDPI and L7-filter were tested for accuracy and speed of total time of execution in live performance networks. We conclude that the development of next-generation deep packet inspection is important for the future of system and network security.

show abstract

Section: A Assessment Methodologymentioning

confidence: 99%

Improving Network Security - A Comparison of Open Source DPI Software

Satrya

Nugroho

Brotoharsono

2017

ijoict

View full text Add to dashboard Cite

show abstract

“…Practical studies suggest that (Alcock and Nelson, 2013), Hadoop/MapReduce tool offers a variety of flexibility advantages for measurement and analysis processes of internet traffic. Adopting online network simulation, the researchers test Hadoop MapReduce.…”

Section: Comparisons Review Of Internet Traffic Measuerment and Analymentioning

confidence: 99%

“…So-In (2009), Conducted practical comparisons between different traffic measurement and analysis tools that included L7 filter and Tstat approaches. Deploying a variety of network capabilities and different transferring protocols, comparisons were drawn to account for the ability of measuring and analyzing the internet traffic (Alcock and Nelson, 2013).…”

Section: Comparisons Review Of Internet Traffic Measuerment and Analymentioning

confidence: 99%

Online Traffic Measurement and Analysis in Big Data: Comparative Research Review

Ibrahim¹,

Hassan

Ahmad

et al. 2016

American Journal of Applied Sciences

View full text Add to dashboard Cite

Abstract:The Internet traffic measurement and analysis is important to avoid many problems of data transferring via online networks such as data losing and slow data transferring. The Internet traffic measuring and analysis could be effective to avoid the data transferring challenges. The Internet traffic measuring and analysis flexibility is important due to many reasons such as dynamicity of transferred data such as size and format, the data transferring protocols and the dynamicity of measure the traffic based on the networks available resources depend on the transferred data characteristics. The main objective of this paper is to review the most flexible Internet traffic measuring and analysis tools that could be adopted to handle the dynamicity of data transferring characteristics.

show abstract

“…The dataset was labeled using a port-based technique with the problems of reliability it implies [9,21,22]. Unlike these previous works, our solution is based on a more reliable labeling technique [2,3,7,8] and is evaluated with a comprehensive dataset with evolving data streams (i.e., 13 years of traffic, 4 billions of flows). We also perform a complete study of HAT in order to understand the impact of its different parameters on the classification of network traffic.…”

Section: Related Workmentioning

confidence: 99%

“…State-of-the-art proposals for traffic classification are usually based on Deep Packet Inspection (DPI) or Machine Learning (ML) techniques [2][3][4][5][6][7][8][9]. These techniques extract in an offline phase a set of patterns, rules or models that capture a static view of a particular network and moment of time from a training dataset.…”

Section: Introductionmentioning

confidence: 99%

A streaming flow-based technique for traffic classification applied to 12 + 1 years of Internet traffic

et al. 2015

View full text Add to dashboard Cite

The continuous evolution of Internet traffic and its applications makes the classification of network traffic a topic far from being completely solved. An essential problem in this field is that most of proposed techniques in the literature are based on a static view of the network traffic (i.e. they build a model or a set of patterns from a static, invariable dataset). However, very little work has addressed the practical limitations that arise when facing a more realistic scenario with an infinite, continuously evolving stream of network traffic flows. In this paper, we propose a streaming flowbased classification solution based on Hoeffding Adaptive Tree, a machine learning technique specifically designed for evolving data streams. The main novelty of our proposal is that it is able to automatically adapt to the continuous evolution of the network traffic without storing any traffic data. We apply our solution to a 12+1 year-long dataset from a transit link in Japan, and show that it can sustain a very high accuracy over the years, with significantly less cost and complexity than existing alternatives based on static learning algorithms, such as C4.5.Valentín Carela-Español ( ) UPC BarcelonaTech,

show abstract

Measuring the accuracy of open-source payload-based traffic classifiers using popular Internet applications

Cited by 16 publications

References 18 publications

Improving Network Security - A Comparison of Open Source DPI Software

Improving Network Security - A Comparison of Open Source DPI Software

Online Traffic Measurement and Analysis in Big Data: Comparative Research Review

A streaming flow-based technique for traffic classification applied to 12 + 1 years of Internet traffic

Contact Info

Product

Resources

About