Deep machine learning based Usage Pattern and Application classifier in Network Traffic for Anomaly Detection

Deep machine learning based Usage Pattern and Application classifier in Network Traffic for Anomaly Detection

In recent years, the widespread use of the internet across various sectors has led to an increase in network traffic and a rise in the complexity of traffic analysis. There are a number of techniques for identifying network traffic, including the use of payload size sequence (PSS) signatures and IP...

Full description

Saved in:
Bibliographic Details
Published in:2023 International Conference on Advances in Electronics, Communication, Computing and Intelligent Information Systems (ICAECIS) pp. 50 - 54
Main Authors: BP, Vijaya Kumar, SM, Kusuma, LV, Pallavi
Format: Conference Proceeding
Language:English
Published: IEEE 19-04-2023
Subjects:
Anomaly detection
Classification
Convolution neural network
Deep machine learning
Network packet
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In recent years, the widespread use of the internet across various sectors has led to an increase in network traffic and a rise in the complexity of traffic analysis. There are a number of techniques for identifying network traffic, including the use of payload size sequence (PSS) signatures and IP ports. The PSS signatures provide a unique flow pattern for each application, which can be used as a basis for payload-based classification. Port-based classification, on the other hand, identifies applications based on their well-known port numbers.This study proposes the design and development of two machine learning models, Random Forest (RF) and Convolutional Neural Network (CNN), to identify the most popular applications and their usage patterns in order to detect anomalies. Network traffic data was captured from the organization's data centers over different time periods while various applications were running on both wired and wireless networks. The model was trained using characteristics of network packets and its performance was evaluated based on usage patterns and packet identification. The results showed that the model was able to accurately classify applications and support anomaly detection. To train, validate, and test the ML models, 2,793,696 packet flows with a variety of attributes were employed as the dataset. The findings indicated that the CNN model achieved high accuracy in detecting online applications from the dataset.
DOI:10.1109/ICAECIS58353.2023.10169914