towards reliable traffic classification using visual
play

Towards Reliable Traffic Classification Using Visual Motifs Wilson - PowerPoint PPT Presentation

Aug 03, 2023 •170 likes •652 views

Background Visual Motifs Traffic Classification Evaluation Towards Reliable Traffic Classification Using Visual Motifs Wilson Lian 1 John McHugh 1 , 2 Fabian Monrose 1 1 University of North Carolina at Chapel Hill 2 RedJack, LLC FloCon 2010

  1. Background Visual Motifs Traffic Classification Evaluation Towards Reliable Traffic Classification Using Visual Motifs Wilson Lian 1 John McHugh 1 , 2 Fabian Monrose 1 1 University of North Carolina at Chapel Hill 2 RedJack, LLC FloCon 2010 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  2. Background Visual Motifs Traffic Classification Evaluation Overview Background Visual Motifs Traffic Classification Evaluation Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  3. Background Visual Motifs Traffic Classification Evaluation Motivation Internet Network Administrator Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  4. Background Visual Motifs Traffic Classification Evaluation Motivation d3b07384d113e... 7d8ad5cb9c940... GET /index.ht... MAIL FROM: foo@... d41d8cd98f00b... d41d8cd98f00b... Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  5. Background Visual Motifs Traffic Classification Evaluation Goals Port 22 Port 25 36fd6d8c3f5af4... Port 22 MAIL FROM: foo@... Port 25 Port 22 fc2394c1a922... f98698466c3ef... Port 25 Port 22 f4d6d8c3f5a36... ef8698466c3f9... Port 25 222394c1a9fc... Port 22 DATA\r\nSubject: fo... Port 25 5ad6d8c3ff436... Port 22 f98698466c3ef... a92394c122fc... Port 1214 Port 80 113edec49eaa... Port 80 Port 1214 b314caafaa3e... b314caafaa3e... 006f7b3db8f4f... Port 80 Port 1214 POST /login.ph... aa3edec49e11... Port 80 Port 1214 b314caafaa3e... Port 80 4f006f7b3db8f0... Port 1214 Port 80 POST /AuthSv... Port 1214 9e3edec4aa11... GET /index.ht... b8006f7b3d4ff0... Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  6. Background Visual Motifs Traffic Classification Evaluation Assumptions Reliable transport via TCP Stream Cipher No access to payload Length preservation Negligible packet loss & retransmission Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  7. Background Visual Motifs Traffic Classification Evaluation Related Work Scatter (and other) Plots for Visualizing User Profiling Data and Network Traffic , Goldring 2004. Using Visual Motifs to Classify Encrypted Traffic , Wright et al. 2006 Intelligent Classification and Visualization of Network Scans Muelder et al. 2008. FloVis: A Network Security Visualization Framework , Taylor 2009. Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  8. Background Visual Motifs Traffic Classification Evaluation Timeline Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  9. Background Visual Motifs Traffic Classification Evaluation Timeline Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  10. Background Visual Motifs Traffic Classification Evaluation Timeline Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  11. Background Visual Motifs Traffic Classification Evaluation Timeline Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  12. Background Visual Motifs Traffic Classification Evaluation Timeline Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  13. Background Visual Motifs Traffic Classification Evaluation Timeline Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  14. Background Visual Motifs Traffic Classification Evaluation Timeline Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  15. Background Visual Motifs Traffic Classification Evaluation Unigram Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  16. Background Visual Motifs Traffic Classification Evaluation Bigram Heatmaps Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  17. Background Visual Motifs Traffic Classification Evaluation Heatmap Construction Client Server SYN 48 bytes SYN-ACK 48 bytes (48, -48) 48 ACK 40 bytes (-48, 40) -48 HTTP Request 891 bytes (40, 891) 40 (891, -40) 891 Time (-40, -270) -40 40 bytes -270 (-270, -1500) 270 bytes -1500 1500 bytes (-1500, 40) 40 (40, -1500) 40 bytes -1500 (-1500, 40) 40 1500 bytes 40 bytes Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  18. Background Visual Motifs Traffic Classification Evaluation Heatmap Construction (40, 891) (-48, 40) (48, -48) (-1500, 40) (40, 891) (-48, 40) (40, 891) (-1500, 40) (891, -40) (-40, -270) (-270, -1500) (-1500, 40) (48, -48) (40, -1500) (-40, -270) (891, -40) (-1500, 40) (-270, -1500) (40, -1500) Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  19. Background Visual Motifs Traffic Classification Evaluation Heatmap Construction (40, 891) (-48, 40) (48, -48) 3/9 = 33.3% (-1500, 40) (40, 891) 1/9 = 11.1% (-48, 40) (40, 891) (-1500, 40) (891, -40) (-40, -270) (-270, -1500) (-1500, 40) (48, -48) (40, -1500) (-40, -270) 2/9 = 22.2% 3/9 = 33.3% (891, -40) (-1500, 40) (-270, -1500) (40, -1500) Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  20. Background Visual Motifs Traffic Classification Evaluation Heatmap Construction Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  21. Background Visual Motifs Traffic Classification Evaluation Bigram Heatmaps Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  22. Background Visual Motifs Traffic Classification Evaluation Modeling Protocol Behavior (40, 891) (-48, 40) 3/9 = 33.3% (-1500, 40) (40, 891) 1/9 = 11.1% (-1500, 40) 1 2 (48, -48) (-40, -270) 2/9 = 22.2% 3/9 = 33% (891, -40) (-270, -1500) (40, -1500) 3 4 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  23. Background Visual Motifs Traffic Classification Evaluation Modeling Protocol Behavior 1 0.9 0.8 0.7 0.6 Probability 0.5 .333 .333 0.4 0.3 .222 0.2 .111 0.1 0 0 1 2 3 4 Bin Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  24. Background Visual Motifs Traffic Classification Evaluation Comparing Protocol Models 1 0.9 0.8 .700 0.7 0.6 Probability 0.5 0.4 .333 .333 0.3 .222 .150 0.2 .111 .100 .050 0.1 1 2 3 4 Bin Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  25. Background Visual Motifs Traffic Classification Evaluation Comparing Protocol Models n � A total = A k k =1 n � B total = B k k =1 n � � A i B i � � � Score A ↔ B = − � � A total B total � � i =1 n 1 � = | A i · B total − B i · A total | A total · B total i =1 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  26. Background Visual Motifs Traffic Classification Evaluation Comparing Protocol Models Score = .233+.589+.072+.283 = 1.177 .700 Probability .333 .333 .222 .150 .111 .100 .050 0 1 2 3 4 5 |.222-.150| = .072 Di fg erence |.333-.100| = .233 |.333-.050| = .283 |.111-.700| = .589 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  27. Background Visual Motifs Traffic Classification Evaluation Comparing Protocol Models 1 0.9 0.8 0.7 0.6 Probability 0.5 .400 0.4 .333 .333 .300 0.3 .222 .150 .150 0.2 .111 0.1 1 2 3 4 Bin Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  28. Background Visual Motifs Traffic Classification Evaluation Comparing Protocol Models 0.7 Score = .067+.039+.072+.033 = .211 0.6 0.5 Probability .400 0.4 .333 .333 .300 0.3 .222 0.2 .150 .150 .111 0.1 -0 0 1 2 3 4 5 |.333-.300| = .033 |.111-.150| = .039 Di fg erence -0.1 |.333-.400| = .067 |.222-.150| = .072 -0.2 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  29. Background Visual Motifs Traffic Classification Evaluation Classifying Samples: Easy as 1-2-3 1 Create training models for desired protocols 2 Build distribution for sample network trace 3 Find training model with lowest difference score n � A i B i � � � � Score A ↔ B = − � � A total B total � � i =1 n 1 � = | A i · B total − B i · A total | A total · B total i =1 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

Recommend

Traffic Classification in the Fog Scott E. Coull February 23, 2006 Overview What is traffic

Traffic Classification in the Fog Scott E. Coull February 23, 2006 Overview What is traffic

Traffic Classification in the Fog Scott E. Coull February 23, 2006 Overview What is traffic classification? Communities of Interest for classification BLINC Profiling Internet Backbone Traffic What is missing here? Traffic

965 views • 81 slides
Need for Classification Classification required To isolate traffic of interest

Need for Classification Classification required To isolate traffic of interest

Need for Classification Classification required To isolate traffic of interest Classification of Internet Traffic To treat special types of traffic in a different manner Some types of classification already seen in Alok

371 views • 9 slides
Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification, Measurement, and Analysis and Analysis ISC/CAIDA Data Collaboration Workshop October 22, 2012 David Plonka & Paul Barford

1.33k views • 26 slides
Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com Website: http://www.gl.com 1 1 Traffic

228 views • 11 slides
Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey

Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey

Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey Collaborators: Nikhil Naik, Ryan Farrell, Otkrist Gupta, Pei Guo, Ramesh Raskar Fine-Grained Visual Classification - Image classification with target

760 views • 35 slides
Traffic Classification Rotsos Charalampos , Jurgen Van Gael, Andrew W. Moore, Zoubin Ghahramani

Traffic Classification Rotsos Charalampos , Jurgen Van Gael, Andrew W. Moore, Zoubin Ghahramani

Probabilistic Graphical Models for Semi-Supervised Traffic Classification Rotsos Charalampos , Jurgen Van Gael, Andrew W. Moore, Zoubin Ghahramani Computer Laboratory and Engineering Department, University of Cambridge Traffic classification

257 views • 21 slides
Traffic Commissioner London and South East Championing safe, fair and reliable passenger and

Traffic Commissioner London and South East Championing safe, fair and reliable passenger and

Traffic Commissioners for Great Britain Nick Denton Traffic Commissioner London and South East Championing safe, fair and reliable passenger and goods transport Transport Managers EU Regulation 1071/2009 continuously and effectively

333 views • 22 slides
How is SUNET really used? Results of traffic classification on backbone data Wolfgang John and

How is SUNET really used? Results of traffic classification on backbone data Wolfgang John and

MonNet a project for network and traffic monitoring How is SUNET really used? Results of traffic classification on backbone data Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University of Technology

760 views • 21 slides
1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop

1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop

AGENDA AGENDA 1. The role and significance of public transport and tram transport in urban areas 2. Goal and stages of the study 1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop stations at tram stops

169 views • 4 slides
Combining Machine and Automata Learning for Network Traffic Classification Zeynab Sabahi, Fatemeh

Combining Machine and Automata Learning for Network Traffic Classification Zeynab Sabahi, Fatemeh

Combining Machine and Automata Learning for Network Traffic Classification Zeynab Sabahi, Fatemeh Ghassemi, and Zahra Alimadadi TTCS 2020,Tehran, Iran 1 Network Traffic Classification, What & Why?

655 views • 44 slides
Classification & Filtering Traffic Management October 2016 Chelsio T5/T6 Packet

Classification & Filtering Traffic Management October 2016 Chelsio T5/T6 Packet

Classification & Filtering Traffic Management October 2016 Chelsio T5/T6 Packet Classification and Filtering Features 1. Supported Match Fields with Optional Masks Up to 500K exact-match and 2K wildcard rules, 20M/sec lookup rate, 200K

92 views • 6 slides
Towards Explicable and Adaptive DDoS Traffic Classification Yebo Feng, Jun Li University of

Towards Explicable and Adaptive DDoS Traffic Classification Yebo Feng, Jun Li University of

The 21st Passive and Active Measurement Conference (PAM 2020) Towards Explicable and Adaptive DDoS Traffic Classification Yebo Feng, Jun Li University of Oregon {yebof, lijun}@cs.uoregon.edu Towards Explicable and Adaptive DDoS Traffic

339 views • 10 slides
Detection and Classification of Anomalies in Network Traffic Using Generalized Entropies and

Detection and Classification of Anomalies in Network Traffic Using Generalized Entropies and

Introduction Statement problem Mathematical background Algorithm Experiments Conclusions Detection and Classification of Anomalies in Network Traffic Using Generalized Entropies and OC-SVM with Mahalanobis Kernel Jayro Santiago-Paz, Deni

583 views • 23 slides
my.SWISSTRAFFIC Automated Traffic Collection & Analysis FULLY AUTOMATED TRAFFIC DATA

my.SWISSTRAFFIC Automated Traffic Collection & Analysis FULLY AUTOMATED TRAFFIC DATA

my.SWISSTRAFFIC Automated Traffic Collection & Analysis FULLY AUTOMATED TRAFFIC DATA COLLECTION AND ANALYTICS There is a high demand for reliable Traffic Data but Static data single-purpose data Invasive costly deployment &

404 views • 18 slides
Beyond Classification: La Latent User Interests Profiling from Visual Contents Analysis Lon

Beyond Classification: La Latent User Interests Profiling from Visual Contents Analysis Lon

Beyond Classification: La Latent User Interests Profiling from Visual Contents Analysis Lon Longqi Ya Yang , Cheng-Kang (Andy) Hsieh, Deborah Estrin Communicati Co tions On Online P Purchases So Social Network Ou Our inte terests ts

243 views • 20 slides
Bag-of-Visual-Ngrams for Histopathology Image Classification opez-Monroy, M.Sc. 1 A. Pastor L

Bag-of-Visual-Ngrams for Histopathology Image Classification opez-Monroy, M.Sc. 1 A. Pastor L

Bag-of-Visual-Ngrams for Histopathology Image Classification opez-Monroy, M.Sc. 1 A. Pastor L omez, Ph.D. 1 H. J. Escalante, Ph.D. 1 M. Montes-y-G A. Cruz-Roa, M.Sc. 2 alez, Ph.D. 2 F. A. Gonz November-2013 M exico LabTL, Computer

438 views • 24 slides
Traffic analysis and modelling 1 Service classification Services may be classified according

Traffic analysis and modelling 1 Service classification Services may be classified according

Traffic analysis and modelling 1 Service classification Services may be classified according to many criteria. For example, loosely classify according to nature of transmitted information: voice services computer communications, and

407 views • 21 slides
A Visual Analytics System for Exploring, Monitoring, and Forecasting Road Traffic Congestion

A Visual Analytics System for Exploring, Monitoring, and Forecasting Road Traffic Congestion

A Visual Analytics System for Exploring, Monitoring, and Forecasting Road Traffic Congestion Presentation by Junfeng Xu Who? Chunggi Lee, Yeonjun Kim, Seungmin Jin, Dongmin Kim, Ross Maciejewski, Senior Member, IEEE, DavidEbert, Fellow,

914 views • 24 slides
for Large-Scale Image Classification Karn Simonyan, Andrea Vedaldi, Andrew Zisserman Visual

for Large-Scale Image Classification Karn Simonyan, Andrea Vedaldi, Andrew Zisserman Visual

Deep Fisher Networks for Large-Scale Image Classification Karn Simonyan, Andrea Vedaldi, Andrew Zisserman Visual Geometry Group, University of Oxford Deep learning achieves excellent performance in image classification. Do hand-crafted image

159 views • 4 slides
BLINC: Multilevel Traffic Classification in the Dark Thomas Karagiannis, UC Riverside

BLINC: Multilevel Traffic Classification in the Dark Thomas Karagiannis, UC Riverside

BLINC: Multilevel Traffic Classification in the Dark Thomas Karagiannis, UC Riverside Konstantina Papagiannaki, Intel Research Cambridge Michalis Faloutsos, UC Riverside The problem of workload characterization The goal: Classify Internet

649 views • 29 slides
Early online classification of encrypted traffic streams using multi-fractal features Erik

Early online classification of encrypted traffic streams using multi-fractal features Erik

Early online classification of encrypted traffic streams using multi-fractal features Erik Arestrm, Linkping University Niklas Carlsson, Linkping University Motivation and problem Early flow classification is important for network

629 views • 40 slides
A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic

A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic

A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic Tejmani Sinam, Irengbam Tilokchan Singh, Sukumar Nandi Pradeep Lamabam, Ngasham Nandarani Devi Department of Computer Science and Engineering,

231 views • 6 slides
On the challenges of network traffic classification with NetFlow/IPFIX Pere Barlet-Ros Associate

On the challenges of network traffic classification with NetFlow/IPFIX Pere Barlet-Ros Associate

On the challenges of network traffic classification with NetFlow/IPFIX Pere Barlet-Ros Associate Professor at UPC BarcelonaTech (pbarlet@ac.upc.edu) Joint work with: Valentn Carela-Espaol, Tomasz Bujlow and Josep Sol-Pareta This project

544 views • 26 slides
Network traffic classification: From theory to practice Pere Barlet-Ros Associate Professor at

Network traffic classification: From theory to practice Pere Barlet-Ros Associate Professor at

Network traffic classification: From theory to practice Pere Barlet-Ros Associate Professor at UPC BarcelonaTech Co-founder and Chairman at Polygraph.io Joint work with: Valentn Carela-Espaol, Tomasz Bujlow and Josep Sol-Pareta

1.67k views • 39 slides

More recommend