traffic classification based on visualization
play

Traffic Classification based on Visualization - PowerPoint PPT Presentation

Feb 27, 2023 •347 likes •529 views

Traffic Classification based on Visualization

  1. Traffic Classification based on Visualization 0101001111110010011011010101010100101101110011111001010011101101011111010110111110011101111111100010001001110010000111100011100011101110111011110110100111010010101010011111010100010111001111001111100101001110110101111101011011111001110111 Zhibin Yu Realtime Image Processing & Telecommunication Lab. Kyungpook National University South Korea December 8th, 2011

  2. Overview 010100111111001001101101010101010010110111001111100101001110110101111101011011111001110111111110001000100111001000011110001110001110111011101111011010011101001010101001111101010001011100111100111110010100111011010111110101101111100111011111111000 Person A Person B face recognition P2P Flow A Flow face A HTTP Flow B Flow face B FTP Flow C Flow face C …… Network traffic face recognition Figure A Is that possible to use face recognition technology to classify network traffic? 16/12/11 Realtime Image Pr Processing ng & Te Telecommuni unication n Lab. 2 2

  3. Contents 010100111111001001101101010101010010110111001111100101001110110101111101011011111001110111111110001000100111001000011110001110001110111011101111011010011101001010101001111101010001011100111100111110010100111011010111110101101111100111011111111000 • Introduction • Related work • Proposed algorithm • Evaluation • Conclusion 16/12/11 Realtime Image Pr Processing ng & Te Telecommuni unication n Lab. 3 3

  4. Introduction 010100111111001001101101010101010010110111001111100101001110110101111101011011111001110111111110001000100111001000011110001110001110111011101111011010011101001010101001111101010001011100111100111110010100111011010111110101101111100111011111111000 Pattern Input traffic Image recognition flows enhancement (PCA) Normalization Display 2-D of packet size Results images and interval Figure B Flow chart 16/12/11 Realtime Image Pr Processing ng & Te Telecommuni unication n Lab. 4 4

  5. Related Work 010100111111001001101101010101010010110111001111100101001110110101111101011011111001110111111110001000100111001000011110001110001110111011101111011010011101001010101001111101010001011100111100111110010100111011010111110101101111100111011111111000 • Port-based Approaches – Fast but unreliable • Signature-based approaches – Accurate but inflexible • Statistical-based approaches – weak in small flows • Machine Learning Approaches – Accurate but time costly • Traffic Classification Metric 2 TP F = 2 TP FN FP + + – where TP is true positive, FN is false negative and FP is false positive. 16/12/11 Realtime Image Pr Processing ng & Te Telecommuni unication n Lab. 5 5

  6. Proposed Method (1/5) 010100111111001001101101010101010010110111001111100101001110110101111101011011111001110111111110001000100111001000011110001110001110111011101111011010011101001010101001111101010001011100111100111110010100111011010111110101101111100111011111111000 • Feature selection – Packet size – Packet inter-arrival time Figure C: Cumulative Distribution of Packet Size and Packet Inter-arrival time using our experiment dataset 16/12/11 Realtime Image Pr Processing ng & Te Telecommuni unication n Lab. 6 6

  7. Proposed Method (2/5) 010100111111001001101101010101010010110111001111100101001110110101111101011011111001110111111110001000100111001000011110001110001110111011101111011010011101001010101001111101010001011100111100111110010100111011010111110101101111100111011111111000 • Image Normalization – Definition Y 512*512 image Packet Inter- arrival time X Packet size Packet _ Interval Packet _ size a Y 512 * ( ) X 512 * = = Max _ Interval MTU – MTU=1500 – Max_Interval=3600s – a=0.1 16/12/11 Realtime Image Pr Processing ng & Te Telecommuni unication n Lab. 7 7

  8. Proposed Method (3/5) 010100111111001001101101010101010010110111001111100101001110110101111101011011111001110111111110001000100111001000011110001110001110111011101111011010011101001010101001111101010001011100111100111110010100111011010111110101101111100111011111111000 • Image Normaliztion – Initialized Images (a) (b) (c) (d) Figure D: Four local images generated by FTP-data and OICQ flows. (a) FTP-data1. (b)FTP-data2. (c) OICQ1. (d)OICQ2. 16/12/11 Realtime Image Pr Processing ng & Te Telecommuni unication n Lab. 8 8

  9. Proposed Method (4/5) 010100111111001001101101010101010010110111001111100101001110110101111101011011111001110111111110001000100111001000011110001110001110111011101111011010011101001010101001111101010001011100111100111110010100111011010111110101101111100111011111111000 • Image enhancement – Mountain clustering and visualization 2 N || a a || − b i M ( exp( ) ) ∑ = − a 2 2 σ i 1 = M B 255 * ( a ) a = M max – N is the total number of packets in this flow – M a is the mountain height of point a calculated by equation 1 – b is the parameter which controls the difference between peak and plain – B a is the brightness value of point a 16/12/11 Realtime Image Pr Processing ng & Te Telecommuni unication n Lab. 9 9

  10. Proposed Method (5/5) 010100111111001001101101010101010010110111001111100101001110110101111101011011111001110111111110001000100111001000011110001110001110111011101111011010011101001010101001111101010001011100111100111110010100111011010111110101101111100111011111111000 • Image enhancement – Mountain clustering (a) (b) (c) Figure E: Image enhancement after mountain clustering. (a) Original image. (b)Mountain clustering value. (c) Image after enhancement when b=0.3 σ =2 16/12/11 Realtime Image Pr Processing ng & Te Telecommuni unication n Lab. 10 10

  11. Evaluation (1/5) 010100111111001001101101010101010010110111001111100101001110110101111101011011111001110111111110001000100111001000011110001110001110111011101111011010011101001010101001111101010001011100111100111110010100111011010111110101101111100111011111111000 • Evaluation – Data Description Average flow size Average interval Average packet size Traffic name (Kbytes) (Seconds) (Bytes) HTTP 37.9 0.759 646 FTP 7.64 11.621 84 FTP-data 21386.7 0.0666 576 OICQ 18.9 3.531 200 (Chatting) POP3 35.3 0.246 317 SMTP 19.9 0.0835 464 Web-download 21734.4 0.0425 1142 PPStream 1911.6 0.284 371 (P2PTV) Table 1: Data description 16/12/11 Realtime Image Pr Processing ng & Te Telecommuni unication n Lab. 11 11

  12. Evaluation (2/5) 010100111111001001101101010101010010110111001111100101001110110101111101011011111001110111111110001000100111001000011110001110001110111011101111011010011101001010101001111101010001011100111100111110010100111011010111110101101111100111011111111000 • Perfermance – Comparison with different parameters (c) (b) (d) (a) (e) (g) (f) Figure F: (a) Initialized image generated by a PPS flow (11.4MB). (b) b=0.1 σ =4. (c) b=0.2 σ =4. (d) b=0.5 σ =4. (e) b=0.2 σ =1 (f) b= 0.2 σ =2 (g) b=0.2 σ =4 16/12/11 Realtime Image Pr Processing ng & Te Telecommuni unication n Lab. 12 12

  13. Evaluation (3/5) 010100111111001001101101010101010010110111001111100101001110110101111101011011111001110111111110001000100111001000011110001110001110111011101111011010011101001010101001111101010001011100111100111110010100111011010111110101101111100111011111111000 • Performance – Comparison with different flow size (a) (b) (c) (d) Figure G: Performance between different flow size (a) Initialized images generated by an elephent FTP-data flow(53,401KB). (b) Initialized images generated by a mice FTP-data flow (4.43KB). (c) Image (a) after enhancement with parameter b=0.3 σ =2. (d) Image (b) after enhancement with parameter b=0.3 σ =2 16/12/11 Realtime Image Pr Processing ng & Te Telecommuni unication n Lab. 13 13

  14. Evaluation (4/5) 010100111111001001101101010101010010110111001111100101001110110101111101011011111001110111111110001000100111001000011110001110001110111011101111011010011101001010101001111101010001011100111100111110010100111011010111110101101111100111011111111000 • Perfermance – Performance on encryption detection – 386 ftp-data flows based on SFTP protocol using SSH2 are tested 350 300 250 200 150 (a) 100 50 0 (c) (b) Figure H: Performance of encryption traffic classification (a) An image generated from an SSH flow(13.4MB) with parameter b=0.3 σ =2. (b) An image generated from an FTP-data flow(13.0MB) with parameter b=0.3 σ =2. (c) Recognition result by PCA 16/12/11 Realtime Image Pr Processing ng & Te Telecommuni unication n Lab. 14 14

Recommend

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification, Measurement, and Analysis and Analysis ISC/CAIDA Data Collaboration Workshop October 22, 2012 David Plonka & Paul Barford

1.33k views • 26 slides
Traffic Classification in the Fog Scott E. Coull February 23, 2006 Overview What is traffic

Traffic Classification in the Fog Scott E. Coull February 23, 2006 Overview What is traffic

Traffic Classification in the Fog Scott E. Coull February 23, 2006 Overview What is traffic classification? Communities of Interest for classification BLINC Profiling Internet Backbone Traffic What is missing here? Traffic

965 views • 81 slides
Need for Classification Classification required To isolate traffic of interest

Need for Classification Classification required To isolate traffic of interest

Need for Classification Classification required To isolate traffic of interest Classification of Internet Traffic To treat special types of traffic in a different manner Some types of classification already seen in Alok

371 views • 9 slides
Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin Netpy visualization with Wisconsin Netpy Cristian Estan, Garret Magin University of Wisconsin-Madison USENIX LISA, 19 December 2005 Traffic

345 views • 18 slides
Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com Website: http://www.gl.com 1 1 Traffic

228 views • 11 slides
Volume Visualization Overview: Volume Visualization (1) Introduction to volume visualization On

Volume Visualization Overview: Volume Visualization (1) Introduction to volume visualization On

Volume Visualization Overview: Volume Visualization (1) Introduction to volume visualization On volume data Voxels vs. cells Interpolation Gradient Classification Transfer Functions (TF) Slice vs surface vs. volume rendering Overview:

1.35k views • 99 slides
Traffic Classification Rotsos Charalampos , Jurgen Van Gael, Andrew W. Moore, Zoubin Ghahramani

Traffic Classification Rotsos Charalampos , Jurgen Van Gael, Andrew W. Moore, Zoubin Ghahramani

Probabilistic Graphical Models for Semi-Supervised Traffic Classification Rotsos Charalampos , Jurgen Van Gael, Andrew W. Moore, Zoubin Ghahramani Computer Laboratory and Engineering Department, University of Cambridge Traffic classification

257 views • 21 slides
Visualization for Classification ROC, AUC, Confusion Matrix Mahdi Roozbahani Lecturer,

Visualization for Classification ROC, AUC, Confusion Matrix Mahdi Roozbahani Lecturer,

Class Website CX4242: Visualization for Classification ROC, AUC, Confusion Matrix Mahdi Roozbahani Lecturer, Computational Science and Engineering, Georgia Tech Visualizing Classification Performance Confusion matrix

147 views • 13 slides
Towards Reliable Traffic Classification Using Visual Motifs Wilson Lian 1 John McHugh 1 , 2 Fabian

Towards Reliable Traffic Classification Using Visual Motifs Wilson Lian 1 John McHugh 1 , 2 Fabian

Background Visual Motifs Traffic Classification Evaluation Towards Reliable Traffic Classification Using Visual Motifs Wilson Lian 1 John McHugh 1 , 2 Fabian Monrose 1 1 University of North Carolina at Chapel Hill 2 RedJack, LLC FloCon 2010

652 views • 47 slides
How is SUNET really used? Results of traffic classification on backbone data Wolfgang John and

How is SUNET really used? Results of traffic classification on backbone data Wolfgang John and

MonNet a project for network and traffic monitoring How is SUNET really used? Results of traffic classification on backbone data Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University of Technology

760 views • 21 slides
1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop

1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop

AGENDA AGENDA 1. The role and significance of public transport and tram transport in urban areas 2. Goal and stages of the study 1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop stations at tram stops

169 views • 4 slides
Combining Machine and Automata Learning for Network Traffic Classification Zeynab Sabahi, Fatemeh

Combining Machine and Automata Learning for Network Traffic Classification Zeynab Sabahi, Fatemeh

Combining Machine and Automata Learning for Network Traffic Classification Zeynab Sabahi, Fatemeh Ghassemi, and Zahra Alimadadi TTCS 2020,Tehran, Iran 1 Network Traffic Classification, What & Why?

655 views • 44 slides
Glyph-based Visualization Applications David H. S. Chung Swansea University Outline Glyph

Glyph-based Visualization Applications David H. S. Chung Swansea University Outline Glyph

Glyph-based Visualization Applications David H. S. Chung Swansea University Outline Glyph Design Application Flow Event Multi-field Visualization Visualization Visualization Uncertainty Geo-spatial Tensor Medical Visualization

559 views • 30 slides
Classification & Filtering Traffic Management October 2016 Chelsio T5/T6 Packet

Classification & Filtering Traffic Management October 2016 Chelsio T5/T6 Packet

Classification & Filtering Traffic Management October 2016 Chelsio T5/T6 Packet Classification and Filtering Features 1. Supported Match Fields with Optional Masks Up to 500K exact-match and 2K wildcard rules, 20M/sec lookup rate, 200K

92 views • 6 slides
Visual Traffic Jam Analysis based on Trajectory Data Zuchao Wang 1 , Min Lu 1 , Xiaoru Yuan 1, 2 ,

Visual Traffic Jam Analysis based on Trajectory Data Zuchao Wang 1 , Min Lu 1 , Xiaoru Yuan 1, 2 ,

Visualization Workshop13 Visual Traffic Jam Analysis based on Trajectory Data Zuchao Wang 1 , Min Lu 1 , Xiaoru Yuan 1, 2 , Junping Zhang 3 , Huub van de Wetering 4 1) Key Laboratory

559 views • 33 slides
Towards Explicable and Adaptive DDoS Traffic Classification Yebo Feng, Jun Li University of

Towards Explicable and Adaptive DDoS Traffic Classification Yebo Feng, Jun Li University of

The 21st Passive and Active Measurement Conference (PAM 2020) Towards Explicable and Adaptive DDoS Traffic Classification Yebo Feng, Jun Li University of Oregon {yebof, lijun}@cs.uoregon.edu Towards Explicable and Adaptive DDoS Traffic

339 views • 10 slides
Detection and Classification of Anomalies in Network Traffic Using Generalized Entropies and

Detection and Classification of Anomalies in Network Traffic Using Generalized Entropies and

Introduction Statement problem Mathematical background Algorithm Experiments Conclusions Detection and Classification of Anomalies in Network Traffic Using Generalized Entropies and OC-SVM with Mahalanobis Kernel Jayro Santiago-Paz, Deni

583 views • 23 slides
Joel Glanfield Purpose Interactive visualization. Part of the FloVis framework

Joel Glanfield Purpose Interactive visualization. Part of the FloVis framework

Joel Glanfield Purpose Interactive visualization. Part of the FloVis framework along with the Activity Viewer and FlowBundle. Visualizes Netflow traffic using an entity-based approach. Focuses on volumes (bytes,

258 views • 12 slides
Poster: Feasibility of Malware Traffic Analysis through TLS-Encrypted Flow Visualization IEEE

Poster: Feasibility of Malware Traffic Analysis through TLS-Encrypted Flow Visualization IEEE

Poster: Feasibility of Malware Traffic Analysis through TLS-Encrypted Flow Visualization IEEE International Conference on Network Protocols 2020 October 13-16, 2020 Dongeon Kim, Jihun Han , Jinwoo Lee, Heejun Roh Korea University Sejong Campus,

896 views • 11 slides
Traffic analysis and modelling 1 Service classification Services may be classified according

Traffic analysis and modelling 1 Service classification Services may be classified according

Traffic analysis and modelling 1 Service classification Services may be classified according to many criteria. For example, loosely classify according to nature of transmitted information: voice services computer communications, and

407 views • 21 slides
Flow Visualization Using MS-Excel Visualization for the Common Man Presented by Lee Rock and Jay

Flow Visualization Using MS-Excel Visualization for the Common Man Presented by Lee Rock and Jay

Flow Visualization Using MS-Excel Visualization for the Common Man Presented by Lee Rock and Jay Brown US-CERT Analysts Einstein Program Background US-CERT Mission Einstein Program > Large volumes of traffic > Architecture

529 views • 36 slides
BLINC: Multilevel Traffic Classification in the Dark Thomas Karagiannis, UC Riverside

BLINC: Multilevel Traffic Classification in the Dark Thomas Karagiannis, UC Riverside

BLINC: Multilevel Traffic Classification in the Dark Thomas Karagiannis, UC Riverside Konstantina Papagiannaki, Intel Research Cambridge Michalis Faloutsos, UC Riverside The problem of workload characterization The goal: Classify Internet

649 views • 29 slides
Visualization for Classification ROC, AUC, Confusion Matrix Duen Horng (Polo) Chau

Visualization for Classification ROC, AUC, Confusion Matrix Duen Horng (Polo) Chau

http://poloclub.gatech.edu/cse6242 CSE6242 / CX4242: Data & Visual Analytics Visualization for Classification ROC, AUC, Confusion Matrix Duen Horng (Polo) Chau Assistant Professor Associate Director, MS Analytics

680 views • 13 slides
Lectures 1&2: Computer-based visualization systems provide visual representations of datasets

Lectures 1&2: Computer-based visualization systems provide visual representations of datasets

Visualization (vis) defined & motivated Why use an external representation? Why represent all the data? Lectures 1&2: Computer-based visualization systems provide visual representations of datasets Computer-based visualization systems

356 views • 4 slides

More recommend