Zero-day traffic identification

Jun Zhang; Xiao Chen; Yang Xiang; Wanlei Zhou

doi:10.1007/978-3-319-03584-0_16

Zero-day traffic identification

Jun Zhang, Xiao Chen, Yang Xiang, Wanlei Zhou

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

9 Citations (Scopus)

Abstract

Recent research on Internet traffic classification has achieved certain success in the application of machine learning techniques into flow statistics based method. However, existing methods fail to deal with zero-day traffic which are generated by previously unknown applications in a traffic classification system. To tackle this critical problem, we propose a novel traffic classification scheme which has the capability of identifying zero-day traffic as well as accurately classifying the traffic generated by pre-defined application classes. In addition, the proposed scheme provides a new mechanism to achieve fine-grained classification of zero-day traffic through manually labeling very few traffic flows. The preliminary empirical study on a big traffic data show that the proposed scheme can address the problem of zero-day traffic effectively. When zero-day traffic present, the classification performance of the proposed scheme is significantly better than three state-of-the-art methods, random forest classifier, classification with flow correlation, and semi-supervised traffic classification.

Original language	English
Title of host publication	Cyberspace Safety and Security
Subtitle of host publication	5th International Symposium, CSS 2013 Zhangjiajie, China, November 13-15, 2013 Proceedings
Editors	Guojun Wang, Indrakshi Ray, Dengguo Feng, Muttukrishnan Rajarajan
Place of Publication	Cham Switzerland
Publisher	Springer
Pages	213-227
Number of pages	15
ISBN (Electronic)	9783319035840
ISBN (Print)	9783319035833
DOIs	https://doi.org/10.1007/978-3-319-03584-0_16
Publication status	Published - 2013
Externally published	Yes
Event	International Symposium on Cyberspace Safety and Security 2013 - Zhangjiajie, China Duration: 13 Nov 2013 → 15 Nov 2013 Conference number: 5th https://link.springer.com/book/10.1007/978-3-319-03584-0

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	8300
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	International Symposium on Cyberspace Safety and Security 2013
Abbreviated title	CSS 2013
Country/Territory	China
City	Zhangjiajie
Period	13/11/13 → 15/11/13
Internet address	https://link.springer.com/book/10.1007/978-3-319-03584-0

Access to Document

10.1007/978-3-319-03584-0_16

Cite this

Zhang, J., Chen, X., Xiang, Y., & Zhou, W. (2013). Zero-day traffic identification. In G. Wang, I. Ray, D. Feng, & M. Rajarajan (Eds.), Cyberspace Safety and Security: 5th International Symposium, CSS 2013 Zhangjiajie, China, November 13-15, 2013 Proceedings (pp. 213-227). (Lecture Notes in Computer Science; Vol. 8300). Springer. https://doi.org/10.1007/978-3-319-03584-0_16

@inproceedings{f9bf2fcbb17b497eb3f0ed4d4fc43e97,

title = "Zero-day traffic identification",

abstract = "Recent research on Internet traffic classification has achieved certain success in the application of machine learning techniques into flow statistics based method. However, existing methods fail to deal with zero-day traffic which are generated by previously unknown applications in a traffic classification system. To tackle this critical problem, we propose a novel traffic classification scheme which has the capability of identifying zero-day traffic as well as accurately classifying the traffic generated by pre-defined application classes. In addition, the proposed scheme provides a new mechanism to achieve fine-grained classification of zero-day traffic through manually labeling very few traffic flows. The preliminary empirical study on a big traffic data show that the proposed scheme can address the problem of zero-day traffic effectively. When zero-day traffic present, the classification performance of the proposed scheme is significantly better than three state-of-the-art methods, random forest classifier, classification with flow correlation, and semi-supervised traffic classification.",

author = "Jun Zhang and Xiao Chen and Yang Xiang and Wanlei Zhou",

year = "2013",

doi = "10.1007/978-3-319-03584-0_16",

language = "English",

isbn = "9783319035833",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "213--227",

editor = "Guojun Wang and Indrakshi Ray and Dengguo Feng and Muttukrishnan Rajarajan",

booktitle = "Cyberspace Safety and Security",

note = "International Symposium on Cyberspace Safety and Security 2013, CSS 2013 ; Conference date: 13-11-2013 Through 15-11-2013",

url = "https://link.springer.com/book/10.1007/978-3-319-03584-0",

}

Zhang, J, Chen, X, Xiang, Y & Zhou, W 2013, Zero-day traffic identification. in G Wang, I Ray, D Feng & M Rajarajan (eds), Cyberspace Safety and Security: 5th International Symposium, CSS 2013 Zhangjiajie, China, November 13-15, 2013 Proceedings. Lecture Notes in Computer Science, vol. 8300, Springer, Cham Switzerland, pp. 213-227, International Symposium on Cyberspace Safety and Security 2013, Zhangjiajie, China, 13/11/13. https://doi.org/10.1007/978-3-319-03584-0_16

Zero-day traffic identification. / Zhang, Jun; Chen, Xiao; Xiang, Yang et al.
Cyberspace Safety and Security: 5th International Symposium, CSS 2013 Zhangjiajie, China, November 13-15, 2013 Proceedings. ed. / Guojun Wang; Indrakshi Ray; Dengguo Feng; Muttukrishnan Rajarajan. Cham Switzerland: Springer, 2013. p. 213-227 (Lecture Notes in Computer Science; Vol. 8300).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Zero-day traffic identification

AU - Zhang, Jun

AU - Chen, Xiao

AU - Xiang, Yang

AU - Zhou, Wanlei

N1 - Conference code: 5th

PY - 2013

Y1 - 2013

N2 - Recent research on Internet traffic classification has achieved certain success in the application of machine learning techniques into flow statistics based method. However, existing methods fail to deal with zero-day traffic which are generated by previously unknown applications in a traffic classification system. To tackle this critical problem, we propose a novel traffic classification scheme which has the capability of identifying zero-day traffic as well as accurately classifying the traffic generated by pre-defined application classes. In addition, the proposed scheme provides a new mechanism to achieve fine-grained classification of zero-day traffic through manually labeling very few traffic flows. The preliminary empirical study on a big traffic data show that the proposed scheme can address the problem of zero-day traffic effectively. When zero-day traffic present, the classification performance of the proposed scheme is significantly better than three state-of-the-art methods, random forest classifier, classification with flow correlation, and semi-supervised traffic classification.

AB - Recent research on Internet traffic classification has achieved certain success in the application of machine learning techniques into flow statistics based method. However, existing methods fail to deal with zero-day traffic which are generated by previously unknown applications in a traffic classification system. To tackle this critical problem, we propose a novel traffic classification scheme which has the capability of identifying zero-day traffic as well as accurately classifying the traffic generated by pre-defined application classes. In addition, the proposed scheme provides a new mechanism to achieve fine-grained classification of zero-day traffic through manually labeling very few traffic flows. The preliminary empirical study on a big traffic data show that the proposed scheme can address the problem of zero-day traffic effectively. When zero-day traffic present, the classification performance of the proposed scheme is significantly better than three state-of-the-art methods, random forest classifier, classification with flow correlation, and semi-supervised traffic classification.

U2 - 10.1007/978-3-319-03584-0_16

DO - 10.1007/978-3-319-03584-0_16

M3 - Conference Paper

SN - 9783319035833

T3 - Lecture Notes in Computer Science

SP - 213

EP - 227

BT - Cyberspace Safety and Security

A2 - Wang, Guojun

A2 - Ray, Indrakshi

A2 - Feng, Dengguo

A2 - Rajarajan, Muttukrishnan

PB - Springer

CY - Cham Switzerland

T2 - International Symposium on Cyberspace Safety and Security 2013

Y2 - 13 November 2013 through 15 November 2013

ER -