Browse > Article
http://dx.doi.org/10.3837/tiis.2021.10.016

Flow based Sequential Grouping System for Malicious Traffic Detection  

Park, Jee-Tae (Dept. Of Computer and Information Science Korea University)
Baek, Ui-Jun (Dept. Of Computer and Information Science Korea University)
Lee, Min-Seong (Dept. Of Computer and Information Science Korea University)
Goo, Young-Hoon (Advanced KREONET Center, Korea Institute of Science and Technology Information)
Lee, Sung-Ho (AhnLab)
Kim, Myung-Sup (Dept. Of Computer and Information Science Korea University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.15, no.10, 2021 , pp. 3771-3792 More about this Journal
Abstract
With the rapid development of science and technology, several high-performance networks have emerged with various new applications. Consequently, financially or socially motivated attacks on specific networks have also steadily become more complicated and sophisticated. To reduce the damage caused by such attacks, administration of network traffic flow in real-time and precise analysis of past attack traffic have become imperative. Although various traffic analysis methods have been studied recently, they continue to suffer from performance limitations and are generally too complicated to apply in existing systems. To address this problem, we propose a method to calculate the correlation between the malicious and normal flows and classify attack traffics based on the corresponding correlation values. In order to evaluate the performance of the proposed method, we conducted several experiments using examples of real malicious traffic and normal traffic. The evaluation was performed with respect to three metrics: recall, precision, and f-measure. The experimental results verified high performance of the proposed method with respect to first two metrics.
Keywords
Traffic Classification; Flow Correlation Index; Malicious Traffic Detection; Flow Information;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Z. B. Celik, R. J. Walls, P. McDaniel and A. Swami, "Malware Traffic Detection using Tamper Resistant Features," in Proc. of Military Communications Conference, MILCOM 2015 -2015 IEEE, Tampa, FL, pp. 330-335, 2015.
2 W. Wang, M. Zhu, X. Zeng, X. Ye, and Y. Sheng, "Malware Traffic Classification using Convolutional Neural Network for Representation Learning," in Proc. of 2017 International Conference on Information Networking (ICOIN), IEEE, Jan, pp. 712-717, 2017.
3 R. K. Sharma, H. K. Kalita, and P. Borah, "Analysis of Machine Learning Techniques based Intrusion Detection Systems," in Proc. of 3rd International Conference on Advanced. Computing, Network Informatics, pp. 485-493, 2015.
4 M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in Proc. of 2009 IEEE symposium on computational intelligence for security and defense applications, IEEE, 2009.
5 I. Letteri, G. D. Penna, L. D. Vita, and M. T. Grifa, "MTA-KDD'19: A Dataset for Malware Traffic Detection," ITASEC, 2020.
6 Malware traffic analysis.net. https://www.malware-traffic-analysis.net.
7 D, Tirtharaj, "A Study on Intrusion Detection using Neural Networks Trained with Evolutionary Algorithms," Soft Computing, 21(10), pp. 2687-2700, 2017.   DOI
8 C. Yin, Y. Zhu, J. Fei, and X. He, "A Deep Learning Approach for Intrusion Detection using Recurrent Neural Networks," IEEE Access, 5, pp. 21954-21961, 2017.   DOI
9 B. Yu, D. L. Gray, J. Pan, M. D. Cock and A. C. A. Nascimento, "Inline DGA Detection with Deep Networks," in Proc. of 2017 IEEE International Conference on Data Mining Workshops (ICDMW), New Orleans, LA, pp. 683-692, 2017.
10 L. Dhanabal, and S. P. Shantharajah, "A study on NSL-KDD dataset for intrusion detection system based on classification algorithms," International Journal of Advanced Research in Computer and Communication Engineering, Vol. 4, no. 6, pp. 446-452, 2015.
11 M. S. Kim, Y. J. Won, and J. W. K. Hong, "Application-Level Traffic Monitoring and an Analysis on IP Networks," ETRI Journal, Vol. 27, pp. 22-42, 2015.   DOI
12 K. S. Shim, S.H. Yoon, S.K. Lee, S.M. Kim, W.S. Jung, M.S. Kim, "Automatic Generation of Snort Content Rule for Network Traffic Analysis,," KICS, Vol.40, No.04, pp.666-677, April, 2015.   DOI
13 J. S. Park, S. H. Yoon and M. S. Kim, "Performance Improvement of the Payload Signature based Traffic Classification System using Application Traffic Temporal Locality," The Journal of Korean Institute of Communications and Information Sciences, vol. 38B, pp. 519-525, 2013.   DOI
14 A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras, and B. Stiller, "An Overview of IP Flow-Based Intrusion Detection," IEEE Commun. Surveys Tutorials, Vol. 12, no. 3, pp. 343-356, quarter 2010.   DOI
15 R. Perdisci, W. Lee, and N. Feamster, "Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces," NSDI, Vol. 10, 2010.
16 H. M. An, S. K. Lee, J. H. Ham, and M. S. Kim, "Traffic Identification based on Applications using Statistical Signature free from Abnormal TCP Behavior," JOURNAL OF INFORMATION SCIENCE AND ENGINEERING, Vol.31, no.5, pp.1669-1692, Sep. 2015.
17 Y. J. Won, S. C. Hong, B. C. Park, and J. W. K. Hong, "Automated Application Signature Generation for Traffic Identification," POSTECH, Korea, Aug. 16, 2008.
18 S. H. Yoon, J. S. Park, and M. S. Kim, "Behavior Signature for Fine-grained Traffic Identification," Applied Mathematics & Information Sciences, Vol. 9, No. 2L, pp. 523-534, Apr. 2015.
19 A. Dainotti, A. Pescape and K. Claffy, "Issues and Future Directions in Traffic Classification," Network IEEE, Vol. 26, no. 1, pp. 35-40, 2012.
20 A. Callado, C. Kamienski, G. Szabo, B. Gero, J. Kelner, S. Fernandes, et al., "A Survey on Internet Traffic Identification," IEEE Communications Surveys and Tutorials, Vol. 11, pp. 37-52, 2009.   DOI
21 B. C. Park, Y. J. Won, M.-S. Kim, and J. W. Hong, "Towards Automated Application Signature Generation for Traffic Identification," in Proc. of Network Operations and Management Symposium, NOMS 2008, IEEE, pp. 160-167, 2008.
22 K. C. Lan and J. Heidemann, "A Measurement Study of Correlations of Internet Flow Characteristics," Computer Networks, Vol. 50, pp. 46-62, 2006.   DOI
23 Y. Dhote, S. Agrawal, "A Survey on Feature Selection Techniques for Internet Traffic Classification," in Proc. of 2015 International Conference on Computational Intelligence and Communication Networks, Jabalpur, pp. 1375-1380, 2015.
24 M. Wang, Y. Cui, X. Wang, S. Xiao, and J. Jiang, "Machine Learning for Networking: WorkFlow, Advances and Opportunities," IEEE Network, Vol. 32, no. 2, pp. 92-99, Mar./Apr. 2018.   DOI
25 S. Pouyanfar et al., "A Survey on Deep Learning: Algorithms, Techniques, and Applications," ACM Comput. Surveys, Vol. 51, no. 5, pp. 1-36, 2018.
26 X. Feng, X. Huang, X. Tian, and Y. Ma, "Automatic Traffic Signature Extraction based on Smith-Waterman Algorithm for Traffic Classification," in Proc. of Broadband Network and Multimedia Technology (IC-BNMT), 2010 3rd IEEE International Conference on, pp. 154-158, 2010.
27 M. Finsterbusch, C. Richter, E. Rocha, J. A. Muller and K. Hanssgen, "A Survey of PayloadBased Traffic Classification Approaches," Communications Surveys & Tutorials IEEE, Vol. 16, no. 2, pp. 1135-1156, 2014.   DOI
28 C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, and M. Rajarajan, "A Survey of Intrusion Detection Techniques in Cloud," J. Netw. Comput. Appl., vol. 36, no. 1, pp. 42-57, 2013.   DOI
29 F. Risso, M. Baldi, O. Morandi, A. Baldini, and P. Monclus, "Lightweight, Payload-Based Traffic Classification an Experimental Evaluation," in Proc. of IEEE International Conference on Communications, Beijing, China, pp. 5869-5875, May. 19-23, 2008.
30 T. T. T. Nguyen and G. Armitage, "A Survey of Techniques for Internet Traffic Classification using Machine Learning," IEEE Communications Surveys and Tutorials, Vol. 10, pp. 56-76, 2008.   DOI
31 A. L. Buczak and E. Guven, "A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection," IEEE Communications Surveys Tutorials, Vol. 18, no. 2, pp. 1153-1176, Secondquater 2016.   DOI
32 G. Loukas, T. Vuong, R. Heartfield, G. Sakellari, Y. Yoon, and D. Gan, "Cloud-based cyber-physical intrusion detection for vehicles using Deep Learning," IEEE Access, 6, pp. 3491-3508, 2018.   DOI
33 M. J. De Lucia, and C. Cotton, "Detection of Encrypted Malicious Network Traffic using Machine Learning," in Proc. of MILCOM 2019-2019 IEEE Military Communications Conference (MILCOM), IEEE, pp. 1-6, 2019.