Evaluating features for network application classification

Carlos Alcantara; Venkat Dasari; Cody Bumgardner; Michael P. McGarry

doi:10.1117/12.2558687

Evaluating features for network application classification

Carlos Alcantara, Venkat Dasari, Cody Bumgardner, Michael P. McGarry

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

In this paper, we evaluate the performance of several flow features to classify the network application that produced the flow. Correlating network traffic to network applications can assist with the critical network management tasks of performance assessment and network utilization accounting. Specifically, in this work we evaluate three engineered flow features and three inherent flow features (number of bytes, number of packets, and duration). For engineered features, we evaluate three host communication behavior features proposed by the authors of BLINC. Our experiments uncover the classification power of all combinations of the three engineered features in conjunction with the three inherent features. We utilize supervised machine learning algorithms such as k-nearest neighbors and decision trees. We utilize confidence intervals to uncover statistically significant classification differences among the combinations of flow features.

Original language	English
Title of host publication	Disruptive Technologies in Information Sciences IV
Editors	Misty Blowers, Russell D. Hall, Venkateswara R. Dasari
ISBN (Electronic)	9781510636156
DOIs	https://doi.org/10.1117/12.2558687
State	Published - 2020
Event	Disruptive Technologies in Information Sciences IV 2020 - None, United States Duration: Apr 27 2020 → May 1 2020

Publication series

Name	Proceedings of SPIE - The International Society for Optical Engineering
Volume	11419
ISSN (Print)	0277-786X
ISSN (Electronic)	1996-756X

Conference

Conference	Disruptive Technologies in Information Sciences IV 2020
Country/Territory	United States
City	None
Period	4/27/20 → 5/1/20

Bibliographical note

Publisher Copyright:
© 2020 SPIE.

Funding

This material is based upon work supported by both the U.S. Army Research Laboratory (USARL) under Cooperative Agreement W911NF-18-2-0287. This material is based upon work supported by Cooperative Agreement W911NF-18-2-0287.

Funders	Funder number
USARL	W911NF-18-2-0287
DEVCOM Army Research Laboratory

Keywords

Classification
Machine Learning
Network application
Network flow features

ASJC Scopus subject areas

Electronic, Optical and Magnetic Materials
Condensed Matter Physics
Computer Science Applications
Applied Mathematics
Electrical and Electronic Engineering

Access to Document

10.1117/12.2558687

Cite this

@inproceedings{e8457bafb2af4a38a17fd184f94e719a,

title = "Evaluating features for network application classification",

abstract = "In this paper, we evaluate the performance of several flow features to classify the network application that produced the flow. Correlating network traffic to network applications can assist with the critical network management tasks of performance assessment and network utilization accounting. Specifically, in this work we evaluate three engineered flow features and three inherent flow features (number of bytes, number of packets, and duration). For engineered features, we evaluate three host communication behavior features proposed by the authors of BLINC. Our experiments uncover the classification power of all combinations of the three engineered features in conjunction with the three inherent features. We utilize supervised machine learning algorithms such as k-nearest neighbors and decision trees. We utilize confidence intervals to uncover statistically significant classification differences among the combinations of flow features.",

keywords = "Classification, Machine Learning, Network application, Network flow features",

author = "Carlos Alcantara and Venkat Dasari and Cody Bumgardner and McGarry, \{Michael P.\}",

note = "Publisher Copyright: {\textcopyright} 2020 SPIE.; Disruptive Technologies in Information Sciences IV 2020 ; Conference date: 27-04-2020 Through 01-05-2020",

year = "2020",

doi = "10.1117/12.2558687",

language = "English",

series = "Proceedings of SPIE - The International Society for Optical Engineering",

editor = "Misty Blowers and Hall, \{Russell D.\} and Dasari, \{Venkateswara R.\}",

booktitle = "Disruptive Technologies in Information Sciences IV",

}

Alcantara, C, Dasari, V, Bumgardner, C & McGarry, MP 2020, Evaluating features for network application classification. in M Blowers, RD Hall & VR Dasari (eds), Disruptive Technologies in Information Sciences IV., 114190Q, Proceedings of SPIE - The International Society for Optical Engineering, vol. 11419, Disruptive Technologies in Information Sciences IV 2020, None, United States, 4/27/20. https://doi.org/10.1117/12.2558687

Evaluating features for network application classification. / Alcantara, Carlos; Dasari, Venkat; Bumgardner, Cody et al.
Disruptive Technologies in Information Sciences IV. ed. / Misty Blowers; Russell D. Hall; Venkateswara R. Dasari. 2020. 114190Q (Proceedings of SPIE - The International Society for Optical Engineering; Vol. 11419).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Evaluating features for network application classification

AU - Alcantara, Carlos

AU - Dasari, Venkat

AU - Bumgardner, Cody

AU - McGarry, Michael P.

PY - 2020

Y1 - 2020

N2 - In this paper, we evaluate the performance of several flow features to classify the network application that produced the flow. Correlating network traffic to network applications can assist with the critical network management tasks of performance assessment and network utilization accounting. Specifically, in this work we evaluate three engineered flow features and three inherent flow features (number of bytes, number of packets, and duration). For engineered features, we evaluate three host communication behavior features proposed by the authors of BLINC. Our experiments uncover the classification power of all combinations of the three engineered features in conjunction with the three inherent features. We utilize supervised machine learning algorithms such as k-nearest neighbors and decision trees. We utilize confidence intervals to uncover statistically significant classification differences among the combinations of flow features.

AB - In this paper, we evaluate the performance of several flow features to classify the network application that produced the flow. Correlating network traffic to network applications can assist with the critical network management tasks of performance assessment and network utilization accounting. Specifically, in this work we evaluate three engineered flow features and three inherent flow features (number of bytes, number of packets, and duration). For engineered features, we evaluate three host communication behavior features proposed by the authors of BLINC. Our experiments uncover the classification power of all combinations of the three engineered features in conjunction with the three inherent features. We utilize supervised machine learning algorithms such as k-nearest neighbors and decision trees. We utilize confidence intervals to uncover statistically significant classification differences among the combinations of flow features.

KW - Classification

KW - Machine Learning

KW - Network application

KW - Network flow features

UR - https://www.scopus.com/pages/publications/85086145620

UR - https://www.scopus.com/inward/citedby.url?scp=85086145620&partnerID=8YFLogxK

U2 - 10.1117/12.2558687

DO - 10.1117/12.2558687

M3 - Conference contribution

AN - SCOPUS:85086145620

T3 - Proceedings of SPIE - The International Society for Optical Engineering

BT - Disruptive Technologies in Information Sciences IV

A2 - Blowers, Misty

A2 - Hall, Russell D.

A2 - Dasari, Venkateswara R.

T2 - Disruptive Technologies in Information Sciences IV 2020

Y2 - 27 April 2020 through 1 May 2020

ER -

Evaluating features for network application classification

Abstract

Publication series

Conference

Bibliographical note

Funding

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this