Grano-GT: A granular ground truth collection tool for encrypted browser-based Internet traffic
Modern network traffic classification puts much attention toward producing a granular classification of the traffic, such as at the application service level. However, the classification process is often impaired by the lack of granular network traffic ground truth. Granular network traffic ground t...
Saved in:
Main Authors: | , , , , |
---|---|
Format: | Article |
Published: |
Elsevier
2021
|
Subjects: | |
Online Access: | http://eprints.um.edu.my/25884/ https://doi.org/10.1016/j.comnet.2020.107617 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
id |
my.um.eprints.25884 |
---|---|
record_format |
eprints |
spelling |
my.um.eprints.258842021-04-28T00:23:36Z http://eprints.um.edu.my/25884/ Grano-GT: A granular ground truth collection tool for encrypted browser-based Internet traffic Zaki, Faiz Gani, Abdullah Tahaei, Hamid Furnell, Steven Anuar, Nor Badrul QA75 Electronic computers. Computer science Modern network traffic classification puts much attention toward producing a granular classification of the traffic, such as at the application service level. However, the classification process is often impaired by the lack of granular network traffic ground truth. Granular network traffic ground truth is critical to provide a benchmark for a fair evaluation of modern network traffic classification. Nevertheless, in modern network traffic classification, existing ground truth tools only managed to build the ground truth at the application name level at most. Application name level granularity is quickly becoming insufficient to address the current needs of network traffic classification and therefore; this paper presents the design, development and experimental evaluation of Grano-GT, a tool to build a reliable and highly granular network traffic ground truth for encrypted browser-based traffic at the application name and service levels. Grano-GT builds on four main engines which are packet capture, browser, application and service isolator engines. These engines work together to intercept the application requests and combine them with the support of temporal features and cascading filters to produce reliable and highly granular ground truth. Preliminary experimental results show that Grano-GT can classify the Internet traffic into respective application names with high reliability. Grano-GT achieved an average accuracy of more than 95% when validated using nDPI at the application name level. The remaining 5% loss of accuracy was primarily due to the unavailability of signatures in nDPI. In addition, Grano-GT managed to classify application service traffic with significant reliability and validated using the Kolmogorov-Smirnov test. © 2020 Elsevier 2021 Article PeerReviewed Zaki, Faiz and Gani, Abdullah and Tahaei, Hamid and Furnell, Steven and Anuar, Nor Badrul (2021) Grano-GT: A granular ground truth collection tool for encrypted browser-based Internet traffic. Computer Networks, 184. p. 107617. ISSN 1389-1286 https://doi.org/10.1016/j.comnet.2020.107617 doi:10.1016/j.comnet.2020.107617 |
institution |
Universiti Malaya |
building |
UM Library |
collection |
Institutional Repository |
continent |
Asia |
country |
Malaysia |
content_provider |
Universiti Malaya |
content_source |
UM Research Repository |
url_provider |
http://eprints.um.edu.my/ |
topic |
QA75 Electronic computers. Computer science |
spellingShingle |
QA75 Electronic computers. Computer science Zaki, Faiz Gani, Abdullah Tahaei, Hamid Furnell, Steven Anuar, Nor Badrul Grano-GT: A granular ground truth collection tool for encrypted browser-based Internet traffic |
description |
Modern network traffic classification puts much attention toward producing a granular classification of the traffic, such as at the application service level. However, the classification process is often impaired by the lack of granular network traffic ground truth. Granular network traffic ground truth is critical to provide a benchmark for a fair evaluation of modern network traffic classification. Nevertheless, in modern network traffic classification, existing ground truth tools only managed to build the ground truth at the application name level at most. Application name level granularity is quickly becoming insufficient to address the current needs of network traffic classification and therefore; this paper presents the design, development and experimental evaluation of Grano-GT, a tool to build a reliable and highly granular network traffic ground truth for encrypted browser-based traffic at the application name and service levels. Grano-GT builds on four main engines which are packet capture, browser, application and service isolator engines. These engines work together to intercept the application requests and combine them with the support of temporal features and cascading filters to produce reliable and highly granular ground truth. Preliminary experimental results show that Grano-GT can classify the Internet traffic into respective application names with high reliability. Grano-GT achieved an average accuracy of more than 95% when validated using nDPI at the application name level. The remaining 5% loss of accuracy was primarily due to the unavailability of signatures in nDPI. In addition, Grano-GT managed to classify application service traffic with significant reliability and validated using the Kolmogorov-Smirnov test. © 2020 |
format |
Article |
author |
Zaki, Faiz Gani, Abdullah Tahaei, Hamid Furnell, Steven Anuar, Nor Badrul |
author_facet |
Zaki, Faiz Gani, Abdullah Tahaei, Hamid Furnell, Steven Anuar, Nor Badrul |
author_sort |
Zaki, Faiz |
title |
Grano-GT: A granular ground truth collection tool for encrypted browser-based Internet traffic |
title_short |
Grano-GT: A granular ground truth collection tool for encrypted browser-based Internet traffic |
title_full |
Grano-GT: A granular ground truth collection tool for encrypted browser-based Internet traffic |
title_fullStr |
Grano-GT: A granular ground truth collection tool for encrypted browser-based Internet traffic |
title_full_unstemmed |
Grano-GT: A granular ground truth collection tool for encrypted browser-based Internet traffic |
title_sort |
grano-gt: a granular ground truth collection tool for encrypted browser-based internet traffic |
publisher |
Elsevier |
publishDate |
2021 |
url |
http://eprints.um.edu.my/25884/ https://doi.org/10.1016/j.comnet.2020.107617 |
_version_ |
1698697313979990016 |
score |
13.209306 |