Cover Image

GRAIN: Granular multi-label encrypted traffic classification using classifier chain

Granular traffic classification categorizes traffic into detailed classes like application names and services. Application names represent parent applications, such as Facebook, while application services are the individual actions within the parent application, such as Facebook-comment. These granu...

Full description

Saved in:
Bibliographic Details
Main Authors: Mohd Zaki, Muhammad Faiz, Afifi, Firdaus, Razak, Shukor Abd, Gani, Abdullah, Juma'at, Nor Badrul Anuar
Format: Article
Published: Elsevier 2022
Subjects:
QA75 Electronic computers. Computer science
Online Access:http://eprints.um.edu.my/41930/
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.um.eprints.41930
record_format eprints
spelling my.um.eprints.419302023-10-19T06:48:30Z http://eprints.um.edu.my/41930/ GRAIN: Granular multi-label encrypted traffic classification using classifier chain Mohd Zaki, Muhammad Faiz Afifi, Firdaus Razak, Shukor Abd Gani, Abdullah Juma'at, Nor Badrul Anuar QA75 Electronic computers. Computer science Granular traffic classification categorizes traffic into detailed classes like application names and services. Application names represent parent applications, such as Facebook, while application services are the individual actions within the parent application, such as Facebook-comment. These granular classes are still insufficient to keep pace with modern applications that offer various services. Accordingly, this paper further divides the application service class into inter-application and intra-application services to provide more insights. Inter application service refers to a similar service between different parent applications, such as Facebookcomment and Youtube-comment, whereas intra-application service differentiates services within the same parent application, such as Facebook-comment and Facebook-post. Most studies focus on classification at the application name and inter-application service levels. In contrast, classification at the intra-application service level receives far less attention due to its complexity despite providing the highest flexibility. Therefore, this paper presents GRAIN, a granular multi-label approach to classify encrypted traffic at all three levels of granular classification: application name, inter-application and intra-application service levels using a classifier chain. GRAIN chains two random forest classifiers to produce a multi-label classification using seven novel statistical features based on packet payload length. The utilized features are independent of the packet payload content, thus unaffected by packet encryption and preserving user privacy. Our performance evaluation showed that GRAIN achieved an average F-measure of 99% at the application name level, 93% at the inter-application service level and 88% at the intra-application service level. To test for robustness, we compared GRAIN against four baseline classifiers and the ISCX VPN-nonVPN public dataset in which GRAIN maintained its comparable performance across all tests. Elsevier 2022-08-04 Article PeerReviewed Mohd Zaki, Muhammad Faiz and Afifi, Firdaus and Razak, Shukor Abd and Gani, Abdullah and Juma'at, Nor Badrul Anuar (2022) GRAIN: Granular multi-label encrypted traffic classification using classifier chain. Computer Networks, 213. ISSN 1389-1286, DOI https://doi.org/10.1016/j.comnet.2022.109084 <https://doi.org/10.1016/j.comnet.2022.109084>. 10.1016/j.comnet.2022.109084
institution Universiti Malaya
building UM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Malaya
content_source UM Research Repository
url_provider http://eprints.um.edu.my/
topic QA75 Electronic computers. Computer science
spellingShingle QA75 Electronic computers. Computer science
Mohd Zaki, Muhammad Faiz
Afifi, Firdaus
Razak, Shukor Abd
Gani, Abdullah
Juma'at, Nor Badrul Anuar
GRAIN: Granular multi-label encrypted traffic classification using classifier chain
description Granular traffic classification categorizes traffic into detailed classes like application names and services. Application names represent parent applications, such as Facebook, while application services are the individual actions within the parent application, such as Facebook-comment. These granular classes are still insufficient to keep pace with modern applications that offer various services. Accordingly, this paper further divides the application service class into inter-application and intra-application services to provide more insights. Inter application service refers to a similar service between different parent applications, such as Facebookcomment and Youtube-comment, whereas intra-application service differentiates services within the same parent application, such as Facebook-comment and Facebook-post. Most studies focus on classification at the application name and inter-application service levels. In contrast, classification at the intra-application service level receives far less attention due to its complexity despite providing the highest flexibility. Therefore, this paper presents GRAIN, a granular multi-label approach to classify encrypted traffic at all three levels of granular classification: application name, inter-application and intra-application service levels using a classifier chain. GRAIN chains two random forest classifiers to produce a multi-label classification using seven novel statistical features based on packet payload length. The utilized features are independent of the packet payload content, thus unaffected by packet encryption and preserving user privacy. Our performance evaluation showed that GRAIN achieved an average F-measure of 99% at the application name level, 93% at the inter-application service level and 88% at the intra-application service level. To test for robustness, we compared GRAIN against four baseline classifiers and the ISCX VPN-nonVPN public dataset in which GRAIN maintained its comparable performance across all tests.
format Article
author Mohd Zaki, Muhammad Faiz
Afifi, Firdaus
Razak, Shukor Abd
Gani, Abdullah
Juma'at, Nor Badrul Anuar
author_facet Mohd Zaki, Muhammad Faiz
Afifi, Firdaus
Razak, Shukor Abd
Gani, Abdullah
Juma'at, Nor Badrul Anuar
author_sort Mohd Zaki, Muhammad Faiz
title GRAIN: Granular multi-label encrypted traffic classification using classifier chain
title_short GRAIN: Granular multi-label encrypted traffic classification using classifier chain
title_full GRAIN: Granular multi-label encrypted traffic classification using classifier chain
title_fullStr GRAIN: Granular multi-label encrypted traffic classification using classifier chain
title_full_unstemmed GRAIN: Granular multi-label encrypted traffic classification using classifier chain
title_sort grain: granular multi-label encrypted traffic classification using classifier chain
publisher Elsevier
publishDate 2022
url http://eprints.um.edu.my/41930/
_version_ 1781704572373303296
score 13.160551

Similar Items