GRAIN: Granular multi-label encrypted traffic classification using classifier chain
Granular traffic classification categorizes traffic into detailed classes like application names and services. Application names represent parent applications, such as Facebook, while application services are the individual actions within the parent application, such as Facebook-comment. These granu...
Saved in:
Main Authors: | , , , , |
---|---|
Format: | Article |
Published: |
Elsevier
2022
|
Subjects: | |
Online Access: | http://eprints.um.edu.my/41930/ |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
id |
my.um.eprints.41930 |
---|---|
record_format |
eprints |
spelling |
my.um.eprints.419302023-10-19T06:48:30Z http://eprints.um.edu.my/41930/ GRAIN: Granular multi-label encrypted traffic classification using classifier chain Mohd Zaki, Muhammad Faiz Afifi, Firdaus Razak, Shukor Abd Gani, Abdullah Juma'at, Nor Badrul Anuar QA75 Electronic computers. Computer science Granular traffic classification categorizes traffic into detailed classes like application names and services. Application names represent parent applications, such as Facebook, while application services are the individual actions within the parent application, such as Facebook-comment. These granular classes are still insufficient to keep pace with modern applications that offer various services. Accordingly, this paper further divides the application service class into inter-application and intra-application services to provide more insights. Inter application service refers to a similar service between different parent applications, such as Facebookcomment and Youtube-comment, whereas intra-application service differentiates services within the same parent application, such as Facebook-comment and Facebook-post. Most studies focus on classification at the application name and inter-application service levels. In contrast, classification at the intra-application service level receives far less attention due to its complexity despite providing the highest flexibility. Therefore, this paper presents GRAIN, a granular multi-label approach to classify encrypted traffic at all three levels of granular classification: application name, inter-application and intra-application service levels using a classifier chain. GRAIN chains two random forest classifiers to produce a multi-label classification using seven novel statistical features based on packet payload length. The utilized features are independent of the packet payload content, thus unaffected by packet encryption and preserving user privacy. Our performance evaluation showed that GRAIN achieved an average F-measure of 99% at the application name level, 93% at the inter-application service level and 88% at the intra-application service level. To test for robustness, we compared GRAIN against four baseline classifiers and the ISCX VPN-nonVPN public dataset in which GRAIN maintained its comparable performance across all tests. Elsevier 2022-08-04 Article PeerReviewed Mohd Zaki, Muhammad Faiz and Afifi, Firdaus and Razak, Shukor Abd and Gani, Abdullah and Juma'at, Nor Badrul Anuar (2022) GRAIN: Granular multi-label encrypted traffic classification using classifier chain. Computer Networks, 213. ISSN 1389-1286, DOI https://doi.org/10.1016/j.comnet.2022.109084 <https://doi.org/10.1016/j.comnet.2022.109084>. 10.1016/j.comnet.2022.109084 |
institution |
Universiti Malaya |
building |
UM Library |
collection |
Institutional Repository |
continent |
Asia |
country |
Malaysia |
content_provider |
Universiti Malaya |
content_source |
UM Research Repository |
url_provider |
http://eprints.um.edu.my/ |
topic |
QA75 Electronic computers. Computer science |
spellingShingle |
QA75 Electronic computers. Computer science Mohd Zaki, Muhammad Faiz Afifi, Firdaus Razak, Shukor Abd Gani, Abdullah Juma'at, Nor Badrul Anuar GRAIN: Granular multi-label encrypted traffic classification using classifier chain |
description |
Granular traffic classification categorizes traffic into detailed classes like application names and services. Application names represent parent applications, such as Facebook, while application services are the individual actions within the parent application, such as Facebook-comment. These granular classes are still insufficient to keep pace with modern applications that offer various services. Accordingly, this paper further divides the application service class into inter-application and intra-application services to provide more insights. Inter application service refers to a similar service between different parent applications, such as Facebookcomment and Youtube-comment, whereas intra-application service differentiates services within the same parent application, such as Facebook-comment and Facebook-post. Most studies focus on classification at the application name and inter-application service levels. In contrast, classification at the intra-application service level receives far less attention due to its complexity despite providing the highest flexibility. Therefore, this paper presents GRAIN, a granular multi-label approach to classify encrypted traffic at all three levels of granular classification: application name, inter-application and intra-application service levels using a classifier chain. GRAIN chains two random forest classifiers to produce a multi-label classification using seven novel statistical features based on packet payload length. The utilized features are independent of the packet payload content, thus unaffected by packet encryption and preserving user privacy. Our performance evaluation showed that GRAIN achieved an average F-measure of 99% at the application name level, 93% at the inter-application service level and 88% at the intra-application service level. To test for robustness, we compared GRAIN against four baseline classifiers and the ISCX VPN-nonVPN public dataset in which GRAIN maintained its comparable performance across all tests. |
format |
Article |
author |
Mohd Zaki, Muhammad Faiz Afifi, Firdaus Razak, Shukor Abd Gani, Abdullah Juma'at, Nor Badrul Anuar |
author_facet |
Mohd Zaki, Muhammad Faiz Afifi, Firdaus Razak, Shukor Abd Gani, Abdullah Juma'at, Nor Badrul Anuar |
author_sort |
Mohd Zaki, Muhammad Faiz |
title |
GRAIN: Granular multi-label encrypted traffic classification using classifier chain |
title_short |
GRAIN: Granular multi-label encrypted traffic classification using classifier chain |
title_full |
GRAIN: Granular multi-label encrypted traffic classification using classifier chain |
title_fullStr |
GRAIN: Granular multi-label encrypted traffic classification using classifier chain |
title_full_unstemmed |
GRAIN: Granular multi-label encrypted traffic classification using classifier chain |
title_sort |
grain: granular multi-label encrypted traffic classification using classifier chain |
publisher |
Elsevier |
publishDate |
2022 |
url |
http://eprints.um.edu.my/41930/ |
_version_ |
1781704572373303296 |
score |
13.160551 |