In order to classify the Intemet traffic of different Internet applications more quickly, two open Internet traffic traces, Auckland I1 and UNIBS traffic traces, are employed as study objects. Eight earliest packets w...In order to classify the Intemet traffic of different Internet applications more quickly, two open Internet traffic traces, Auckland I1 and UNIBS traffic traces, are employed as study objects. Eight earliest packets with non-zero flow payload sizes are selected and their payload sizes are used as the early-stage flow features. Such features can be easily and rapidly extracted at the early flow stage, which makes them outstanding. The behavior patterns of different Intemet applications are analyzed by visualizing the early-stage packet size values. Analysis results show that most Internet applications can reflect their own early packet size behavior patterns. Early packet sizes are assumed to carry enough information for effective traffic identification. Three classical machine learning classifiers, classifier, naive Bayesian trees, i. e., the naive Bayesian and the radial basis function neural networks, are used to validate the effectiveness of the proposed assumption. The experimental results show that the early stage packet sizes can be used as features for traffic identification.展开更多
Enhancement in wireless networks had given users the ability to use the Internet without a physical connection to the router.Almost every Internet of Things(IoT)devices such as smartphones,drones,and cameras use wirel...Enhancement in wireless networks had given users the ability to use the Internet without a physical connection to the router.Almost every Internet of Things(IoT)devices such as smartphones,drones,and cameras use wireless technology(Infrared,Bluetooth,IrDA,IEEE 802.11,etc.)to establish multiple interdevice connections simultaneously.With the flexibility of the wireless network,one can set up numerous ad-hoc networks on-demand,connecting hundreds to thousands of users,increasing productivity and profitability significantly.However,the number of network attacks in wireless networks that exploit such flexibilities in setting and tearing down networks has become very alarming.Perpetrators can launch attacks since there is no first line of defense in an ad hoc network setup besides the standard IEEE802.11 WPA2 authentication.One feasible countermeasure is to deploy intrusion detection systems at the edge of these ad hoc networks(Network-based IDS)or at the node level(Host-based IDS).The challenge here is that there is no readily available benchmark data available for IoT network traffic.Creating this benchmark data is very tedious as IoT can work on multiple platforms and networks,and crafting and labelling such dataset is very labor-intensive.This research aims to study the characteristics of existing datasets available such as KDD-Cup and NSL-KDD,and their suitability for wireless IDS implementation.We hypothesize that network features are parametrically different depending on the types of network and assigning weight dynamically to these features can potentially improve the subsequent threat classifications.This paper analyses packet and flow features for the data packet captured on a wireless network rather than a wired network.Combining domain heuristcs and early classification results,the paper had identified 19 header fields exclusive to wireless network that contain high information gain to be used as ML features in Wireless IDS.展开更多
Network traffic anomalies are unusual changes in a network,so diagnosing anomalies is important for network management.Feature-based anomaly detection models (ab)normal network traffic behavior by analyzing packet h...Network traffic anomalies are unusual changes in a network,so diagnosing anomalies is important for network management.Feature-based anomaly detection models (ab)normal network traffic behavior by analyzing packet header features.PCA-subspace method (Principal Component Analysis) has been verified as an efficient feature-based way in network-wide anomaly detection.Despite the powerful ability of PCA-subspace method for network-wide traffic detection,it cannot be effectively used for detection on a single link.In this paper,different from most works focusing on detection on flow-level traffic,based on observations of six traffic features for packet-level traffic,we propose a new approach B6SVM to detect anomalies for packet-level traffic on a single link.The basic idea of B6-SVM is to diagnose anomalies in a multi-dimensional view of traffic features using Support Vector Machine (SVM).Through two-phase classification,B6-SVM can detect anomalies with high detection rate and low false alarm rate.The test results demonstrate the effectiveness and potential of our technique in diagnosing anomalies.Further,compared to previous feature-based anomaly detection approaches,B6-SVM provides a framework to automatically identify possible anomalous types.The framework of B6-SVM is generic and therefore,we expect the derived insights will be helpful for similar future research efforts.展开更多
Air traffic complexity is an objective metric for evaluating the operational condition of the airspace. It has several applications, such as airspace design and traffic flow management.Therefore, identifying a reliabl...Air traffic complexity is an objective metric for evaluating the operational condition of the airspace. It has several applications, such as airspace design and traffic flow management.Therefore, identifying a reliable method to accurately measure traffic complexity is important. Considering that many factors correlate with traffic complexity in complicated nonlinear ways,researchers have proposed several complexity evaluation methods based on machine learning models which were trained with large samples. However, the high cost of sample collection usually results in limited training set. In this paper, an ensemble learning model is proposed for measuring air traffic complexity within a sector based on small samples. To exploit the classification information within each factor, multiple diverse factor subsets(FSSs) are generated under guidance from factor noise and independence analysis. Then, a base complexity evaluator is built corresponding to each FSS. The final complexity evaluation result is obtained by integrating all results from the base evaluators. Experimental studies using real-world air traffic operation data demonstrate the advantages of our model for small-sample-based traffic complexity evaluation over other stateof-the-art methods.展开更多
基金The Program for New Century Excellent Talents in University(No.NCET-11-0565)the Fundamental Research Funds for the Central Universities(No.K13JB00160,2012JBZ010,2011JBM217)+2 种基金the Ph.D.Programs Foundation of Ministry of Education of China(No.20120009120010)the Program for Innovative Research Team in University of Ministry of Education of China(No.IRT201206)the Natural Science Foundation of Shandong Province(No.ZR2012FM010,ZR2011FZ001)
文摘In order to classify the Intemet traffic of different Internet applications more quickly, two open Internet traffic traces, Auckland I1 and UNIBS traffic traces, are employed as study objects. Eight earliest packets with non-zero flow payload sizes are selected and their payload sizes are used as the early-stage flow features. Such features can be easily and rapidly extracted at the early flow stage, which makes them outstanding. The behavior patterns of different Intemet applications are analyzed by visualizing the early-stage packet size values. Analysis results show that most Internet applications can reflect their own early packet size behavior patterns. Early packet sizes are assumed to carry enough information for effective traffic identification. Three classical machine learning classifiers, classifier, naive Bayesian trees, i. e., the naive Bayesian and the radial basis function neural networks, are used to validate the effectiveness of the proposed assumption. The experimental results show that the early stage packet sizes can be used as features for traffic identification.
文摘Enhancement in wireless networks had given users the ability to use the Internet without a physical connection to the router.Almost every Internet of Things(IoT)devices such as smartphones,drones,and cameras use wireless technology(Infrared,Bluetooth,IrDA,IEEE 802.11,etc.)to establish multiple interdevice connections simultaneously.With the flexibility of the wireless network,one can set up numerous ad-hoc networks on-demand,connecting hundreds to thousands of users,increasing productivity and profitability significantly.However,the number of network attacks in wireless networks that exploit such flexibilities in setting and tearing down networks has become very alarming.Perpetrators can launch attacks since there is no first line of defense in an ad hoc network setup besides the standard IEEE802.11 WPA2 authentication.One feasible countermeasure is to deploy intrusion detection systems at the edge of these ad hoc networks(Network-based IDS)or at the node level(Host-based IDS).The challenge here is that there is no readily available benchmark data available for IoT network traffic.Creating this benchmark data is very tedious as IoT can work on multiple platforms and networks,and crafting and labelling such dataset is very labor-intensive.This research aims to study the characteristics of existing datasets available such as KDD-Cup and NSL-KDD,and their suitability for wireless IDS implementation.We hypothesize that network features are parametrically different depending on the types of network and assigning weight dynamically to these features can potentially improve the subsequent threat classifications.This paper analyses packet and flow features for the data packet captured on a wireless network rather than a wired network.Combining domain heuristcs and early classification results,the paper had identified 19 header fields exclusive to wireless network that contain high information gain to be used as ML features in Wireless IDS.
基金supported by the National Basic Research 973 Program of China under Grant No. 2009CB320505the National Science and Technology Supporting Plan of China under Grant No. 2008BAH37B05+2 种基金the National Natural Science Foundation of China under Grant No. 61170211the Ph.D. Programs Foundation of Ministry of Education of China under Grant No. 20110002110056the National High Technology Research and Development 863 Program of China under Grant Nos. 2008AA01A303 and 2009AA01Z251
文摘Network traffic anomalies are unusual changes in a network,so diagnosing anomalies is important for network management.Feature-based anomaly detection models (ab)normal network traffic behavior by analyzing packet header features.PCA-subspace method (Principal Component Analysis) has been verified as an efficient feature-based way in network-wide anomaly detection.Despite the powerful ability of PCA-subspace method for network-wide traffic detection,it cannot be effectively used for detection on a single link.In this paper,different from most works focusing on detection on flow-level traffic,based on observations of six traffic features for packet-level traffic,we propose a new approach B6SVM to detect anomalies for packet-level traffic on a single link.The basic idea of B6-SVM is to diagnose anomalies in a multi-dimensional view of traffic features using Support Vector Machine (SVM).Through two-phase classification,B6-SVM can detect anomalies with high detection rate and low false alarm rate.The test results demonstrate the effectiveness and potential of our technique in diagnosing anomalies.Further,compared to previous feature-based anomaly detection approaches,B6-SVM provides a framework to automatically identify possible anomalous types.The framework of B6-SVM is generic and therefore,we expect the derived insights will be helpful for similar future research efforts.
基金co-supported by the State Key Program of National Natural Science Foundation of China (No. 91538204)the National Science Fund for Distinguished Young Scholars (No. 61425014)the National Key Technologies R&D Program of China (No. 2015BAG15B01)
文摘Air traffic complexity is an objective metric for evaluating the operational condition of the airspace. It has several applications, such as airspace design and traffic flow management.Therefore, identifying a reliable method to accurately measure traffic complexity is important. Considering that many factors correlate with traffic complexity in complicated nonlinear ways,researchers have proposed several complexity evaluation methods based on machine learning models which were trained with large samples. However, the high cost of sample collection usually results in limited training set. In this paper, an ensemble learning model is proposed for measuring air traffic complexity within a sector based on small samples. To exploit the classification information within each factor, multiple diverse factor subsets(FSSs) are generated under guidance from factor noise and independence analysis. Then, a base complexity evaluator is built corresponding to each FSS. The final complexity evaluation result is obtained by integrating all results from the base evaluators. Experimental studies using real-world air traffic operation data demonstrate the advantages of our model for small-sample-based traffic complexity evaluation over other stateof-the-art methods.
