Abstract
Network traffic features play a key role in network anomaly detection, which is of great significance to ensure normal network service. Conventional network traffic feature extraction focuses on the network layer to obtain features such as IP source, destination address, timestamp and so on, which describe the status involved in the transmission process of messages, but it lacks the connection with specific application behavior. At the same time, huge feature data will also burden the detection work. In view of the above situation, this paper proposes a DPI-based network traffic feature vector optimization model——DRFV optimization model.
This model combines the DPI technology to expand the feature extraction of the original traffic to the application layer, realize the traffic analysis of the application layer data, and expand and increase the feature vector dimension. After obtaining abundant features, the random forest model based on Bagging thought is used to classify the features, obtain feature effect ranking, and select the optimized feature vector according to the conditions required for network anomaly detection, so as to achieve the goal of dimension reduction and optimization, and obtain the feature vector with more research significance. The network anomaly detection model uses the model proposed in this paper to optimize the traffic feature extraction, which can obtain better results in detection results and operating performance. It has a significant improvement in accuracy, F1 value and running time.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alonso, G., et al.: DPI: the data processing interface for modern networks. In: CIDR 2019 Online Proceedings, p.11 (2019)
Alotibi, G., Li, F., Clarke, N., Furnell, S.: Behavioral-based feature abstraction from network traffic. In: ICCWS 2015-The Proceedings of the 10th International Conference on Cyber Warfare and Security, pp. 1–9 (2015)
Breiman, L.: Bagging predictors. Mach. Learn. 24, 123–140 (1996)
Bühlmann, P., Yu, B.: Analyzing bagging. Ann. Stat. 30(4), 927–961 (2002)
Bujlow, T., Carela-Español, V., Barlet-Ros, P.: Independent comparison of popular DPI tools for traffic classification. Comput. Netw. 76, 75–89 (2015)
Cheng, G., Gong, J., Ding, W.: A real-time anomaly detection model based on sampling measurement in a high-speed network. J. Software 14(3), 594–599 (2003)
Deri, L., Martinelli, M., Bujlow, T., Cardigliano, A.: NDPI: open-source high-speed deep packet inspection. In: 2014 International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 617–622. IEEE (2014)
Ghosh, A., Senthilrajan, A.: Classifying network traffic using DPI and DFI. Int. J. Sci. Technol. Res. 8(11), 1019 (2019)
Matthew, W., et al.: Bias of the random forest out-of-bag (OOB) error for certain input parameters. Open J. Stat. 2011 (2011)
Paul, A., Mukherjee, D.P., Das, P., Gangopadhyay, A., Chintha, A.R., Kundu, S.: Improved random forest for classification. IEEE Trans. Image Process. 27(8), 4012–4024 (2018)
Rigatti, S.J.: Random forest. J. Insur. Med. 47(1), 31–39 (2017)
Rosay, A., Cheval, E., Carlier, F., Leroux, P.: Network intrusion detection: a comprehensive analysis of CIC-IDS2017. In: 8th International Conference on Information Systems Security and Privacy, pp. 25–36. SCITEPRESS-Science and Technology Publications (2022)
Speiser, J.L., Miller, M.E., Tooze, J., Ip, E.: A comparison of random forest variable selection methods for classification prediction modeling. Expert Syst. Appl. 134, 93–101 (2019)
Sun, Z., Tang, Y., Zhang, W., Gong, J., Wang, R.: A router anomaly traffic filter algorithm based on character aggregation. J. Software 17(2), 295–304 (2006)
Yang, T., Jiang, R., Deng, H., Tang, X.: A network traffic identification method based on autoencoder-a feature selection algorithm. J. Phys. Conf. Ser. 2593, 012007 (2023)
Yoshimura, N., Kuzuno, H., Shiraishi, Y., Morii, M.: DOC-IDS: a deep learning-based method for feature extraction and anomaly detection in network traffic. Sensors 22(12), 4405 (2022)
Yun, X., Wang, Y., Zhang, Y., Zhou, Y.: A semantics-aware approach to the automated network protocol identification. IEEE/ACM Trans. Networking 24(1), 583–595 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Zhao, Y., Cui, B., Yang, J., Jiang, M. (2024). A DPI-Based Network Traffic Feature Vector Optimization Model. In: Barolli, L. (eds) Advances in Internet, Data & Web Technologies. EIDWT 2024. Lecture Notes on Data Engineering and Communications Technologies, vol 193. Springer, Cham. https://doi.org/10.1007/978-3-031-53555-0_50
Download citation
DOI: https://doi.org/10.1007/978-3-031-53555-0_50
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-53554-3
Online ISBN: 978-3-031-53555-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)