towards reliable traffic classification using visual
play

Towards Reliable Traffic Classification Using Visual Motifs Wilson - PowerPoint PPT Presentation

Aug 03, 2023 •170 likes •652 views

Background Visual Motifs Traffic Classification Evaluation Towards Reliable Traffic Classification Using Visual Motifs Wilson Lian 1 John McHugh 1 , 2 Fabian Monrose 1 1 University of North Carolina at Chapel Hill 2 RedJack, LLC FloCon 2010

  1. Background Visual Motifs Traffic Classification Evaluation Towards Reliable Traffic Classification Using Visual Motifs Wilson Lian 1 John McHugh 1 , 2 Fabian Monrose 1 1 University of North Carolina at Chapel Hill 2 RedJack, LLC FloCon 2010 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  2. Background Visual Motifs Traffic Classification Evaluation Overview Background Visual Motifs Traffic Classification Evaluation Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  3. Background Visual Motifs Traffic Classification Evaluation Motivation Internet Network Administrator Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  4. Background Visual Motifs Traffic Classification Evaluation Motivation d3b07384d113e... 7d8ad5cb9c940... GET /index.ht... MAIL FROM: foo@... d41d8cd98f00b... d41d8cd98f00b... Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  5. Background Visual Motifs Traffic Classification Evaluation Goals Port 22 Port 25 36fd6d8c3f5af4... Port 22 MAIL FROM: foo@... Port 25 Port 22 fc2394c1a922... f98698466c3ef... Port 25 Port 22 f4d6d8c3f5a36... ef8698466c3f9... Port 25 222394c1a9fc... Port 22 DATA\r\nSubject: fo... Port 25 5ad6d8c3ff436... Port 22 f98698466c3ef... a92394c122fc... Port 1214 Port 80 113edec49eaa... Port 80 Port 1214 b314caafaa3e... b314caafaa3e... 006f7b3db8f4f... Port 80 Port 1214 POST /login.ph... aa3edec49e11... Port 80 Port 1214 b314caafaa3e... Port 80 4f006f7b3db8f0... Port 1214 Port 80 POST /AuthSv... Port 1214 9e3edec4aa11... GET /index.ht... b8006f7b3d4ff0... Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  6. Background Visual Motifs Traffic Classification Evaluation Assumptions Reliable transport via TCP Stream Cipher No access to payload Length preservation Negligible packet loss & retransmission Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  7. Background Visual Motifs Traffic Classification Evaluation Related Work Scatter (and other) Plots for Visualizing User Profiling Data and Network Traffic , Goldring 2004. Using Visual Motifs to Classify Encrypted Traffic , Wright et al. 2006 Intelligent Classification and Visualization of Network Scans Muelder et al. 2008. FloVis: A Network Security Visualization Framework , Taylor 2009. Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  8. Background Visual Motifs Traffic Classification Evaluation Timeline Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  9. Background Visual Motifs Traffic Classification Evaluation Timeline Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  10. Background Visual Motifs Traffic Classification Evaluation Timeline Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  11. Background Visual Motifs Traffic Classification Evaluation Timeline Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  12. Background Visual Motifs Traffic Classification Evaluation Timeline Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  13. Background Visual Motifs Traffic Classification Evaluation Timeline Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  14. Background Visual Motifs Traffic Classification Evaluation Timeline Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  15. Background Visual Motifs Traffic Classification Evaluation Unigram Heatmaps Image credit: Wright et al. 2006 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  16. Background Visual Motifs Traffic Classification Evaluation Bigram Heatmaps Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  17. Background Visual Motifs Traffic Classification Evaluation Heatmap Construction Client Server SYN 48 bytes SYN-ACK 48 bytes (48, -48) 48 ACK 40 bytes (-48, 40) -48 HTTP Request 891 bytes (40, 891) 40 (891, -40) 891 Time (-40, -270) -40 40 bytes -270 (-270, -1500) 270 bytes -1500 1500 bytes (-1500, 40) 40 (40, -1500) 40 bytes -1500 (-1500, 40) 40 1500 bytes 40 bytes Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  18. Background Visual Motifs Traffic Classification Evaluation Heatmap Construction (40, 891) (-48, 40) (48, -48) (-1500, 40) (40, 891) (-48, 40) (40, 891) (-1500, 40) (891, -40) (-40, -270) (-270, -1500) (-1500, 40) (48, -48) (40, -1500) (-40, -270) (891, -40) (-1500, 40) (-270, -1500) (40, -1500) Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  19. Background Visual Motifs Traffic Classification Evaluation Heatmap Construction (40, 891) (-48, 40) (48, -48) 3/9 = 33.3% (-1500, 40) (40, 891) 1/9 = 11.1% (-48, 40) (40, 891) (-1500, 40) (891, -40) (-40, -270) (-270, -1500) (-1500, 40) (48, -48) (40, -1500) (-40, -270) 2/9 = 22.2% 3/9 = 33.3% (891, -40) (-1500, 40) (-270, -1500) (40, -1500) Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  20. Background Visual Motifs Traffic Classification Evaluation Heatmap Construction Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  21. Background Visual Motifs Traffic Classification Evaluation Bigram Heatmaps Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  22. Background Visual Motifs Traffic Classification Evaluation Modeling Protocol Behavior (40, 891) (-48, 40) 3/9 = 33.3% (-1500, 40) (40, 891) 1/9 = 11.1% (-1500, 40) 1 2 (48, -48) (-40, -270) 2/9 = 22.2% 3/9 = 33% (891, -40) (-270, -1500) (40, -1500) 3 4 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  23. Background Visual Motifs Traffic Classification Evaluation Modeling Protocol Behavior 1 0.9 0.8 0.7 0.6 Probability 0.5 .333 .333 0.4 0.3 .222 0.2 .111 0.1 0 0 1 2 3 4 Bin Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  24. Background Visual Motifs Traffic Classification Evaluation Comparing Protocol Models 1 0.9 0.8 .700 0.7 0.6 Probability 0.5 0.4 .333 .333 0.3 .222 .150 0.2 .111 .100 .050 0.1 1 2 3 4 Bin Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  25. Background Visual Motifs Traffic Classification Evaluation Comparing Protocol Models n � A total = A k k =1 n � B total = B k k =1 n � � A i B i � � � Score A ↔ B = − � � A total B total � � i =1 n 1 � = | A i · B total − B i · A total | A total · B total i =1 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  26. Background Visual Motifs Traffic Classification Evaluation Comparing Protocol Models Score = .233+.589+.072+.283 = 1.177 .700 Probability .333 .333 .222 .150 .111 .100 .050 0 1 2 3 4 5 |.222-.150| = .072 Di fg erence |.333-.100| = .233 |.333-.050| = .283 |.111-.700| = .589 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  27. Background Visual Motifs Traffic Classification Evaluation Comparing Protocol Models 1 0.9 0.8 0.7 0.6 Probability 0.5 .400 0.4 .333 .333 .300 0.3 .222 .150 .150 0.2 .111 0.1 1 2 3 4 Bin Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  28. Background Visual Motifs Traffic Classification Evaluation Comparing Protocol Models 0.7 Score = .067+.039+.072+.033 = .211 0.6 0.5 Probability .400 0.4 .333 .333 .300 0.3 .222 0.2 .150 .150 .111 0.1 -0 0 1 2 3 4 5 |.333-.300| = .033 |.111-.150| = .039 Di fg erence -0.1 |.333-.400| = .067 |.222-.150| = .072 -0.2 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

  29. Background Visual Motifs Traffic Classification Evaluation Classifying Samples: Easy as 1-2-3 1 Create training models for desired protocols 2 Build distribution for sample network trace 3 Find training model with lowest difference score n � A i B i � � � � Score A ↔ B = − � � A total B total � � i =1 n 1 � = | A i · B total − B i · A total | A total · B total i =1 Wilson Lian, John McHugh, Fabian Monrose Towards Reliable Traffic Classification UsingVisual Motifs

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Traffic Classification in the Fog Scott E. Coull February 23, 2006 Overview What is traffic

Traffic Classification in the Fog Scott E. Coull February 23, 2006 Overview What is traffic

Traffic Classification in the Fog Scott E. Coull February 23, 2006 Overview What is traffic classification? Communities of Interest for classification BLINC Profiling Internet Backbone Traffic What is missing here? Traffic

965 views • 81 slides
Need for Classification Classification required To isolate traffic of interest

Need for Classification Classification required To isolate traffic of interest

Need for Classification Classification required To isolate traffic of interest Classification of Internet Traffic To treat special types of traffic in a different manner Some types of classification already seen in Alok

371 views • 9 slides
Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification, Measurement, and Analysis and Analysis ISC/CAIDA Data Collaboration Workshop October 22, 2012 David Plonka & Paul Barford

1.33k views • 26 slides
Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com Website: http://www.gl.com 1 1 Traffic

228 views • 11 slides
Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey

Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey

Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey Collaborators: Nikhil Naik, Ryan Farrell, Otkrist Gupta, Pei Guo, Ramesh Raskar Fine-Grained Visual Classification - Image classification with target

760 views • 35 slides
Traffic Classification Rotsos Charalampos , Jurgen Van Gael, Andrew W. Moore, Zoubin Ghahramani

Traffic Classification Rotsos Charalampos , Jurgen Van Gael, Andrew W. Moore, Zoubin Ghahramani

Probabilistic Graphical Models for Semi-Supervised Traffic Classification Rotsos Charalampos , Jurgen Van Gael, Andrew W. Moore, Zoubin Ghahramani Computer Laboratory and Engineering Department, University of Cambridge Traffic classification

257 views • 21 slides
Traffic Commissioner London and South East Championing safe, fair and reliable passenger and

Traffic Commissioner London and South East Championing safe, fair and reliable passenger and

Traffic Commissioners for Great Britain Nick Denton Traffic Commissioner London and South East Championing safe, fair and reliable passenger and goods transport Transport Managers EU Regulation 1071/2009 continuously and effectively

333 views • 22 slides
How is SUNET really used? Results of traffic classification on backbone data Wolfgang John and

How is SUNET really used? Results of traffic classification on backbone data Wolfgang John and

MonNet a project for network and traffic monitoring How is SUNET really used? Results of traffic classification on backbone data Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University of Technology

760 views • 21 slides
1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop

1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop

AGENDA AGENDA 1. The role and significance of public transport and tram transport in urban areas 2. Goal and stages of the study 1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop stations at tram stops

169 views • 4 slides
Combining Machine and Automata Learning for Network Traffic Classification Zeynab Sabahi, Fatemeh

Combining Machine and Automata Learning for Network Traffic Classification Zeynab Sabahi, Fatemeh

Combining Machine and Automata Learning for Network Traffic Classification Zeynab Sabahi, Fatemeh Ghassemi, and Zahra Alimadadi TTCS 2020,Tehran, Iran 1 Network Traffic Classification, What & Why?

655 views • 44 slides
Classification & Filtering Traffic Management October 2016 Chelsio T5/T6 Packet

Classification & Filtering Traffic Management October 2016 Chelsio T5/T6 Packet

Classification & Filtering Traffic Management October 2016 Chelsio T5/T6 Packet Classification and Filtering Features 1. Supported Match Fields with Optional Masks Up to 500K exact-match and 2K wildcard rules, 20M/sec lookup rate, 200K

92 views • 6 slides
Towards Explicable and Adaptive DDoS Traffic Classification Yebo Feng, Jun Li University of

Towards Explicable and Adaptive DDoS Traffic Classification Yebo Feng, Jun Li University of

The 21st Passive and Active Measurement Conference (PAM 2020) Towards Explicable and Adaptive DDoS Traffic Classification Yebo Feng, Jun Li University of Oregon {yebof, lijun}@cs.uoregon.edu Towards Explicable and Adaptive DDoS Traffic

339 views • 10 slides
Detection and Classification of Anomalies in Network Traffic Using Generalized Entropies and

Detection and Classification of Anomalies in Network Traffic Using Generalized Entropies and

Introduction Statement problem Mathematical background Algorithm Experiments Conclusions Detection and Classification of Anomalies in Network Traffic Using Generalized Entropies and OC-SVM with Mahalanobis Kernel Jayro Santiago-Paz, Deni

583 views • 23 slides
my.SWISSTRAFFIC Automated Traffic Collection & Analysis FULLY AUTOMATED TRAFFIC DATA

my.SWISSTRAFFIC Automated Traffic Collection & Analysis FULLY AUTOMATED TRAFFIC DATA

my.SWISSTRAFFIC Automated Traffic Collection & Analysis FULLY AUTOMATED TRAFFIC DATA COLLECTION AND ANALYTICS There is a high demand for reliable Traffic Data but Static data single-purpose data Invasive costly deployment &

404 views • 18 slides
Beyond Classification: La Latent User Interests Profiling from Visual Contents Analysis Lon

Beyond Classification: La Latent User Interests Profiling from Visual Contents Analysis Lon

Beyond Classification: La Latent User Interests Profiling from Visual Contents Analysis Lon Longqi Ya Yang , Cheng-Kang (Andy) Hsieh, Deborah Estrin Communicati Co tions On Online P Purchases So Social Network Ou Our inte terests ts

243 views • 20 slides
Bag-of-Visual-Ngrams for Histopathology Image Classification opez-Monroy, M.Sc. 1 A. Pastor L

Bag-of-Visual-Ngrams for Histopathology Image Classification opez-Monroy, M.Sc. 1 A. Pastor L

Bag-of-Visual-Ngrams for Histopathology Image Classification opez-Monroy, M.Sc. 1 A. Pastor L omez, Ph.D. 1 H. J. Escalante, Ph.D. 1 M. Montes-y-G A. Cruz-Roa, M.Sc. 2 alez, Ph.D. 2 F. A. Gonz November-2013 M exico LabTL, Computer

438 views • 24 slides
Importance Notice The information contained in this presentation is for information purposes

Importance Notice The information contained in this presentation is for information purposes

Importance Notice The information contained in this presentation is for information purposes only and does not constitute an offer or invitation to sell or the solicitation of an offer or invitation to purchase or subscribe for share in

342 views • 30 slides
Ethically Mined Gold Emily Andrews, Katinka Eikelenboom, Bryan Nicholson, Cate Owren & Nancy

Ethically Mined Gold Emily Andrews, Katinka Eikelenboom, Bryan Nicholson, Cate Owren & Nancy

The Movement Toward Ethically Mined Gold Emily Andrews, Katinka Eikelenboom, Bryan Nicholson, Cate Owren & Nancy Rizkalla In partnership with Janet MacGillivray Make A Ripple Make A Ripples Ethical Mined: a US-based initiative for

509 views • 40 slides
Junior Year Abroad for Altman Scholars: Options and Application Process Junior Year Abroad (JYA)

Junior Year Abroad for Altman Scholars: Options and Application Process Junior Year Abroad (JYA)

Junior Year Abroad for Altman Scholars: Options and Application Process Junior Year Abroad (JYA) for Altman Scholars 2 semesters abroad ( reluctant exceptions may be made) Courses taken in your Target Language, alongside local

286 views • 27 slides
Lizzi Meister ISJL Community Engagement Fellows Set Induction (5 min) Introduction to the

Lizzi Meister ISJL Community Engagement Fellows Set Induction (5 min) Introduction to the

Rachel Glazer Lizzi Meister ISJL Community Engagement Fellows Set Induction (5 min) Introduction to the Bonanza! (5 min) Activity Plan Composition (20 min) Out of the Box Activity (20 min) Presentations (10 min) Discussion (10 min) Wrap-Up

287 views • 17 slides
K arl Donert, President E UR OGE O, Director: European Centre of Excellence: digital - earth.eu

K arl Donert, President E UR OGE O, Director: European Centre of Excellence: digital - earth.eu

K arl Donert, President E UR OGE O, Director: European Centre of Excellence: digital - earth.eu eurogeomail@yahoo.co.uk eurogeomail@yahoo.co.uk Geospatial World Forum , Geneva, Switzerland, May 5 -9 2014 E E uropean As uropean As s

667 views • 27 slides
Advisory Council on Instruction School Board Work Session Dana Milburn, ACI Co-Chair Rebecca

Advisory Council on Instruction School Board Work Session Dana Milburn, ACI Co-Chair Rebecca

Advisory Council on Instruction School Board Work Session Dana Milburn, ACI Co-Chair Rebecca Hunter, ACI Co-Chair January 28, 2020 ACI/ACTL Since the Department of Instruction became the Department of Teaching and Learning in recent years,

250 views • 23 slides
Governance, Precarity and Food Security: Impact of Precarious Status on the Food Security of Urban

Governance, Precarity and Food Security: Impact of Precarious Status on the Food Security of Urban

Governance, Precarity and Food Security: Impact of Precarious Status on the Food Security of Urban Refugees In South Africa Jennifer Kandjii PhD Candidate (ABD) Balsillie School of International Affairs Overview of presentation Sources of

664 views • 13 slides
Dear Rampart Unbuilt Architecture Honorable Mention Gould Evans welcome recognition awards

Dear Rampart Unbuilt Architecture Honorable Mention Gould Evans welcome recognition awards

Dear Rampart Unbuilt Architecture Honorable Mention Gould Evans welcome recognition awards Project Name: Dear Rampart Project Location: New Orleans, LA Owner/Client: Dear World Architect(s) of Record: Gould Evans 3308-A Magazine Street

694 views • 34 slides

More recommend