Skip to main content
SpringerLink
Log in
Book cover

Australasian Conference on Data Mining

AusDM 2017: Data Mining pp 173–191Cite as

Distributed Detection of Zero-Day Network Traffic Flows

  • Conference paper
  • First Online:

  • 812 Accesses

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 845))

Abstract

Zero-day (or unknown) traffic brings about challenges for network security and management tasks, in terms of identifying the occurrence of those events in the network in an accurate and timely manner. In this paper, we propose a distributed mechanism to detect such unknown traffic in a timely manner. We compare our distributed scheme with a centralized system, where all the network flow data are used as a whole to perform the detection. We combined supervised and unsupervised learning mechanisms to discover and classify the unknown traffic efficiently, using clustering and Random Forest (RF) based schemes for this purpose. Further, we incorporated the correlation information in the traffic flows to improve the accuracy of detection, by means of using a Bag of Flows (BoFs) based method. Evaluation on real traces reveal that our distributed approach achieves a comparable detection performance to that of a centralized scheme. Further, the distributed scheme that incorporates unknown sample sharing in the framework shows improvement in the zero-day traffic detection performance. Moreover, the classifier used with the combination of BoF and RF shows improved detection accuracy, compared with not using BoFs.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Nguyen, T.T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. Tutor. 10(4), 56–76 (2008)

    Article  Google Scholar 

  2. Finamore, A., Mellia, M., Meo, M., Rossi, D.: KISS: stochastic packet inspection classifier for UDP traffic. IEEE/ACM Trans. Netw. (TON) 18(5), 1505–1515 (2010)

    Article  Google Scholar 

  3. Juvonen, A., Sipola, T.: Adaptive framework for network traffic classification using dimensionality reduction and clustering. In: 2012 4th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT), pp. 274–279. IEEE (2012)

    Google Scholar 

  4. Kim, H., Claffy, K.C., Fomenkov, M., Barman, D., Faloutsos, M., Lee, K.: Internet traffic classification demystified: myths, caveats, and the best practices. In: Proceedings of the 2008 ACM CoNEXT Conference, p. 11. ACM (2008)

    Google Scholar 

  5. Alazab, M., Venkatraman, S., Watters, P., Alazab, M.: Zero-day malware detection based on supervised learning algorithms of API call signatures. In: Proceedings of the Ninth Australasian Data Mining Conference, vol. 121, pp. 171–182. Australian Computer Society, Inc. (2011)

    Google Scholar 

  6. Este, A., Gringoli, F., Salgarelli, L.: Support vector machines for TCP traffic classification. Comput. Netw. 53(14), 2476–2490 (2009)

    Article  Google Scholar 

  7. Finamore, A., Mellia, M., Meo, M.: Mining unclassified traffic using automatic clustering techniques. In: Domingo-Pascual, J., Shavitt, Y., Uhlig, S. (eds.) TMA 2011. LNCS, vol. 6613, pp. 150–163. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20305-3_13

    Chapter  Google Scholar 

  8. Criminisi, A., Shotton, J., Konukoglu, E., et al.: Decision forests: a unified framework for classification, regression, density estimation, manifold learning and semi-supervised learning. Found. Trends Comput. Graph. Vis. 7(2–3), 81–227 (2012)

    MATH  Google Scholar 

  9. Hastie, T., Tibshirani, R., Friedman, J.: Unsupervised learning. In: Hastie, T., Tibshirani, R., Friedman, J. (eds.) The Elements of Statistical Learning. Springer Series in Statistics, pp. 485–585. Springer, New York (2009). https://doi.org/10.1007/978-0-387-84858-7_14

    Chapter  MATH  Google Scholar 

  10. Zhang, J., Chen, X., Xiang, Y., Zhou, W., Wu, J.: Robust network traffic classification. IEEE/ACM Trans. Netw. (TON) 23(4), 1257–1270 (2015)

    Article  Google Scholar 

  11. Miao, Y., Ruan, Z., Pan, L., Zhang, J., Xiang, Y., Wang, Y.: Comprehensive analysis of network traffic data. In: 2016 IEEE International Conference on Computer and Information Technology (CIT), pp. 423–430. IEEE (2016)

    Google Scholar 

  12. Han, Y., Chan, J., Alpcan, T., Leckie, C.: Using virtual machine allocation policies to defend against co-resident attacks in cloud computing. IEEE Trans. Dependable Secure Comput. 14(1), 95–108 (2017)

    Google Scholar 

  13. Rajasegarar, S., Leckie, C., Palaniswami, M.: Hyperspherical cluster based distributed anomaly detection in wireless sensor networks. J. Parallel Distrib. Comput. 74(1), 1833–1847 (2014)

    Article  Google Scholar 

  14. Ling, Z., Luo, J., Wu, K., Yu, W., Fu, X.: Torward: discovery of malicious traffic over Tor. In: 2014 Proceedings IEEE INFOCOM, pp. 1402–1410. IEEE (2014)

    Google Scholar 

  15. Conti, M., Mancini, L.V., Spolaor, R., Verde, N.V.: Analyzing android encrypted network traffic to identify user actions. IEEE Trans. Inf. Forensics Secur. 11(1), 114–125 (2016)

    Article  Google Scholar 

  16. Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3–24. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_1

    Chapter  Google Scholar 

  17. Zhang, J., Xiang, Y., Wang, Y., Zhou, W., Xiang, Y., Guan, Y.: Network traffic classification using correlation information. IEEE Trans. Parallel Distrib. Syst. 24(1), 104–117 (2013)

    Article  Google Scholar 

  18. Zhang, J., Chen, C., Xiang, Y., Zhou, W., Vasilakos, A.V.: An effective network traffic classification method with unknown flow detection. IEEE Trans. Netw. Serv. Manag. 10(2), 133–147 (2013)

    Article  Google Scholar 

  19. Erman, J., Mahanti, A., Arlitt, M.: QRP05-4: internet traffic identification using machine learning. In: IEEE GLOBECOM 2006, pp. 1–6, November 2006

    Google Scholar 

  20. Wang, Y., Xiang, Y., Yu, S.Z.: An automatic application signature construction system for unknown traffic. Concurr. Comput.: Pract. Exp. 22(13), 1927–1944 (2010)

    Article  Google Scholar 

  21. Zhang, J., Chen, X., Xiang, Y., Zhou, W.: Zero-day traffic identification. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds.) CSS 2013. LNCS, vol. 8300, pp. 213–227. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03584-0_16

    Chapter  Google Scholar 

Download references

Acknowledgement

This work was supported by the National Natural Science Foundation of China under Grant 61401371.

Author information

Authors and Affiliations

  1. School of Software and Electrical Engineering, Swinburne University of Technology, Hawthorn, Australia

    Yuantian Miao, Jun Zhang & Yang Xiang

  2. School of IT, Deakin University, Geelong, Australia

    Lei Pan & Sutharshan Rajasegarar

  3. Department of Computing and Information Systems, University of Melbourne, Melbourne, Australia

    Christopher Leckie

Authors
  1. Yuantian Miao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lei Pan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sutharshan Rajasegarar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Christopher Leckie
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yang Xiang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lei Pan .

Editor information

Editors and Affiliations

  1. RMIT University, Melbourne, Victoria, Australia

    Yee Ling Boo

  2. University of Wollongong, Wollongong, New South Wales, Australia

    David Stirling

  3. La Trobe University, Melbourne, Victoria, Australia

    Lianhua Chi

  4. School of Information Technology and Mathematical Sciences, University of South Australia, Adelaide, South Australia, Australia

    Lin Liu

  5. La Trobe University, Melbourne, Victoria, Australia

    Kok-Leong Ong

  6. Microsoft Pty Ltd, Singapore, Singapore

    Graham Williams

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Miao, Y., Pan, L., Rajasegarar, S., Zhang, J., Leckie, C., Xiang, Y. (2018). Distributed Detection of Zero-Day Network Traffic Flows. In: Boo, Y., Stirling, D., Chi, L., Liu, L., Ong, KL., Williams, G. (eds) Data Mining. AusDM 2017. Communications in Computer and Information Science, vol 845. Springer, Singapore. https://doi.org/10.1007/978-981-13-0292-3_11

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-0292-3_11

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-0291-6

  • Online ISBN: 978-981-13-0292-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation