Applying an Improved Dung Beetle Optimizer Algorithm to Network Traffic Identification

Network traffic identification is critical for maintaining network security and further meeting various demands of network applications.However,network traffic data typically possesses high dimensionality and complexity,leading to practical problems in traffic identification data analytics.Since the original Dung Beetle Optimizer(DBO)algorithm,Grey Wolf Optimization(GWO)algorithm,Whale Optimization Algorithm(WOA),and Particle Swarm Optimization(PSO)algorithm have the shortcomings of slow convergence and easily fall into the local optimal solution,an Improved Dung Beetle Optimizer(IDBO)algorithm is proposed for network traffic identification.Firstly,the Sobol sequence is utilized to initialize the dung beetle population,laying the foundation for finding the global optimal solution.Next,an integration of levy flight and golden sine strategy is suggested to give dung beetles a greater probability of exploring unvisited areas,escaping from the local optimal solution,and converging more effectively towards a global optimal solution.Finally,an adaptive weight factor is utilized to enhance the search capabilities of the original DBO algorithm and accelerate convergence.With the improvements above,the proposed IDBO algorithm is then applied to traffic identification data analytics and feature selection,as so to find the optimal subset for K-Nearest Neighbor(KNN)classification.The simulation experiments use the CICIDS2017 dataset to verify the effectiveness of the proposed IDBO algorithm and compare it with the original DBO,GWO,WOA,and PSO algorithms.The experimental results show that,compared with other algorithms,the accuracy and recall are improved by 1.53%and 0.88%in binary classification,and the Distributed Denial of Service(DDoS)class identification is the most effective in multi-classification,with an improvement of 5.80%and 0.33%for accuracy and recall,respectively.Therefore,the proposed IDBO algorithm is effective in increasing the efficiency of traffic identification and solving the problem of the original DBO algorithm that converges slowly and falls into the local optimal solution when dealing with high-dimensional data analytics and feature selection for network traffic identification.

Cluster DetectionMethod of Endogenous Security Abnormal Attack Behavior in Air Traffic Control Network

In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set for ATC cybersecurity attacks is constructed by setting the feature states,adding recursive features,and determining the feature criticality.The expected information gain and entropy of the feature data are computed to determine the information gain of the feature data and reduce the interference of similar feature data.An autoencoder is introduced into the AI(artificial intelligence)algorithm to encode and decode the characteristics of ATC network security attack behavior to reduce the dimensionality of the ATC network security attack behavior data.Based on the above processing,an unsupervised learning algorithm for clustering detection of ATC network security attacks is designed.First,determine the distance between the clustering clusters of ATC network security attack behavior characteristics,calculate the clustering threshold,and construct the initial clustering center.Then,the new average value of all feature objects in each cluster is recalculated as the new cluster center.Second,it traverses all objects in a cluster of ATC network security attack behavior feature data.Finally,the cluster detection of ATC network security attack behavior is completed by the computation of objective functions.The experiment took three groups of experimental attack behavior data sets as the test object,and took the detection rate,false detection rate and recall rate as the test indicators,and selected three similar methods for comparative test.The experimental results show that the detection rate of this method is about 98%,the false positive rate is below 1%,and the recall rate is above 97%.Research shows that this method can improve the detection performance of security attacks in air traffic control network.

Network Intrusion Traffic Detection Based on Feature Extraction

With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.

Multi-Head Attention Spatial-Temporal Graph Neural Networks for Traffic Forecasting

Accurate traffic prediction is crucial for an intelligent traffic system (ITS). However, the excessive non-linearity and complexity of the spatial-temporal correlation in traffic flow severely limit the prediction accuracy of most existing models, which simply stack temporal and spatial modules and fail to capture spatial-temporal features effectively. To improve the prediction accuracy, a multi-head attention spatial-temporal graph neural network (MSTNet) is proposed in this paper. First, the traffic data is decomposed into unique time spans that conform to positive rules, and valuable traffic node attributes are mined through an adaptive graph structure. Second, time and spatial features are captured using a multi-head attention spatial-temporal module. Finally, a multi-step prediction module is used to achieve future traffic condition prediction. Numerical experiments were conducted on an open-source dataset, and the results demonstrate that MSTNet performs well in spatial-temporal feature extraction and achieves more positive forecasting results than the baseline methods.

An Improved Jump Spider Optimization for Network Traffic Identification Feature Selection

The massive influx of traffic on the Internet has made the composition of web traffic increasingly complex.Traditional port-based or protocol-based network traffic identification methods are no longer suitable for today’s complex and changing networks.Recently,machine learning has beenwidely applied to network traffic recognition.Still,high-dimensional features and redundant data in network traffic can lead to slow convergence problems and low identification accuracy of network traffic recognition algorithms.Taking advantage of the faster optimizationseeking capability of the jumping spider optimization algorithm(JSOA),this paper proposes a jumping spider optimization algorithmthat incorporates the harris hawk optimization(HHO)and small hole imaging(HHJSOA).We use it in network traffic identification feature selection.First,the method incorporates the HHO escape energy factor and the hard siege strategy to forma newsearch strategy for HHJSOA.This location update strategy enhances the search range of the optimal solution of HHJSOA.We use small hole imaging to update the inferior individual.Next,the feature selection problem is coded to propose a jumping spiders individual coding scheme.Multiple iterations of the HHJSOA algorithmfind the optimal individual used as the selected feature for KNN classification.Finally,we validate the classification accuracy and performance of the HHJSOA algorithm using the UNSW-NB15 dataset and KDD99 dataset.Experimental results show that compared with other algorithms for the UNSW-NB15 dataset,the improvement is at least 0.0705,0.00147,and 1 on the accuracy,fitness value,and the number of features.In addition,compared with other feature selectionmethods for the same datasets,the proposed algorithmhas faster convergence,better merit-seeking,and robustness.Therefore,HHJSOAcan improve the classification accuracy and solve the problem that the network traffic recognition algorithm needs to be faster to converge and easily fall into local optimum due to high-dimensional features.

RRCNN: Request Response-Based Convolutional Neural Network for ICS Network Traffic Anomaly Detection

Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly detection methods rely on statistical features manually extracted using the experience of network security experts.They are not aimed at the original network data,nor can they capture the potential characteristics of network packets.Therefore,the following improvements were made in this study:(1)A dataset that can be used to evaluate anomaly detection algorithms is produced,which provides raw network data.(2)A request response-based convolutional neural network named RRCNN is proposed,which can be used for anomaly detection of ICS network traffic.Instead of using statistical features manually extracted by security experts,this method uses the byte sequences of the original network packets directly,which can extract potential features of the network packets in greater depth.It regards the request packet and response packet in a session as a Request-Response Pair(RRP).The feature of RRP is extracted using a one-dimensional convolutional neural network,and then the RRP is judged to be normal or abnormal based on the extracted feature.Experimental results demonstrate that this model is better than several other machine learning and neural network models,with F1,accuracy,precision,and recall above 99%.

An Intrusion Alarming System Based on Self-Similarity of Network Traffic

Intrusion detection system ean make effective alarm for illegality of networkusers, which is absolutely necessarily and important to build security environment of communicationbase service According to the principle that the number of network traffic can affect the degree ofself-similar traffic, the paper investigates the variety of self-similarity resulted fromunconventional network traffic. A network traffic model based on normal behaviors of user isproposed and the Hursl parameter of this model can be calculated. By comparing the Hurst parameterof normal traffic and the self-similar parameter, we ean judge whether the network is normal or notand alarm in time.

Metaheuristic Optimization of Time Series Models for Predicting Networks Traffic

Traffic prediction of wireless networks attracted many researchersand practitioners during the past decades. However, wireless traffic frequentlyexhibits strong nonlinearities and complicated patterns, which makes it challengingto be predicted accurately. Many of the existing approaches forpredicting wireless network traffic are unable to produce accurate predictionsbecause they lack the ability to describe the dynamic spatial-temporalcorrelations of wireless network traffic data. In this paper, we proposed anovel meta-heuristic optimization approach based on fitness grey wolf anddipper throated optimization algorithms for boosting the prediction accuracyof traffic volume. The proposed algorithm is employed to optimize the hyperparametersof long short-term memory (LSTM) network as an efficient timeseries modeling approach which is widely used in sequence prediction tasks.To prove the superiority of the proposed algorithm, four other optimizationalgorithms were employed to optimize LSTM, and the results were compared.The evaluation results confirmed the effectiveness of the proposed approachin predicting the traffic of wireless networks accurately. On the other hand,a statistical analysis is performed to emphasize the stability of the proposedapproach.

Detection of Abnormal Network Traffic Using Bidirectional Long Short-Term Memory

Nowadays,web systems and servers are constantly at great risk from cyberattacks.This paper proposes a novel approach to detecting abnormal network traffic using a bidirectional long short-term memory(LSTM)network in combination with the ensemble learning technique.First,the binary classification module was used to detect the current abnormal flow.Then,the abnormal flows were fed into the multilayer classification module to identify the specific type of flow.In this research,a deep learning bidirectional LSTM model,in combination with the convolutional neural network and attention technique,was deployed to identify a specific attack.To solve the real-time intrusion-detecting problem,a stacking ensemble-learning model was deployed to detect abnormal intrusion before being transferred to the attack classification module.The class-weight technique was applied to overcome the data imbalance between the attack layers.The results showed that our approach gained good performance and the F1 accuracy on the CICIDS2017 data set reached 99.97%,which is higher than the results obtained in other research.

Research on Data Tampering Prevention Method for ATC Network Based on Zero Trust

The traditional air traffic control information sharing data has weak security characteristics of personal privacy data and poor effect,which is easy to leads to the problem that the data is usurped.Starting from the application of the ATC(automatic train control)network,this paper focuses on the zero trust and zero trust access strategy and the tamper-proof method of information-sharing network data.Through the improvement of ATC’s zero trust physical layer authentication and network data distributed feature differentiation calculation,this paper reconstructs the personal privacy scope authentication structure and designs a tamper-proof method of ATC’s information sharing on the Internet.From the single management authority to the unified management of data units,the systematic algorithm improvement of shared network data tamper prevention method is realized,and RDTP(Reliable Data Transfer Protocol)is selected in the network data of information sharing resources to realize the effectiveness of tamper prevention of air traffic control data during transmission.The results show that this method can reasonably avoid the tampering of information sharing on the Internet,maintain the security factors of air traffic control information sharing on the Internet,and the Central Processing Unit(CPU)utilization rate is only 4.64%,which effectively increases the performance of air traffic control data comprehensive security protection system.

Comparison between Neural Network and Adaptive Neuro-Fuzzy Inference System for Forecasting Chaotic Traffic Volumes

This paper applies both the neural network and adaptive neuro-fuzzy inference system for forecasting short-term chaotic traffic volumes and compares the results. The architecture of the neural network consists of the input vector, one hidden layer and output layer. Bayesian regularization is employed to obtain the effective number of neurons in the hidden layer. The input variables and target of the adaptive neuro-fuzzy inference system are the same as those of the neural network. The data clustering technique is used to group data points so that the membership functions will be more tailored to the input data, which in turn greatly reduces the number of fuzzy rules. Numerical results indicate that these two models have almost the same accuracy, while the adaptive neuro-fuzzy inference system takes more time to train. It is also shown that although the effective number of neurons in the hidden layer is less than half the number of the input elements, the neural network can have satisfactory performance.

Regional accessibility of land traffic network in the Yangtze River Delta

In a given district, the accessibility of any point should be the synthetically evaluation of the internal and external accessibilities. Using MapX component and Delphi, the author presents an information system to calculate and analyze regional accessibility according to the shortest travel time, generating thus a mark diffusing figure. Based on land traffic network, this paper assesses the present and the future regional accessibilities of sixteen major cities in the Yangtze River Delta. The result shows that the regional accessibility of the Yangtze River Delta presents a fan with Shanghai as its core. The top two most accessible cities are Shanghai and Jiaxing, and the bottom two ones are Taizhou （Zhejiang province） and Nantong With the construction of Sutong Bridge, Hangzhouwan Bridge and Zhoushan Bridge, the regional internal accessibility of all cities will be improved. Especially for Shaoxing, Ningbo and Taizhou （Jiangsu province）, the regional internal accessibility will be decreased by one hour, and other cities will be shortened by about 25 minutes averagely. As the construction of Yangkou Harbor in Nantong, the regional external accessibility of the harbor cities in Jiangsu province will be speeded up by about one hour.

Small-time scale network traffic prediction based on a local support vector machine regression model

In this paper we apply the nonlinear time series analysis method to small-time scale traffic measurement data. The prediction-based method is used to determine the embedding dimension of the traffic data. Based on the reconstructed phase space, the local support vector machine prediction method is used to predict the traffic measurement data, and the BIC-based neighbouring point selection method is used to choose the number of the nearest neighbouring points for the local support vector machine regression model. The experimental results show that the local support vector machine prediction method whose neighbouring points are optimized can effectively predict the small-time scale traffic measurement data and can reproduce the statistical features of real traffic measurements.

Hierarchy property of traffic networks

The flourishing complex network theory has aroused increasing interest in studying the properties of real-world networks. Based on the traffic network of Chang-Zhu Tan urban agglomeration in central China, some basic network topological characteristics were computed with data collected from local traffic maps, which showed that the traffic networks were small-world networks with strong resilience against failure; more importantly, the investigations of as- sortativity coefficient and average nearestlneighbour degree implied the disassortativity of the traffic networks. Since traffic network hierarchy as an important basic property has been neither studied intensively nor proved quantitatively, the authors are inspired to analyse traffic network hierarchy with disassortativity and to finely characterize hierarchy in the traffic networks by using the n-degree-n-clustering coefficient relationship. Through numerical results and analyses an exciting conclusion is drawn that the traffic networks exhibit a significant hierarchy, that is, the traffic networks are proved to be hierarchically organized. The result provides important information and theoretical groundwork for optimal transport planning.

Correlation dimension based nonlinear analysis of network traffics with different application protocols

This paper uses a correlation dimension based nonlinear analysis approach to analyse the dynamics of network traffics with three different application protocols-HTTP, FTP and SMTP. First, the phase space is reconstructed and the embedding parameters are obtained by the mutual information method. Secondly, the correlation dimensions of three different traffics are calculated and the results of analysis have demonstrated that the dynamics of the three different application protocol traffics is different from each other in nature, i.e. HTTP and FTP traffics are chaotic, furthermore, the former is more complex than the later; on the other hand, SMTP traffic is stochastic. It is shown that correlation dimension approach is an efficient method to understand and to characterize the nonlinear dynamics of HTTP, FTP and SMTP protocol network traffics. This analysis provided insight into and a more accurate understanding of nonlinear dynamics of internet traffics which have a complex mixture of chaotic and stochastic components.

Fluctuations in airport arrival and departure traffic:A network analysis

Air traffic is a typical complex system, in which movements of traffic components （pilots, controllers, equipment, and environment）, especially airport arrival and departure traffic, form complicated spatial and temporal dynamics. The fluctuations of airport arrival and departure traffic are studied from the point of view of networks as the special correlation between different airports. Our collected flow volume data on the time-dependent activity of US airport arrival and departure traffic indicate that the coupling between the average flux and the fluctuation of an individual airport obeys a certain scaling law with a wide variety of scaling exponents between 1/2 and 1. These scaling phenomena can explain the interaction between the airport internal dynamics （e.g. queuing at airports, a ground delay program and following flying traffic） and a change in the external （network-wide） traffic demand （e.g. an increase in traffic during peak hours every day）, allowing us to further understand the mechanisms governing the collective behaviour of the transportation system. We separate internal dynamics from external fluctuations using a scaling law which is helpful for us to systematically determine the origin of fluctuations in airport arrival and departure traffic, uncovering the collective dynamics. Hot spot features are observed in airport traffic data as the dynamical inhomogeneity in the fluxes of individual airports. The intrinsic characteristics of airport arrival and departure traffic under severe weather is discussed as well.

An Efficient Internet Traffic Classification System Using Deep Learning for IoT

Internet of Things(IoT)defines a network of devices connected to the internet and sharing a massive amount of data between each other and a central location.These IoT devices are connected to a network therefore prone to attacks.Various management tasks and network operations such as security,intrusion detection,Quality-of-Service provisioning,performance monitoring,resource provisioning,and traffic engineering require traffic classification.Due to the ineffectiveness of traditional classification schemes,such as port-based and payload-based methods,researchers proposed machine learning-based traffic classification systems based on shallow neural networks.Furthermore,machine learning-based models incline to misclassify internet traffic due to improper feature selection.In this research,an efficient multilayer deep learning based classification system is presented to overcome these challenges that can classify internet traffic.To examine the performance of the proposed technique,Moore-dataset is used for training the classifier.The proposed scheme takes the pre-processed data and extracts the flow features using a deep neural network(DNN).In particular,the maximum entropy classifier is used to classify the internet traffic.The experimental results show that the proposed hybrid deep learning algorithm is effective and achieved high accuracy for internet traffic classification,i.e.,99.23%.Furthermore,the proposed algorithm achieved the highest accuracy compared to the support vector machine(SVM)based classification technique and k-nearest neighbours(KNNs)based classification technique.

Network traffic prediction by a wavelet-based combined model

Network traffic prediction models can be grouped into two types, single models and combined ones. Combined models integrate several single models and thus can improve prediction accuracy. Based on wavelet transform, grey theory, and chaos theory, this paper proposes a novel combined model, wavelet-grey-chaos （WGC）, for network traffic prediction. In the WGC model, we develop a time series decomposition method without the boundary problem by modifying the standard à trous algorithm, decompose the network traffic into two parts, the residual part and the burst part to alleviate the accumulated error problem, and employ the grey model GM（1,1） and chaos model to predict the residual part and the burst part respectively. Simulation results on real network traffic show that the WGC model does improve prediction accuracy.

Spatio-Temporal Cellular Network Traffic Prediction Using Multi-Task Deep Learning for AI-Enabled 6G

Spatio-temporal cellular network traffic prediction at wide-area level plays an important role in resource reconfiguration,traffic scheduling and intrusion detection,thus potentially supporting connected intelligence of the sixth generation of mobile communications technology(6G).However,the existing studies just focus on the spatio-temporal modeling of traffic data of single network service,such as short message,call,or Internet.It is not conducive to accurate prediction of traffic data,characterised by diverse network service,spatio-temporality and supersize volume.To address this issue,a novel multi-task deep learning framework is developed for citywide cellular network traffic prediction.Functionally,this framework mainly consists of a dual modular feature sharing layer and a multi-task learning layer(DMFS-MT).The former aims at mining long-term spatio-temporal dependencies and local spatio-temporal fluctuation trends in data,respectively,via a new combination of convolutional gated recurrent unit(ConvGRU)and 3-dimensional convolutional neural network(3D-CNN).For the latter,each task is performed for predicting service-specific traffic data based on a fully connected network.On the real-world Telecom Italia dataset,simulation results demonstrate the effectiveness of our proposal through prediction performance measure,spatial pattern comparison and statistical distribution verification.

An Effective Network Traffic Data Control Using Improved Apriori Rule Mining

The increasing usage of internet requires a significant system for effective communication. To pro- vide an effective communication for the internet users, based on nature of their queries, shortest routing path is usually preferred for data forwarding. But when more number of data chooses the same path, in that case, bottleneck occurs in the traffic this leads to data loss or provides irrelevant data to the users. In this paper, a Rule Based System using Improved Apriori (RBS-IA) rule mining framework is proposed for effective monitoring of traffic occurrence over the network and control the network traffic. RBS-IA framework integrates both the traffic control and decision making system to enhance the usage of internet trendier. At first, the network traffic data are ana- lyzed and the incoming and outgoing data information is processed using apriori rule mining algorithm. After generating the set of rules, the network traffic condition is analyzed. Based on the traffic conditions, the decision rule framework is introduced which derives and assigns the set of suitable rules to the appropriate states of the network. The decision rule framework improves the effectiveness of network traffic control by updating the traffic condition states for identifying the relevant route path for packet data transmission. Experimental evaluation is conducted by extrac- ting the Dodgers loop sensor data set from UCI repository to detect the effectiveness of theproposed Rule Based System using Improved Apriori (RBS-IA) rule mining framework. Performance evaluation shows that the proposed RBS-IA rule mining framework provides significant improvement in managing the network traffic control scheme. RBS-IA rule mining framework is evaluated over the factors such as accuracy of the decision being obtained, interestingness measure and execution time.