Applying an Improved Dung Beetle Optimizer Algorithm to Network Traffic Identification

Network traffic identification is critical for maintaining network security and further meeting various demands of network applications.However,network traffic data typically possesses high dimensionality and complexity,leading to practical problems in traffic identification data analytics.Since the original Dung Beetle Optimizer(DBO)algorithm,Grey Wolf Optimization(GWO)algorithm,Whale Optimization Algorithm(WOA),and Particle Swarm Optimization(PSO)algorithm have the shortcomings of slow convergence and easily fall into the local optimal solution,an Improved Dung Beetle Optimizer(IDBO)algorithm is proposed for network traffic identification.Firstly,the Sobol sequence is utilized to initialize the dung beetle population,laying the foundation for finding the global optimal solution.Next,an integration of levy flight and golden sine strategy is suggested to give dung beetles a greater probability of exploring unvisited areas,escaping from the local optimal solution,and converging more effectively towards a global optimal solution.Finally,an adaptive weight factor is utilized to enhance the search capabilities of the original DBO algorithm and accelerate convergence.With the improvements above,the proposed IDBO algorithm is then applied to traffic identification data analytics and feature selection,as so to find the optimal subset for K-Nearest Neighbor(KNN)classification.The simulation experiments use the CICIDS2017 dataset to verify the effectiveness of the proposed IDBO algorithm and compare it with the original DBO,GWO,WOA,and PSO algorithms.The experimental results show that,compared with other algorithms,the accuracy and recall are improved by 1.53%and 0.88%in binary classification,and the Distributed Denial of Service(DDoS)class identification is the most effective in multi-classification,with an improvement of 5.80%and 0.33%for accuracy and recall,respectively.Therefore,the proposed IDBO algorithm is effective in increasing the efficiency of traffic identification and solving the problem of the original DBO algorithm that converges slowly and falls into the local optimal solution when dealing with high-dimensional data analytics and feature selection for network traffic identification.

Classified VPN Network Traffic Flow Using Time Related to Artificial Neural Network

VPNs are vital for safeguarding communication routes in the continually changing cybersecurity world.However,increasing network attack complexity and variety require increasingly advanced algorithms to recognize and categorizeVPNnetwork data.We present a novelVPNnetwork traffic flowclassificationmethod utilizing Artificial Neural Networks(ANN).This paper aims to provide a reliable system that can identify a virtual private network(VPN)traffic fromintrusion attempts,data exfiltration,and denial-of-service assaults.We compile a broad dataset of labeled VPN traffic flows from various apps and usage patterns.Next,we create an ANN architecture that can handle encrypted communication and distinguish benign from dangerous actions.To effectively process and categorize encrypted packets,the neural network model has input,hidden,and output layers.We use advanced feature extraction approaches to improve the ANN’s classification accuracy by leveraging network traffic’s statistical and behavioral properties.We also use cutting-edge optimizationmethods to optimize network characteristics and performance.The suggested ANN-based categorization method is extensively tested and analyzed.Results show the model effectively classifies VPN traffic types.We also show that our ANN-based technique outperforms other approaches in precision,recall,and F1-score with 98.79%accuracy.This study improves VPN security and protects against new cyberthreats.Classifying VPNtraffic flows effectively helps enterprises protect sensitive data,maintain network integrity,and respond quickly to security problems.This study advances network security and lays the groundwork for ANN-based cybersecurity solutions.

Network Traffic Synthesis and Simulation Framework for Cybersecurity Exercise Systems

In the rapidly evolving field of cybersecurity,the challenge of providing realistic exercise scenarios that accurately mimic real-world threats has become increasingly critical.Traditional methods often fall short in capturing the dynamic and complex nature of modern cyber threats.To address this gap,we propose a comprehensive framework designed to create authentic network environments tailored for cybersecurity exercise systems.Our framework leverages advanced simulation techniques to generate scenarios that mirror actual network conditions faced by professionals in the field.The cornerstone of our approach is the use of a conditional tabular generative adversarial network(CTGAN),a sophisticated tool that synthesizes realistic synthetic network traffic by learning fromreal data patterns.This technology allows us to handle technical components and sensitive information with high fidelity,ensuring that the synthetic data maintains statistical characteristics similar to those observed in real network environments.By meticulously analyzing the data collected from various network layers and translating these into structured tabular formats,our framework can generate network traffic that closely resembles that found in actual scenarios.An integral part of our process involves deploying this synthetic data within a simulated network environment,structured on software-defined networking(SDN)principles,to test and refine the traffic patterns.This simulation not only facilitates a direct comparison between the synthetic and real traffic but also enables us to identify discrepancies and refine the accuracy of our simulations.Our initial findings indicate an error rate of approximately 29.28%between the synthetic and real traffic data,highlighting areas for further improvement and adjustment.By providing a diverse array of network scenarios through our framework,we aim to enhance the exercise systems used by cybersecurity professionals.This not only improves their ability to respond to actual cyber threats but also ensures that the exercise is cost-effective and efficient.

Small-time scale network traffic prediction based on a local support vector machine regression model

In this paper we apply the nonlinear time series analysis method to small-time scale traffic measurement data. The prediction-based method is used to determine the embedding dimension of the traffic data. Based on the reconstructed phase space, the local support vector machine prediction method is used to predict the traffic measurement data, and the BIC-based neighbouring point selection method is used to choose the number of the nearest neighbouring points for the local support vector machine regression model. The experimental results show that the local support vector machine prediction method whose neighbouring points are optimized can effectively predict the small-time scale traffic measurement data and can reproduce the statistical features of real traffic measurements.

Prediction Method for Network Traffic Based on Maximum Correntropy Criterion

This paper proposes a method for improving the precision of Network Traffic Prediction based on the Maximum Correntropy Criterion(NTPMCC),where the nonlinear characteristics of network traffic are considered.This method utilizes the MCC as a new error evaluation criterion or named the cost function(CF)to train neural networks(NN).MCC is based on a new similarity function(Generalized correlation entropy function,Correntropy),which has as its foundation the Parzen window evaluation and Renyi entropy of error probability density function.At the same time,by combining the MCC with the Mean Square Error(MSE),a mixed evaluation criterion with MCC and MSE is proposed as a cost function of NN training.According to the traffic network characteristics including the nonlinear,non-Gaussian,and mutation,the Elman neural network is trained by MCC and MCC-MSE,and then the trained neural network is used as the model for predicting network traffic.The simulation results based on the evaluation by Mean Absolute Error(MAE),MSE,and Sum Squared Error(SSE)show that the accuracy of the prediction based on MCC is superior to the results of the Elman neural network with MSE.The overall performance is improved by about 0.0131.

An Intrusion Alarming System Based on Self-Similarity of Network Traffic

Intrusion detection system ean make effective alarm for illegality of networkusers, which is absolutely necessarily and important to build security environment of communicationbase service According to the principle that the number of network traffic can affect the degree ofself-similar traffic, the paper investigates the variety of self-similarity resulted fromunconventional network traffic. A network traffic model based on normal behaviors of user isproposed and the Hursl parameter of this model can be calculated. By comparing the Hurst parameterof normal traffic and the self-similar parameter, we ean judge whether the network is normal or notand alarm in time.

A Network Traffic Classification Model Based on Metric Learning

Attacks on websites and network servers are among the most critical threats in network security.Network behavior identification is one of the most effective ways to identify malicious network intrusions.Analyzing abnormal network traffic patterns and traffic classification based on labeled network traffic data are among the most effective approaches for network behavior identification.Traditional methods for network traffic classification utilize algorithms such as Naive Bayes,Decision Tree and XGBoost.However,network traffic classification,which is required for network behavior identification,generally suffers from the problem of low accuracy even with the recently proposed deep learning models.To improve network traffic classification accuracy thus improving network intrusion detection rate,this paper proposes a new network traffic classification model,called ArcMargin,which incorporates metric learning into a convolutional neural network(CNN)to make the CNN model more discriminative.ArcMargin maps network traffic samples from the same category more closely while samples from different categories are mapped as far apart as possible.The metric learning regularization feature is called additive angular margin loss,and it is embedded in the object function of traditional CNN models.The proposed ArcMargin model is validated with three datasets and is compared with several other related algorithms.According to a set of classification indicators,the ArcMargin model is proofed to have better performances in both network traffic classification tasks and open-set tasks.Moreover,in open-set tasks,the ArcMargin model can cluster unknown data classes that do not exist in the previous training dataset.

ON THE TESTING FOR ALPHA-STABLE DISTRIBUTIONS OF ETHERNET NETWORK TRAFFIC

The modeling of network traffic is important for the design and application of networks, but little is known as to the characteristics of distribution of packets in network traffic. In this letter the distribution of packets in network traffic is explored.

Correlation dimension based nonlinear analysis of network traffics with different application protocols

This paper uses a correlation dimension based nonlinear analysis approach to analyse the dynamics of network traffics with three different application protocols-HTTP, FTP and SMTP. First, the phase space is reconstructed and the embedding parameters are obtained by the mutual information method. Secondly, the correlation dimensions of three different traffics are calculated and the results of analysis have demonstrated that the dynamics of the three different application protocol traffics is different from each other in nature, i.e. HTTP and FTP traffics are chaotic, furthermore, the former is more complex than the later; on the other hand, SMTP traffic is stochastic. It is shown that correlation dimension approach is an efficient method to understand and to characterize the nonlinear dynamics of HTTP, FTP and SMTP protocol network traffics. This analysis provided insight into and a more accurate understanding of nonlinear dynamics of internet traffics which have a complex mixture of chaotic and stochastic components.

Network traffic prediction by a wavelet-based combined model

Network traffic prediction models can be grouped into two types, single models and combined ones. Combined models integrate several single models and thus can improve prediction accuracy. Based on wavelet transform, grey theory, and chaos theory, this paper proposes a novel combined model, wavelet-grey-chaos （WGC）, for network traffic prediction. In the WGC model, we develop a time series decomposition method without the boundary problem by modifying the standard à trous algorithm, decompose the network traffic into two parts, the residual part and the burst part to alleviate the accumulated error problem, and employ the grey model GM（1,1） and chaos model to predict the residual part and the burst part respectively. Simulation results on real network traffic show that the WGC model does improve prediction accuracy.

Network Traffic Based on GARCH-M Model and Extreme Value Theory

GARCH-M ( generalized autoregressive conditional heteroskedasticity in the mean) model is used to analyse the volatility clustering phenomenon in mobile communication network traffic. Normal distribution, t distribution and generalized Pareto distribution assumptions are adopted re- spectively to simulate the random component in the model. The demonstration of the quantile of network traffic series indicates that common GARCH-M model can partially deal with the "fat tail" problem. However, the "fat tail" characteristic of the random component directly affects the accura- cy of the calculation. Even t distribution is based on the assumption for all the data. On the other hand, extreme value theory, which only concentrates on the tail distribution, can provide more ac- curate result for high quantiles. The best result is obtained based on the generalized Pareto distribu- tion assumption for the random component in the GARCH-M model.

An Improved Jump Spider Optimization for Network Traffic Identification Feature Selection

The massive influx of traffic on the Internet has made the composition of web traffic increasingly complex.Traditional port-based or protocol-based network traffic identification methods are no longer suitable for today’s complex and changing networks.Recently,machine learning has beenwidely applied to network traffic recognition.Still,high-dimensional features and redundant data in network traffic can lead to slow convergence problems and low identification accuracy of network traffic recognition algorithms.Taking advantage of the faster optimizationseeking capability of the jumping spider optimization algorithm(JSOA),this paper proposes a jumping spider optimization algorithmthat incorporates the harris hawk optimization(HHO)and small hole imaging(HHJSOA).We use it in network traffic identification feature selection.First,the method incorporates the HHO escape energy factor and the hard siege strategy to forma newsearch strategy for HHJSOA.This location update strategy enhances the search range of the optimal solution of HHJSOA.We use small hole imaging to update the inferior individual.Next,the feature selection problem is coded to propose a jumping spiders individual coding scheme.Multiple iterations of the HHJSOA algorithmfind the optimal individual used as the selected feature for KNN classification.Finally,we validate the classification accuracy and performance of the HHJSOA algorithm using the UNSW-NB15 dataset and KDD99 dataset.Experimental results show that compared with other algorithms for the UNSW-NB15 dataset,the improvement is at least 0.0705,0.00147,and 1 on the accuracy,fitness value,and the number of features.In addition,compared with other feature selectionmethods for the same datasets,the proposed algorithmhas faster convergence,better merit-seeking,and robustness.Therefore,HHJSOAcan improve the classification accuracy and solve the problem that the network traffic recognition algorithm needs to be faster to converge and easily fall into local optimum due to high-dimensional features.

Spatio-Temporal Cellular Network Traffic Prediction Using Multi-Task Deep Learning for AI-Enabled 6G

Spatio-temporal cellular network traffic prediction at wide-area level plays an important role in resource reconfiguration,traffic scheduling and intrusion detection,thus potentially supporting connected intelligence of the sixth generation of mobile communications technology(6G).However,the existing studies just focus on the spatio-temporal modeling of traffic data of single network service,such as short message,call,or Internet.It is not conducive to accurate prediction of traffic data,characterised by diverse network service,spatio-temporality and supersize volume.To address this issue,a novel multi-task deep learning framework is developed for citywide cellular network traffic prediction.Functionally,this framework mainly consists of a dual modular feature sharing layer and a multi-task learning layer(DMFS-MT).The former aims at mining long-term spatio-temporal dependencies and local spatio-temporal fluctuation trends in data,respectively,via a new combination of convolutional gated recurrent unit(ConvGRU)and 3-dimensional convolutional neural network(3D-CNN).For the latter,each task is performed for predicting service-specific traffic data based on a fully connected network.On the real-world Telecom Italia dataset,simulation results demonstrate the effectiveness of our proposal through prediction performance measure,spatial pattern comparison and statistical distribution verification.

Fast Multi-Pattern Matching Algorithm on Compressed Network Traffic

Pattern matching is a fundamental approach to detect malicious behaviors and information over Internet, which has been gradually used in high-speed network traffic analysis. However, there is a performance bottleneck for multi-pattern matching on online compressed network traffic(CNT), this is because malicious and intrusion codes are often embedded into compressed network traffic. In this paper, we propose an online fast and multi-pattern matching algorithm on compressed network traffic(FMMCN). FMMCN employs two types of jumping, i.e. jumping during sliding window and a string jump scanning strategy to skip unnecessary compressed bytes. Moreover, FMMCN has the ability to efficiently process multiple large volume of networks such as HTTP traffic, vehicles traffic, and other Internet-based services. The experimental results show that FMMCN can ignore more than 89.5% of bytes, and its maximum speed reaches 176.470MB/s in a midrange switches device, which is faster than the current fastest algorithm ACCH by almost 73.15 MB/s.

A Network Traffic Prediction Algorithm Based on Prophet-EALSTM-GPR

Huge networks and increasing network traffic will consume more and more resources.It is critical to predict network traffic accurately and timely for network planning,and resource allocation,etc.In this paper,a combined network traffic prediction model is proposed,which is based on Prophet,evolutionary attention-based LSTM(EALSTM)network,and Gaussian process regression(GPR).According to the non-smooth,sudden,periodic,and long correlation characteristics of network traffic,the prediction procedure is divided into three steps to predict network traffic accurately.In the first step,the Prophetmodel decomposes network traffic data into periodic and non-periodic parts.The periodic term is predicted by the Prophet model for different granularity periods.In the second step,the non-periodic term is fed to an EALSTM network to extract the importance of the different features in the sequence and learn their long correlation,which effectively avoids the long-term dependence problem caused by long step length.Finally,GPR is used to predict the residual term to boost the predictability even further.Experimental results indicate that the proposed scheme is more applicable and can significantly improve prediction accuracy compared with traditional linear and nonlinear models.

An Effective Network Traffic Data Control Using Improved Apriori Rule Mining

The increasing usage of internet requires a significant system for effective communication. To pro- vide an effective communication for the internet users, based on nature of their queries, shortest routing path is usually preferred for data forwarding. But when more number of data chooses the same path, in that case, bottleneck occurs in the traffic this leads to data loss or provides irrelevant data to the users. In this paper, a Rule Based System using Improved Apriori (RBS-IA) rule mining framework is proposed for effective monitoring of traffic occurrence over the network and control the network traffic. RBS-IA framework integrates both the traffic control and decision making system to enhance the usage of internet trendier. At first, the network traffic data are ana- lyzed and the incoming and outgoing data information is processed using apriori rule mining algorithm. After generating the set of rules, the network traffic condition is analyzed. Based on the traffic conditions, the decision rule framework is introduced which derives and assigns the set of suitable rules to the appropriate states of the network. The decision rule framework improves the effectiveness of network traffic control by updating the traffic condition states for identifying the relevant route path for packet data transmission. Experimental evaluation is conducted by extrac- ting the Dodgers loop sensor data set from UCI repository to detect the effectiveness of theproposed Rule Based System using Improved Apriori (RBS-IA) rule mining framework. Performance evaluation shows that the proposed RBS-IA rule mining framework provides significant improvement in managing the network traffic control scheme. RBS-IA rule mining framework is evaluated over the factors such as accuracy of the decision being obtained, interestingness measure and execution time.

Chaotic Control of Network Traffic

This paper presents a chaotic control method on network traffic. By this method, the chaotic network traffic can be controlled to pre-assigned equifibrium point according to chaotic prediction and the Largest Lyapunov Exponent （LLE） of the traffic on congested link is reduced, thereby the probability of traffic burst and network congestion can be reduced. Numerical examples show that this method is effective.

Network Traffic Clustering with QoS-Awareness

Network traffic classification is essential in supporting network measurement and management.Many existing traffic classification approaches provide application-level results regardless of the network quality of service(QoS)requirements.In practice,traffic flows from the same application may have irregular network behaviors that should be identified to various QoS classes for best network resource management.To address the issues,we propose to conduct traffic classification with two newly defined QoSaware features,i.e.,inter-APP similarity and intraAPP diversity.The inter-APP similarity represents the close QoS association between the traffic flows that originate from the different Internet applications.The intra-APP diversity describes the QoS variety of the traffic even among those originated from the same Internet application.The core of performing the QoS-aware feature extraction is a Long-Short Term Memory neural network based Autoencoder(LSTMAE).The QoS-aware features extracted by the encoder part of the LSTM-AE are then clustered into the corresponding QoS classes.Real-life data from multiple applications are collected to evaluate the proposed QoS-aware network traffic classification approach.The evaluation results demonstrate the efficacy of the extracted QoS-aware features in supporting the traffic classification,which can further contribute to future network measurement and management.

Network Traffic Signature Generation Mechanism Using Principal Component Analysis

The Deep Packet Inspection(DPI)method is a popular method that can accurately identify the flow data and its corresponding application.Currently,the DPI method is widely used in common network management systems.However,the major limitation of DPI systems is that their signature library is mainly extracted manually,which makes it hard to efficiently obtain the signature of new applications.Hence,in this paper,we propose an automatic signature extraction mechanism using Principal Component Analysis(PCA)technology,which is able to extract the signature automatically.In the proposed method,the signatures are expressed in the form of serial consistent sequences constructed by principal components instead of normally separated substrings in the original data extracted from the traditional methods.Extensive experiments based on numerous sets of data have been carried out to evaluate the performance of the proposed scheme,and the results prove that the newly proposed method can achieve good performance in terms of accuracy and efficiency.

RRCNN: Request Response-Based Convolutional Neural Network for ICS Network Traffic Anomaly Detection

Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly detection methods rely on statistical features manually extracted using the experience of network security experts.They are not aimed at the original network data,nor can they capture the potential characteristics of network packets.Therefore,the following improvements were made in this study:(1)A dataset that can be used to evaluate anomaly detection algorithms is produced,which provides raw network data.(2)A request response-based convolutional neural network named RRCNN is proposed,which can be used for anomaly detection of ICS network traffic.Instead of using statistical features manually extracted by security experts,this method uses the byte sequences of the original network packets directly,which can extract potential features of the network packets in greater depth.It regards the request packet and response packet in a session as a Request-Response Pair(RRP).The feature of RRP is extracted using a one-dimensional convolutional neural network,and then the RRP is judged to be normal or abnormal based on the extracted feature.Experimental results demonstrate that this model is better than several other machine learning and neural network models,with F1,accuracy,precision,and recall above 99%.