Hierarchy property of traffic networks

The flourishing complex network theory has aroused increasing interest in studying the properties of real-world networks. Based on the traffic network of Chang-Zhu Tan urban agglomeration in central China, some basic network topological characteristics were computed with data collected from local traffic maps, which showed that the traffic networks were small-world networks with strong resilience against failure; more importantly, the investigations of as- sortativity coefficient and average nearestlneighbour degree implied the disassortativity of the traffic networks. Since traffic network hierarchy as an important basic property has been neither studied intensively nor proved quantitatively, the authors are inspired to analyse traffic network hierarchy with disassortativity and to finely characterize hierarchy in the traffic networks by using the n-degree-n-clustering coefficient relationship. Through numerical results and analyses an exciting conclusion is drawn that the traffic networks exhibit a significant hierarchy, that is, the traffic networks are proved to be hierarchically organized. The result provides important information and theoretical groundwork for optimal transport planning.

Metaheuristic Optimization of Time Series Models for Predicting Networks Traffic

Traffic prediction of wireless networks attracted many researchersand practitioners during the past decades. However, wireless traffic frequentlyexhibits strong nonlinearities and complicated patterns, which makes it challengingto be predicted accurately. Many of the existing approaches forpredicting wireless network traffic are unable to produce accurate predictionsbecause they lack the ability to describe the dynamic spatial-temporalcorrelations of wireless network traffic data. In this paper, we proposed anovel meta-heuristic optimization approach based on fitness grey wolf anddipper throated optimization algorithms for boosting the prediction accuracyof traffic volume. The proposed algorithm is employed to optimize the hyperparametersof long short-term memory (LSTM) network as an efficient timeseries modeling approach which is widely used in sequence prediction tasks.To prove the superiority of the proposed algorithm, four other optimizationalgorithms were employed to optimize LSTM, and the results were compared.The evaluation results confirmed the effectiveness of the proposed approachin predicting the traffic of wireless networks accurately. On the other hand,a statistical analysis is performed to emphasize the stability of the proposedapproach.

Cluster DetectionMethod of Endogenous Security Abnormal Attack Behavior in Air Traffic Control Network

In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set for ATC cybersecurity attacks is constructed by setting the feature states,adding recursive features,and determining the feature criticality.The expected information gain and entropy of the feature data are computed to determine the information gain of the feature data and reduce the interference of similar feature data.An autoencoder is introduced into the AI(artificial intelligence)algorithm to encode and decode the characteristics of ATC network security attack behavior to reduce the dimensionality of the ATC network security attack behavior data.Based on the above processing,an unsupervised learning algorithm for clustering detection of ATC network security attacks is designed.First,determine the distance between the clustering clusters of ATC network security attack behavior characteristics,calculate the clustering threshold,and construct the initial clustering center.Then,the new average value of all feature objects in each cluster is recalculated as the new cluster center.Second,it traverses all objects in a cluster of ATC network security attack behavior feature data.Finally,the cluster detection of ATC network security attack behavior is completed by the computation of objective functions.The experiment took three groups of experimental attack behavior data sets as the test object,and took the detection rate,false detection rate and recall rate as the test indicators,and selected three similar methods for comparative test.The experimental results show that the detection rate of this method is about 98%,the false positive rate is below 1%,and the recall rate is above 97%.Research shows that this method can improve the detection performance of security attacks in air traffic control network.

Abnormal Traffic Detection for Internet of Things Based on an Improved Residual Network

Along with the progression of Internet of Things(IoT)technology,network terminals are becoming continuously more intelligent.IoT has been widely applied in various scenarios,including urban infrastructure,transportation,industry,personal life,and other socio-economic fields.The introduction of deep learning has brought new security challenges,like an increment in abnormal traffic,which threatens network security.Insufficient feature extraction leads to less accurate classification results.In abnormal traffic detection,the data of network traffic is high-dimensional and complex.This data not only increases the computational burden of model training but also makes information extraction more difficult.To address these issues,this paper proposes an MD-MRD-ResNeXt model for abnormal network traffic detection.To fully utilize the multi-scale information in network traffic,a Multi-scale Dilated feature extraction(MD)block is introduced.This module can effectively understand and process information at various scales and uses dilated convolution technology to significantly broaden the model’s receptive field.The proposed Max-feature-map Residual with Dual-channel pooling(MRD)block integrates the maximum feature map with the residual block.This module ensures the model focuses on key information,thereby optimizing computational efficiency and reducing unnecessary information redundancy.Experimental results show that compared to the latest methods,the proposed abnormal traffic detection model improves accuracy by about 2%.

Applying an Improved Dung Beetle Optimizer Algorithm to Network Traffic Identification

Network traffic identification is critical for maintaining network security and further meeting various demands of network applications.However,network traffic data typically possesses high dimensionality and complexity,leading to practical problems in traffic identification data analytics.Since the original Dung Beetle Optimizer(DBO)algorithm,Grey Wolf Optimization(GWO)algorithm,Whale Optimization Algorithm(WOA),and Particle Swarm Optimization(PSO)algorithm have the shortcomings of slow convergence and easily fall into the local optimal solution,an Improved Dung Beetle Optimizer(IDBO)algorithm is proposed for network traffic identification.Firstly,the Sobol sequence is utilized to initialize the dung beetle population,laying the foundation for finding the global optimal solution.Next,an integration of levy flight and golden sine strategy is suggested to give dung beetles a greater probability of exploring unvisited areas,escaping from the local optimal solution,and converging more effectively towards a global optimal solution.Finally,an adaptive weight factor is utilized to enhance the search capabilities of the original DBO algorithm and accelerate convergence.With the improvements above,the proposed IDBO algorithm is then applied to traffic identification data analytics and feature selection,as so to find the optimal subset for K-Nearest Neighbor(KNN)classification.The simulation experiments use the CICIDS2017 dataset to verify the effectiveness of the proposed IDBO algorithm and compare it with the original DBO,GWO,WOA,and PSO algorithms.The experimental results show that,compared with other algorithms,the accuracy and recall are improved by 1.53%and 0.88%in binary classification,and the Distributed Denial of Service(DDoS)class identification is the most effective in multi-classification,with an improvement of 5.80%and 0.33%for accuracy and recall,respectively.Therefore,the proposed IDBO algorithm is effective in increasing the efficiency of traffic identification and solving the problem of the original DBO algorithm that converges slowly and falls into the local optimal solution when dealing with high-dimensional data analytics and feature selection for network traffic identification.

Classified VPN Network Traffic Flow Using Time Related to Artificial Neural Network

VPNs are vital for safeguarding communication routes in the continually changing cybersecurity world.However,increasing network attack complexity and variety require increasingly advanced algorithms to recognize and categorizeVPNnetwork data.We present a novelVPNnetwork traffic flowclassificationmethod utilizing Artificial Neural Networks(ANN).This paper aims to provide a reliable system that can identify a virtual private network(VPN)traffic fromintrusion attempts,data exfiltration,and denial-of-service assaults.We compile a broad dataset of labeled VPN traffic flows from various apps and usage patterns.Next,we create an ANN architecture that can handle encrypted communication and distinguish benign from dangerous actions.To effectively process and categorize encrypted packets,the neural network model has input,hidden,and output layers.We use advanced feature extraction approaches to improve the ANN’s classification accuracy by leveraging network traffic’s statistical and behavioral properties.We also use cutting-edge optimizationmethods to optimize network characteristics and performance.The suggested ANN-based categorization method is extensively tested and analyzed.Results show the model effectively classifies VPN traffic types.We also show that our ANN-based technique outperforms other approaches in precision,recall,and F1-score with 98.79%accuracy.This study improves VPN security and protects against new cyberthreats.Classifying VPNtraffic flows effectively helps enterprises protect sensitive data,maintain network integrity,and respond quickly to security problems.This study advances network security and lays the groundwork for ANN-based cybersecurity solutions.

Network Intrusion Traffic Detection Based on Feature Extraction

With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.

A fast network partition method for large-scale urban traffic networks

In order to control the large-scale urban traffic network through hierarchical or decentralized methods, it is necessary to exploit a network partition method, which should be both effective in extracting subnetworks and fast to compute. In this paper, a new approach to calculate the correlation degree, which determines the desire for interconnection between two adjacent intersections, is first proposed. It is used as a weight of a link in an urban traffic network, which considers both the physical characteristics and the dynamic traffic information of the link. Then, a fast network division approach by optimizing the modularity, which is a criterion to distinguish the quality of the partition results, is applied to identify the subnetworks for large-scale urban traffic networks. Finally, an application to a specified urban traffic network is investigated using the proposed algorithm. The results show that it is an effective and efficient method for partitioning urban traffic networks automatically in real world.

On Minimizing Delay with Probabilistic Splitting of Traffic Flow in Heterogeneous Wireless Networks

In the paper,we propose a framework to investigate how to effectively perform traffic flow splitting in heterogeneous wireless networks from a queue point.The average packet delay in heterogeneous wireless networks is derived in a probabilistic manner.The basic idea can be understood via treating the integrated heterogeneous wireless networks as different coupled and parallel queuing systems.The integrated network performance can approach that of one queue with maximal the multiplexing gain.For the purpose of illustrating the effectively of our proposed model,the Cellular/WLAN interworking is exploited.To minimize the average delay,a heuristic search algorithm is used to get the optimal probability of splitting traffic flow.Further,a Markov process is applied to evaluate the performance of the proposed scheme and compare with that of selecting the best network to access in terms of packet mean delay and blocking probability.Numerical results illustrate our proposed framework is effective and the flow splitting transmission can obtain more performance gain in heterogeneous wireless networks.

An Improved Jump Spider Optimization for Network Traffic Identification Feature Selection

The massive influx of traffic on the Internet has made the composition of web traffic increasingly complex.Traditional port-based or protocol-based network traffic identification methods are no longer suitable for today’s complex and changing networks.Recently,machine learning has beenwidely applied to network traffic recognition.Still,high-dimensional features and redundant data in network traffic can lead to slow convergence problems and low identification accuracy of network traffic recognition algorithms.Taking advantage of the faster optimizationseeking capability of the jumping spider optimization algorithm(JSOA),this paper proposes a jumping spider optimization algorithmthat incorporates the harris hawk optimization(HHO)and small hole imaging(HHJSOA).We use it in network traffic identification feature selection.First,the method incorporates the HHO escape energy factor and the hard siege strategy to forma newsearch strategy for HHJSOA.This location update strategy enhances the search range of the optimal solution of HHJSOA.We use small hole imaging to update the inferior individual.Next,the feature selection problem is coded to propose a jumping spiders individual coding scheme.Multiple iterations of the HHJSOA algorithmfind the optimal individual used as the selected feature for KNN classification.Finally,we validate the classification accuracy and performance of the HHJSOA algorithm using the UNSW-NB15 dataset and KDD99 dataset.Experimental results show that compared with other algorithms for the UNSW-NB15 dataset,the improvement is at least 0.0705,0.00147,and 1 on the accuracy,fitness value,and the number of features.In addition,compared with other feature selectionmethods for the same datasets,the proposed algorithmhas faster convergence,better merit-seeking,and robustness.Therefore,HHJSOAcan improve the classification accuracy and solve the problem that the network traffic recognition algorithm needs to be faster to converge and easily fall into local optimum due to high-dimensional features.

Research on Traffic Identification Technologies for Peer-to-Peer Networks

The Peer-to-Peer(P2P)network traffic identification technology includes Transport Layer Identification(TLI)and Deep Packet Inspection(DPI)methods.By analyzing packets of the transport layer and the traffic characteristic in the P2P system,TLI can identify whether or not the network data flow belongs to the P2P system.The DPI method adopts protocol analysis technology and reverting technology.It picks up data from the P2P application layer and analyzes the characteristics of the payload to judge if the network traffic belongs to P2P applications.Due to its accuracy,robustness and classifying ability,DPI is the main method used to identify P2P traffic.Adopting the advantages of TLI and DPI,a precise and efficient technology for P2P network traffic identification can be designed.

RRCNN: Request Response-Based Convolutional Neural Network for ICS Network Traffic Anomaly Detection

Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly detection methods rely on statistical features manually extracted using the experience of network security experts.They are not aimed at the original network data,nor can they capture the potential characteristics of network packets.Therefore,the following improvements were made in this study:(1)A dataset that can be used to evaluate anomaly detection algorithms is produced,which provides raw network data.(2)A request response-based convolutional neural network named RRCNN is proposed,which can be used for anomaly detection of ICS network traffic.Instead of using statistical features manually extracted by security experts,this method uses the byte sequences of the original network packets directly,which can extract potential features of the network packets in greater depth.It regards the request packet and response packet in a session as a Request-Response Pair(RRP).The feature of RRP is extracted using a one-dimensional convolutional neural network,and then the RRP is judged to be normal or abnormal based on the extracted feature.Experimental results demonstrate that this model is better than several other machine learning and neural network models,with F1,accuracy,precision,and recall above 99%.

Detection of Abnormal Network Traffic Using Bidirectional Long Short-Term Memory

Nowadays,web systems and servers are constantly at great risk from cyberattacks.This paper proposes a novel approach to detecting abnormal network traffic using a bidirectional long short-term memory(LSTM)network in combination with the ensemble learning technique.First,the binary classification module was used to detect the current abnormal flow.Then,the abnormal flows were fed into the multilayer classification module to identify the specific type of flow.In this research,a deep learning bidirectional LSTM model,in combination with the convolutional neural network and attention technique,was deployed to identify a specific attack.To solve the real-time intrusion-detecting problem,a stacking ensemble-learning model was deployed to detect abnormal intrusion before being transferred to the attack classification module.The class-weight technique was applied to overcome the data imbalance between the attack layers.The results showed that our approach gained good performance and the F1 accuracy on the CICIDS2017 data set reached 99.97%,which is higher than the results obtained in other research.

Fortifying Smart Grids: A Holistic Assessment Strategy against Cyber Attacks and Physical Threats for Intelligent Electronic Devices

Intelligent electronic devices(IEDs)are interconnected via communication networks and play pivotal roles in transmitting grid-related operational data and executing control instructions.In the context of the heightened security challenges within smart grids,IEDs pose significant risks due to inherent hardware and software vulner-abilities,as well as the openness and vulnerability of communication protocols.Smart grid security,distinct from traditional internet security,mainly relies on monitoring network security events at the platform layer,lacking an effective assessment mechanism for IEDs.Hence,we incorporate considerations for both cyber-attacks and physical faults,presenting security assessment indicators and methods specifically tailored for IEDs.Initially,we outline the security monitoring technology for IEDs,considering the necessary data sources for their security assessment.Subsequently,we classify IEDs and establish a comprehensive security monitoring index system,incorporating factors such as running states,network traffic,and abnormal behaviors.This index system contains 18 indicators in 3 categories.Additionally,we elucidate quantitative methods for various indicators and propose a hybrid security assessment method known as GRCW-hybrid,combining grey relational analysis(GRA),analytic hierarchy process(AHP),and entropy weight method(EWM).According to the proposed assessment method,the security risk level of IEDs can be graded into 6 levels,namely 0,1,2,3,4,and 5.The higher the level,the greater the security risk.Finally,we assess and simulate 15 scenarios in 3 categories,which are based on monitoring indicators and real-world situations encountered by IEDs.The results show that calculated security risk level based on the proposed assessment method are consistent with actual simulation.Thus,the reasonableness and effectiveness of the proposed index system and assessment method are validated.

Research on Data Tampering Prevention Method for ATC Network Based on Zero Trust

The traditional air traffic control information sharing data has weak security characteristics of personal privacy data and poor effect,which is easy to leads to the problem that the data is usurped.Starting from the application of the ATC(automatic train control)network,this paper focuses on the zero trust and zero trust access strategy and the tamper-proof method of information-sharing network data.Through the improvement of ATC’s zero trust physical layer authentication and network data distributed feature differentiation calculation,this paper reconstructs the personal privacy scope authentication structure and designs a tamper-proof method of ATC’s information sharing on the Internet.From the single management authority to the unified management of data units,the systematic algorithm improvement of shared network data tamper prevention method is realized,and RDTP(Reliable Data Transfer Protocol)is selected in the network data of information sharing resources to realize the effectiveness of tamper prevention of air traffic control data during transmission.The results show that this method can reasonably avoid the tampering of information sharing on the Internet,maintain the security factors of air traffic control information sharing on the Internet,and the Central Processing Unit(CPU)utilization rate is only 4.64%,which effectively increases the performance of air traffic control data comprehensive security protection system.

Regional accessibility of land traffic network in the Yangtze River Delta

In a given district, the accessibility of any point should be the synthetically evaluation of the internal and external accessibilities. Using MapX component and Delphi, the author presents an information system to calculate and analyze regional accessibility according to the shortest travel time, generating thus a mark diffusing figure. Based on land traffic network, this paper assesses the present and the future regional accessibilities of sixteen major cities in the Yangtze River Delta. The result shows that the regional accessibility of the Yangtze River Delta presents a fan with Shanghai as its core. The top two most accessible cities are Shanghai and Jiaxing, and the bottom two ones are Taizhou （Zhejiang province） and Nantong With the construction of Sutong Bridge, Hangzhouwan Bridge and Zhoushan Bridge, the regional internal accessibility of all cities will be improved. Especially for Shaoxing, Ningbo and Taizhou （Jiangsu province）, the regional internal accessibility will be decreased by one hour, and other cities will be shortened by about 25 minutes averagely. As the construction of Yangkou Harbor in Nantong, the regional external accessibility of the harbor cities in Jiangsu province will be speeded up by about one hour.

Small-time scale network traffic prediction based on a local support vector machine regression model

In this paper we apply the nonlinear time series analysis method to small-time scale traffic measurement data. The prediction-based method is used to determine the embedding dimension of the traffic data. Based on the reconstructed phase space, the local support vector machine prediction method is used to predict the traffic measurement data, and the BIC-based neighbouring point selection method is used to choose the number of the nearest neighbouring points for the local support vector machine regression model. The experimental results show that the local support vector machine prediction method whose neighbouring points are optimized can effectively predict the small-time scale traffic measurement data and can reproduce the statistical features of real traffic measurements.

Joint optimization traffic signal control for an urban arterial road

This paper considers the optimal traffic signal setting for an urban arterial road. By introducing the concepts of synchronization rate and non-synchronization degree, a mathematical model is constructed and an optimization problem is posed. Then, a new iterative algorithm is developed to solve this optimal traffic control signal setting problem. Convergence properties for this iterative algorithm are established. Finally, a numerical example is solved to illustrate the effectiveness of the method.

Effects of real-time traffic information systems on traffic performance under different network structures

The effects of real-time traffic information system(RTTIS)on traffic performance under parallel,grid and ring networks were investigated.The simulation results show that the effects of the proportion of RTTIS usage depend on the road network structures.For traffic on a parallel network,the performance of groups with and without RTTIS level is improved when the proportion of vehicles using RTTIS is greater than 0 and less than 30%,and a proportion of RTTIS usage higher than 90%would actually deteriorate the performance.For both grid and ring networks,a higher proportion of RTTIS usage always improves the performance of groups with and without RTTIS.For all three network structures,vehicles without RTTIS benefit from some proportion of RTTIS usage in a system.

Characterizing Internet Backbone Traffic Based on Deep Packets Inpection and Deep Flows Inspection

Based on the massive data collected with a passive network monitoring equipment placed in China＇s backbone, we present a deep insight into the network backbone traffic and evaluate various ways for inproving traffic classifying efficiency in this pa- per. In particular, the study has scrutinized the net- work traffic in terms of protocol types and signatures, flow length, and port distffoution, from which mean- ingful and interesting insights on the current Intemet of China from the perspective of both the packet and flow levels are derived. We show that the classifica- tion efficiency can be greatly irrproved by using the information of preferred ports of the network applica- tions. Quantitatively, we find two traffic duration thresholds, with which 40% of TCP flows and 70% of UDP flows can be excluded from classification pro- cessing while the in^act on classification accuracy is trivial, i.e., the classification accuracy can still reach a high level by saving 85% of the resources.