Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Cluster Computing
Published in: Cluster Computing 2/2019

10-11-2017

Encrypted network behaviors identification based on dynamic time warping and k-nearest neighbor

Authors: Zhu Hejun, Zhu Liehuang

Published in: Cluster Computing | Special Issue 2/2019

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

In order to solve the problem of encrypted traffic identification, the identification method based on dynamic time warping (DTW) and k-nearest neighbor (KNN) for the encrypted network behaviors was proposed. The method took the encrypted Twitter traffic as an example of research, and a large number of encrypted Twitter network behaviors were deeply analyzed, and then the features representing the encrypted network behaviors were extracted, and the specific encrypted network behavior module database based on DTW and KNN were established, and the DTW between the collection data set and the module database were calculated, and then were normalized, and then the encrypted network behaviors were classified by comparing with the preset empirical threshold, and the distance information were also considered by DTW algorithm, at the same time, the influence of TCP retransmission and duplicate ACK packets can be effectively eliminated by the dynamic time warping algorithm. In order to overcome the noise interference of the similar data traffic except the distance information, the similar filtered data packets were classified as the true behavior or the false behavior by KNN algorithm, and then the encrypted network behaviors were identified automatically and in real time, compared with the only correlation coefficient method or only DTW method, the online correct recognition rate by DTW and KNN has been greatly increased and reached to about 93%, and the missed detection rate is almost same with the traditional methods, the experiments and actual project applications showed that the proposed method was effective.
previous article Frame based multicast scheduling for buffered Clos-network switches
next article A hybrid artificial bee colony algorithm with modified search model for numerical optimization

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
Literature
1.
Dainotti, A., Pescape, A., Claffy, K.C.: Issues and future directions in traffic classification. Netw. IEEE. 26(1), 35–40 (2012)
2.
Bartoli, A., Cumar, S., Lorenzo, A.D., Medvet, E.: Compressing regular expression sets for deep packet inspection. Parallel problem solving from nature—PPSN XIII. Springer, New York, pp. 394–403 (2014)
3.
Najam, M., Younis, U., Rasool, R.U.: Speculative parallel pattern matching using stride-k DFA for deep packet inspection. J. Netw. Comput. Appl. 54(C), 78–87 (2015)
4.
Carli, L.D., Sommer, R., Jha, S.: Beyond pattern matching: A concurrency model for stateful deep packet inspection. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, vol. 28, pp. 1378–1390 (2014)
5.
Gebert, S., Pries, R., Heck, K., Heck, K.: Internet access traffic measurement and analysis. In: International Conference on Traffic Monitoring and Analysis, vol. 7189, pp. 29–42. Springer, New York (2012)
6.
Park, J.S., Lee, J.Y., Lee, S.B.: Internet traffic measurement and analysis in a high speed network environment: workload and flow characteristics. J. Commun. Netw. 2(3), 287–296 (2013)
7.
Liu, A.X., Meiners, C.R., Norige, E., Torng, E.: High-speed application protocol parsing and extraction for deep flow inspection. IEEE J. Sel. Areas Commun. 32(10), 1864–1880 (2015)
8.
De Donato, W., Pescapé, A., Dainotti, A.: Traffic identification engine: an open platform for traffic classification. Netw. IEEE 28(2), 56–64 (2014)
9.
Jaiswal, R., Lokhande, S.: Analysis of early traffic processing and comparison of machine learning algorithms for real time internet traffic identification using statistical approach. Advanced Computing, Networking and Informatics, vol. 2, pp. 191–221. Springer, New York (2014)
10.
Alshammari, R., Zincir-Heywood, A.N.: How robust can a machine learning approach be for classifying encrypted VOIP? J. Netw. Syst. Manag. 23(4), 830–869 (2015)
11.
Zhu, H.J., Zhu, L.H.: Automatic identification method of twitter encryption network behavior. Comput. Eng. 41(12), 166–170 (2015)
12.
Xie, X.R.: Computer network. Electronic Industry Press, Beijing (2013)
13.
Thankappan, M.: Network forensic investigation of HTTPS protocol. International Journal of Engineering Research (2014)
14.
Wang, Y.X., Jiang, B.L., Wang, C.Y.: Probability theory, stochastic process and mathematical statistics. Beijing University of Posts and Telecommunications Press, Beijing (2010)
Metadata
Title
Encrypted network behaviors identification based on dynamic time warping and k-nearest neighbor
Authors
Zhu Hejun
Zhu Liehuang
Publication date
10-11-2017
Publisher
Springer US
Published in
Cluster Computing / Issue Special Issue 2/2019
Print ISSN: 1386-7857
Electronic ISSN: 1573-7543
DOI
https://doi.org/10.1007/s10586-017-1329-y

Other articles of this Special Issue 2/2019

Cluster Computing 2/2019 Go to the issue

OriginalPaper

Image multi-target detection and segmentation algorithm based on regional proposed fast intelligent network

OriginalPaper

Research on early warning and monitoring algorithm of financial crisis based on fuzzy cognitive map

OriginalPaper

Pyramidal RoR for image classification

OriginalPaper

Research on innovation path of school ideological and political work based on large data

OriginalPaper

Black hole detection using evolutionary algorithm for IDS/IPS in MANETs

OriginalPaper

Research on risk assessment in the early development of state-level new areas based on the improved fuzzy comprehensive evaluation model

Premium Partner

    Image Credits