Applying Image Analysis Methods to Network Traffic Classification

Similar documents

Department of Mechanical Engineering, King s College London, University of London, Strand, London, WC2R 2LS, UK; david.hann@kcl.ac.

Texture. Chapter Introduction

COMPARISON OF OBJECT BASED AND PIXEL BASED CLASSIFICATION OF HIGH RESOLUTION SATELLITE IMAGES USING ARTIFICIAL NEURAL NETWORKS

CONTENTS PREFACE 1 INTRODUCTION 1 2 DATA VISUALIZATION 19

USE OF TEXTURES FOR MONITORING THE TREATMENT OF LEG ULCERS

CHAPTER VII CONCLUSIONS

High Productivity Data Processing Analytics Methods with Applications

Modelling, Extraction and Description of Intrinsic Cues of High Resolution Satellite Images: Independent Component Analysis based approaches

RUN-LENGTH ENCODING FOR VOLUMETRIC TEXTURE

A Fast Algorithm for Multilevel Thresholding

Intelligent Diagnose System of Wheat Diseases Based on Android Phone

Traffic Prediction and Analysis using a Big Data and Visualisation Approach

MODELING RANDOMNESS IN NETWORK TRAFFIC

Stochastic Protocol Modeling for Anomaly-Based Network Intrusion Detection

SOURCE SCANNER IDENTIFICATION FOR SCANNED DOCUMENTS. Nitin Khanna and Edward J. Delp

Determining optimal window size for texture feature extraction methods

How To Solve The Kd Cup 2010 Challenge

Automated window size determination for texture defect detection

Morphological analysis on structural MRI for the early diagnosis of neurodegenerative diseases. Marco Aiello On behalf of MAGIC-5 collaboration

Multiscale Object-Based Classification of Satellite Images Merging Multispectral Information with Panchromatic Textural Features

CLASSIFYING NETWORK TRAFFIC IN THE BIG DATA ERA

Java Modules for Time Series Analysis

Data Mining Part 5. Prediction

Implementation of Botcatch for Identifying Bot Infected Hosts

A PHOTOGRAMMETRIC APPRAOCH FOR AUTOMATIC TRAFFIC ASSESSMENT USING CONVENTIONAL CCTV CAMERA

Network Tomography and Internet Traffic Matrices

Server Load Prediction

Pixel-based and object-oriented change detection analysis using high-resolution imagery

Cafcam: Crisp And Fuzzy Classification Accuracy Measurement Software

Probabilistic Latent Semantic Analysis (plsa)

Crowdclustering with Sparse Pairwise Labels: A Matrix Completion Approach

not possible or was possible at a high cost for collecting the data.

Knowledge Based System for Detection and Prevention of DDoS Attacks using Fuzzy logic

UNIVERSITY OF OSLO. Faculty of Mathematics and Natural Sciences

Chapter 4. VoIP Metric based Traffic Engineering to Support the Service Quality over the Internet (Inter-domain IP network)

IMPLICIT SHAPE MODELS FOR OBJECT DETECTION IN 3D POINT CLOUDS

Colour Image Segmentation Technique for Screen Printing

Some Computer Organizations and Their Effectiveness. Michael J Flynn. IEEE Transactions on Computers. Vol. c-21, No.

GEO-VISUALIZATION SUPPORT FOR MULTIDIMENSIONAL CLUSTERING

SNMP Simple Network Measurements Please!

DETECTION, SEGMENTATION AND CHARACTERISATION OF VEGETATION IN HIGH-RESOLUTION AERIAL IMAGES FOR 3D CITY MODELLING

Environmental Remote Sensing GEOG 2021

Device Log Export ENGLISH

International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 8 August 2013

Visualization methods for patent data

Automated metal surface inspection through machine vision

BEHAVIOR BASED CREDIT CARD FRAUD DETECTION USING SUPPORT VECTOR MACHINES

PSG College of Technology, Coimbatore Department of Computer & Information Sciences BSc (CT) G1 & G2 Sixth Semester PROJECT DETAILS.

Bandwidth based Distributed Denial of Service Attack Detection using Artificial Immune System

Transport and Network Layer

Urban Land Use Data for the Telecommunications Industry

Ranch Networks for Hosted Data Centers

How to protect your home/office network?

Joint models for classification and comparison of mortality in different countries.

Using Linear Fractal Interpolation Functions to Compress Video. The paper in this appendix was presented at the Fractals in Engineering '94

Data Mining Techniques

Windows 2003 Performance Monitor. System Monitor. Adding a counter

DYNAMIC FUZZY PATTERN RECOGNITION WITH APPLICATIONS TO FINANCE AND ENGINEERING LARISA ANGSTENBERGER

International Journal of Scientific & Engineering Research, Volume 4, Issue 8, August ISSN

Integration of GPS Traces with Road Map

Conclusions and Future Directions

An Efficient Way of Denial of Service Attack Detection Based on Triangle Map Generation

Image Normalization for Illumination Compensation in Facial Images

Robichaud K., and Gordon, M. 1

Palmprint Identification Based on Principle Line Using Machine Learning Techniques

Detecting Bots with Automatically Generated Network Signatures

AN IMPROVED DOUBLE CODING LOCAL BINARY PATTERN ALGORITHM FOR FACE RECOGNITION

Efficiently Managing Firewall Conflicting Policies

Machine Learning Logistic Regression

WEEK #3, Lecture 1: Sparse Systems, MATLAB Graphics

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

CS Master Level Courses and Areas COURSE DESCRIPTIONS. CSCI 521 Real-Time Systems. CSCI 522 High Performance Computing

Using SonicWALL NetExtender to Access FTP Servers

Making Sense of Broadband Performance Solving Last Mile Connection Speed Problems Traffic Congestion vs. Traffic Control

Big Data: Rethinking Text Visualization

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

Digitisation Disposal Policy Toolkit

Behavior Analysis in Crowded Environments. XiaogangWang Department of Electronic Engineering The Chinese University of Hong Kong June 25, 2011

: Introduction to Machine Learning Dr. Rita Osadchy

A Feature Selection Methodology for Steganalysis

modeling Network Traffic

USE OF STATE FLEET VEHICLE GPS DATA FOR TRAVEL TIME ANALYSIS

Concepts of digital forensics

NAVIGATING SCIENTIFIC LITERATURE A HOLISTIC PERSPECTIVE. Venu Govindaraju

A Novel Cryptographic Key Generation Method Using Image Features

Graph Embedding to Improve Supervised Classification and Novel Class Detection: Application to Prostate Cancer

Outline. Multitemporal high-resolution image classification

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Monitoring of Internet traffic and applications

Role of Social Networking in Marketing using Data Mining

Traffic Flow Monitoring in Crowded Cities

Statistical Feature Selection Techniques for Arabic Text Categorization

Data Mining. 1 Introduction 2 Data Mining methods. Alfred Holl Data Mining 1

Enterprise Network Control and Management: Traffic Flow Models

A CBIR System for Human Brain Magnetic Resonance Image Indexing

KEITH LEHNERT AND ERIC FRIEDRICH

GENERATING SIMULATION INPUT WITH APPROXIMATE COPULAS

Managing Incompleteness, Complexity and Scale in Big Data

A comparative study of data mining (DM) and massive data mining (MDM)

Transcription:

Applying Image Analysis Methods to Network Traffic Classification Thorsten Kisner, and Firoz Kaderali Department of Communication Systems Faculty of Mathematics and Computer Science FernUniversität in Hagen, Germany SPRING 27 SPRING SIDAR Graduierten-Workshop über Reaktive Sicherheit

Outline 1 Motivation Texture Analysis Methods 2 3 Accuracy of classification Conclusion and Future Work

Outline Motivation Texture Analysis Methods 1 Motivation Texture Analysis Methods 2 3 Accuracy of classification Conclusion and Future Work

Texture Analysis Methods Grey Level Co-occurrence Matrix Definition Grey Level Co-occurrence Matrix (GLCM) C(δ, T) = [s(i, j,δ, T)] for texture analysis [1] [2]. s(i, j,δ, T) is a second order probability going from one grey level i to another grey level j given the displacement vector δ = ( x, y). s(i, j,δ, T) = Θ{ x x, x + δ T,g( x) = i, g( x + δ) = j} Θ{ x x, x + δ T } (1) T defines a tile of the original picture

Grey Level Co-occurrence Matrix Parameters describing a texture Texture Analysis Methods Angular Second Moment = (s(i, j)) 2 (2) i j Entropy = s(i, j) log(s(i, j)) (3) i j Inverse Difference Moment = s(i, j) 1 + (i j) 2 (4) i j Inertia = (i j) 2 s(i, j) (5) i j (2) describes the energy of the matrix, (3) the information content. (5) can be interpreted as the contrast and (4) as an inverse weighted measure of contrast.

Texture Analysis Methods In- and outgoing traffic, two types: SMTP and HTTP Measured at the gateway to the external network with the built-in packet and byte counter of iptables (1 second resolution in time). 7 independent traces of 9 hours (weekdays between 7:3am and 4:3pm) for each type of traffic. 6 traces for training data 1 traces for verification Like the windowing mechanism (see T in eq. (1)) in the texture analysis we divide each 9 hour time series in 6 segments of 9 minutes

Outline Motivation 1 Motivation Texture Analysis Methods 2 3 Accuracy of classification Conclusion and Future Work

In texture analysis the size of the co-occurrence matrix is explicitly given by the range of the greyscale values In our scenario the source for the co-occurrence is a time series with no explicitly given limit for the values Huge matrix size to the magnitude of 1 7 x1 7 doesn t make sense thus requiring quantisation. We analysed a linear quantisation to a matrix size of 2 i with i {2, 3,..., 12}.

45 Linearly Dependent 2.5 Not Dependent 4 35 3 Inertia Cluster Shade Cluster Prominence 2 Inverse Difference Moment Correlation Angular Second Moment Entropy 25 1.5 log 2 2 15 1 1 5.5 5 2 4 6 8 1 12 Size of GLCM log 2 2 4 6 8 1 12 Size of GLCM log 2 Figure: Parameters as a function of matrix size

Example Texture Analysis Methods x 1 6 4.5 4 3.5 3 Bytes / T i 2.5 2 1.5 1.5 5 1 15 2 25 3 35 4 45 5 55 time interval T i Figure: Typical network traffic time series

4 3 2 1 ASM.2.4.6.8 1 8 6 4 2 IDM.2.4.6.8 1 1 8 6 4 2 ENT.5 1 1.5 2 15 1 5 INE 5 1 15 2 25 2 15 1 5 CORR 1 1 2 3 6 4 2 CP x 1 3 SMTP Traffic HTTP Traffic.5 1 1.5 2 2.5 3 x 1 8 Figure: Histograms of selected GLCM parameters

1.9 SMTP Traffic HTTP Traffic.8 Inverse Difference Moment (IDM) and Correlation (CORR) plotted against each other. Intersection of both classes, but clustering can be observed. IDM.7.6.5.4.3.2.1.5.5 1 1.5 2 2.5 3 CORR x 1 3 Figure: IDM against CORR

Outline Motivation Accuracy of classification Conclusion and Future Work 1 Motivation Texture Analysis Methods 2 3 Accuracy of classification Conclusion and Future Work

Accuracy of classification Conclusion and Future Work Accuracy of classification k-nearest-neighbor (knn) algorithm with k = 5 to classify the 12 segments 1 of unknown traffic to the classes SMTP or HTTP Only use of the four most relevant parameters (Angular Second Moment (2), Entropy (3), Inverse Difference Moment (4) and Inertia (5)). Traffic Positive Negative Classification rate HTTP 55 5 91.67% SMTP 52 8 86.67% Total 17 13 89.17% Table: Accuracy of classification 1 1 days 6 segments 2 types

Accuracy of classification Conclusion and Future Work Conclusion Novel approach for identifying network traffic by mapping given time series to the known co-occurrence matrix of the domain of texture analysis. Using texture analysis methods we classified even inaccurate and aggregrated data with an accuracy of 9%.

Accuracy of classification Conclusion and Future Work Future Work Analysation of multi-dimensional time series. Examination of network traffic with the proposed method on packet level also including network flow information. Implementing a visualisation framework based on Grey Level Co-occurrence Matrix and related parameters.

Appendix For Further Reading End For Further Reading R. M. Haralick, K. Shanmugam and I. Dinstein, Textural features for image classification, IEEE Transactions on Systems, Man, and Cybernetics, 3(6), November 1973, 61-621 R.W. Conners, M. M. Trivedi, C.A. Harlow, Segmentation of a High-Resolution Urban Scene using Texture Operators, Computer Vision, Graphics and Image Processing, 25, 1984, 273-31

Appendix For Further Reading End Thank you!