- Network Traffic Identification with Convolutional Neural Networks - This project aims to implement a new payload-based method to identify network protocol/service using convolutional neural network.
- The paper was published by IEEE and was presented at the 4th Intl Conf on Big Data Intelligence and Computing. Access the publication at https://ieeexplore.ieee.org/document/8512009
For this study, network traffic was collected during the national CPTC held at RIT in November, 2017. From the collected traffic, 34,929 TCP flows were extracted. These flows contained 24 unique protocol labels, with a fairly unbalanced distribution. The dataset is curated by extracting payload bytes from TCP flows, and the protocol/service labels associated with the flows are detected using a network deep packet inspection tool (nDPI). The following table displays the first few service labels and their associated payload bytes.
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | ... | 1015 | 1016 | 1017 | 1018 | 1019 | 1020 | 1021 | 1022 | 1023 | 1024 | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 0 | 22 | 3 | 1 | 2 | 0 | 1 | 0 | 1 | 252 | ... | 113 | 118 | 108 | 144 | 87 | 17 | 63 | 67 | 134 | 114 | |
| 1 | SSL | 22 | 3 | 3 | 0 | 57 | 2 | 0 | 0 | 53 | ... | 140 | 123 | 32 | 18 | 193 | 74 | 221 | 192 | 98 | 78 |
| 2 | LDAP | 48 | 132 | 0 | 0 | 4 | 249 | 2 | 2 | 3 | ... | 161 | 230 | 107 | 18 | 191 | 84 | 166 | 85 | 176 | 245 |
| 3 | LDAP | 48 | 132 | 0 | 0 | 5 | 8 | 2 | 2 | 3 | ... | 168 | 49 | 160 | 26 | 52 | 181 | 64 | 181 | 202 | 160 |
| 4 | MS_OneDrive | 72 | 84 | 84 | 80 | 47 | 49 | 46 | 49 | 32 | ... | 46 | 105 | 112 | 118 | 54 | 116 | 101 | 115 | 116 | 99 |
5 rows × 1025 columns
The bar chart shows the most frequent protocols/services and their frequency distribution.
There are multiple phases through which the payload data needs to pass through before it can be used to train a deep learning model.
The table below shows the aggregated performance metrics for the different optimizers used to train the CNN model.
