New Directions in Automated Traffic Analysis

TL;DR

This paper introduces nPrint and nPrintML, tools that automate feature extraction and model tuning in network traffic analysis, significantly simplifying the application of machine learning to various traffic analysis tasks.

Contribution

The paper presents nPrint and nPrintML, novel tools that automate feature representation and model selection, enabling easier and more efficient traffic analysis using machine learning.

Findings

nPrint effectively generates unified packet representations.

nPrintML automates feature extraction and model tuning.

System evaluated successfully on eight traffic analysis tasks.

Abstract

Despite the use of machine learning for many network traffic analysis tasks in security, from application identification to intrusion detection, the aspects of the machine learning pipeline that ultimately determine the performance of the model -- feature selection and representation, model selection, and parameter tuning -- remain manual and painstaking. This paper presents a method to automate many aspects of traffic analysis, making it easier to apply machine learning techniques to a wider variety of traffic analysis tasks. We introduce nPrint, a tool that generates a unified packet representation that is amenable for representation learning and model training. We integrate nPrint with automated machine learning (AutoML), resulting in nPrintML, a public system that largely eliminates feature extraction and model tuning for a wide variety of traffic analysis tasks. We have evaluated nPrintML on eight separate traffic analysis tasks and released nPrint and nPrintML to enable future work to extend these methods.