Practical and Configurable Network Traffic Classification Using Probabilistic Machine Learning

TL;DR

This paper introduces a flexible, likelihood-based machine learning framework for network traffic classification that uses packet sequence statistics, offering adjustable certainty levels and applicability across various scenarios.

Contribution

It presents a highly configurable traffic classification method relying solely on packet sequence statistics, with likelihood estimation and adjustable certainty, suitable for diverse network environments.

Findings

Performs well on real-world high-performance computing network traffic

Provides adjustable certainty levels for classification decisions

Flexible across different classification scenarios

Abstract

Network traffic classification that is widely applicable and highly accurate is valuable for many network security and management tasks. A flexible and easily configurable classification framework is ideal, as it can be customized for use in a wide variety of networks. In this paper, we propose a highly configurable and flexible machine learning traffic classification method that relies only on statistics of sequences of packets to distinguish known, or approved, traffic from unknown traffic. Our method is based on likelihood estimation, provides a measure of certainty for classification decisions, and can classify traffic at adjustable certainty levels. Our classification method can also be applied in different classification scenarios, each prioritizing a different classification goal. We demonstrate how our classification scheme and all its configurations perform well on real-world traffic from a high performance computing network environment.