Network Traffic Classification based on Single Flow Time Series Analysis

TL;DR

This paper introduces a new set of 69 features derived from single flow time series analysis to improve network traffic classification, especially for encrypted traffic, demonstrating comparable or superior performance across multiple datasets.

Contribution

The paper proposes a novel universal feature vector based on time series analysis of single flow data, enhancing traffic classification accuracy.

Findings

Achieved similar or better classification performance than existing methods.

Increased classification accuracy by up to 5% in over half of the tasks.

Validated the features across 15 public datasets.

Abstract

Network traffic monitoring using IP flows is used to handle the current challenge of analyzing encrypted network communication. Nevertheless, the packet aggregation into flow records naturally causes information loss; therefore, this paper proposes a novel flow extension for traffic features based on the time series analysis of the Single Flow Time series, i.e., a time series created by the number of bytes in each packet and its timestamp. We propose 69 universal features based on the statistical analysis of data points, time domain analysis, packet distribution within the flow timespan, time series behavior, and frequency domain analysis. We have demonstrated the usability and universality of the proposed feature vector for various network traffic classification tasks using 15 well-known publicly available datasets. Our evaluation shows that the novel feature vector achieves classification performance similar or better than related works on both binary and multiclass classification tasks. In more than half of the evaluated tasks, the classification performance increased by up to 5\%.