Network Traffic Analysis with Process Mining: The UPSIDE Case Study

TL;DR

This paper introduces a process mining approach to analyze gaming network traffic, enabling the characterization, modeling, and classification of network states to identify different video games with high interpretability and accuracy.

Contribution

It presents a novel process mining-based method for analyzing gaming network traffic, including state characterization, Petri net encoding, and game classification.

Findings

Effective modeling of gaming network behavior using Petri nets.

High classification accuracy in distinguishing between Clash Royale and Rocket League.

Interpretability of network states through process mining techniques.

Abstract

Online gaming is a popular activity involving the adoption of complex systems and network infrastructures. The relevance of gaming, which generates large amounts of market revenue, drove research in modeling network devices' behavior to evaluate bandwidth consumption, predict and sustain high loads, and detect malicious activity. In this context, process mining appears promising due to its ability to combine data-driven analyses with model-based insights. In this paper, we propose a process mining-based method that analyzes gaming network traffic, allowing: unsupervised characterization of different states from gaming network data; encoding such states through process mining into interpretable Petri nets; and classification of gaming network traffic data to identify different video games being played. We apply the method to the UPSIDE case study, involving gaming network data of several devices interacting with two video games: Clash Royale and Rocket League. Results demonstrate that the gaming network behavior can be effectively and interpretably modeled through states represented as Petri nets with sufficient coherence and specificity while maintaining a good classification accuracy of the two different video games.