Network Traffic Classification in an NFV Environment using Supervised ML Algorithms

• Autorzy: Ilievski Gjorgji , Latkoski Pero

Identyfikatory

DOI

10.26636/jtit.2021.153421

• Języki publikacji: EN

Abstrakty

EN

We have conducted research on the performance of six supervised machine learning (ML) algorithms used for network traffic classification in a virtual environment driven by network function virtualization (NFV). The performance-related analysis focused on the precision of the classification process, but also in time-intensity (speed) of the supervised ML algorithms. We devised specific traffic taxonomy using commonly used categories, with particular emphasis placed on VoIP and encrypted VoIP protocols serve as a basis of the 5G architecture. NFV is considered to be one of the foundations of 5G development, as the traditional networking components are fully virtualized, in many cases relaying on mixed cloud solutions, both of the premise- and public cloud-based variety. Virtual machines are being replaced by containers and application functions while most of the network traffic is flowing in the east-west direction within the cloud. The analysis performed has shown that in such an environment, the Decision Tree algorithm is best suited, among the six algorithms considered, for performing classification-related tasks, and offers the required speed that will introduce minimal delays in network flows, which is crucial in 5G networks, where packet delay requirements are of great significance. It has proven to be reliable and offered excellent overall performance across multiple network packet classes within a virtualized NFV network architecture. While performing the classification procedure, we were working only with the statistical network flow features, leaving out packet payload, source, destination- and port-related information, thus making the analysis valid not only from the technical, but also from the regulatory point of view.

Słowa kluczowe

EN

classification; machine learning; network functions virtualization; network traffic

• Wydawca: Instytut Łączności - Państwowy Instytut Badawczy
• Czasopismo: Journal of Telecommunications and Information Technology
• Rocznik: 2021
• Tom: nr 3
• Strony: 23--31
• Opis fizyczny: Bibliogr. 31 poz., rys., tab.

Twórcy

autor

Ilievski Gjorgji

• IT Department, Cyber Security Unit, Makedonski Telekom AD Skopje

• https://orcid.org/0000-0003-2109-7027

autor

Latkoski Pero

• Ss. Cyril & Methodius University, Skopje, RN Macedonia

• https://orcid.org/0000-0002-8406-4057

Bibliografia

• [1] M. Chiosi et al., „Network Functions Virtualisation", Introductory White Paper, 2015 [Online]. Available: https://portal.etsi.org/nfv/nfv white paper.pdf (accessed on 10.10.2020).
• [2] M. Eiman, „Minimum Technical Performance Requirements for IMT-2020 radio interface(s). Presentation", 2018 [Online]. Available: https://www.itu.int/en/ITU-R/study-groups/rsg5/rwp5d/imt-2020/Documents/S01-1 Requirements%20for%20IMT-2020 Rev.pdf (accessed on 10.10.2020).
• [3] E. Frank, M. A. Hall, and I. H. Witten, Data Mining: Practical Machine Learning Tools and Techniques, Fourth Edition. San Francisco, CA, USA: Morgan Kaufmann, 2016, pp. 2464-2468 (ISBN: 9780128042915).
• [4] J. Vergara-Reyes, M. C. Martinez-Ordonez, A. Ordonezy, and O. M. C. Rendon, „IP traffic classification in NFV: a benchmarking of supervised machine learning algorithms", in IEEE Colombian Conf. on Commun. and Comput., Cartagena. Colombia, 2017 (DOI: 10.1109/ColComCon.2017.8088199).
• [5] R. Alshammari and A. Nur Zincir-Heywood, „Identification of VoIP encrypted traffic using a machine learning approach", J. of King Saud University - Computer and Informat. Sci. archive, vol. 27, no. 1, pp. 77-92, 2015 (DOI: 10.1016/j.jksuci.2014.03.013).
• [6] B. Ma, H. Zhang, Y. Guo, Z. Liu, and Y. Zeng, „A Summary of Trafffic Identification Method Depended on Machine Learning", Sensor Networks and Signal Process. (SNSP) 2018 Int. Conf., Xi'an, China, 2018, pp. 469-474 (DOI: 10.1109/SNSP.2018.00094).
• [7] U. Trivedi and M. Patel, „A fully automated deep packet inspection verification system with machine learning", IEEE Int. Conf. on Advanced Networks and Telecommun. Systems, Bangalore, India, 2016 (DOI: 10.1109/ANTS.2016.7947802).
• [8] S. Rezaei and X. Liu, „Deep Learning for Encrypted Traffic Classification: An overview", IEEE Commun. Mag., vol. 57, no. 5, 2019, pp. 76-81 (DOI: 10.1109/MCOM.2019.1800819).
• [9] M. Shafiq et al., „Network traffic classification techniques and comparative analysis using machine learning algorithms", in Proc. 2nd IEEE Int. Conf. on Computer and Commun. (ICCC), Chengdu, China, 2016, pp. 2451-2455 (DOI: 10.1109/CompComm.2016.7925139).
• [10] U. Huang, P. Li, and S. Gu, „Traffic scheduling for deep packet inspection in software-defined networks", Concurrency and Comput.: Practice and Experience, 2017 (DOI: 10.1002/cpe.3967).
• [11] M. Mousa, A. Bahaa-Eldin, and M. Sobh, „Software Defined Networking concepts and challenges", 11th Int. Conf. on Computer Engin. & Systems (ICCES), Cairo, Egypt, 2016, pp. 79-90 (DOI: 10.1109/ICCES.2016.7821979).
• [12] L. Polčák et al., „A High Level Policies in SDN", Int. Conf. on E-Business and Telecommun., Colmar, France, 2016, pp. 39-57 (DOI: 10.1007/978-3-319-30222-5 2).
• [13] J. Arevalo Herrera and J. E. Camargo, „A Survey on Machine Learning Applications for Software Defined Network Security", Applied Cryptography and Network Security Workshops ACNS, Bogotá, Colombia, vol. 11605, 2019, pp. 70-93 (DOI: 10.1007/978-3-030-29729-9 4).
• [14] A. Chowdhary et al., „SDFW: SDN-based Stateful Distributed Firewall", Project: Secured and Resilient Networking, 2018 (DOI: 10.13140/RG.2.2.11001.93281).
• [15] S. Choudhury and A. Bhowal, „Comparative analysis of machine learning algorithms along with classifiers for network intrusion detection", Int. Conf. on Smart Technol. and Management for Comput., Commun., Controls, Energy and Materials (ICSTM), Avadi, India, 2015, pp. 89-95 (DOI: 10.1109/ICSTM.2015.7225395).
• [16] M. Shafiq et al., „WeChat text and picture messages service flow traffic classification using machine learning technique", IEEE 18th Int. Conf. on High Performance Comput. and Commun.; IEEE 14th Int. Conf. on Smart City; IEEE 2nd Int. Conf. on Data Sci. And Systems (HPCC/SmartCity/DSS), Sydney, NSW, Australia, 2016, pp. 58-62 (DOI: 10.1109/HPCC-SmartCity-DSS.2016.0019).
• [17] M. Reza, M. J. Sobouti, S. Raouf, and R. Javidan, „Network traffic classification using machine learning techniques over software defined networks", Int. J. of Adv. Computer Sci. and App., 2017 (DOI: 8.10.14569/IJACSA.2017.080729).
• [18] M. Karakus and A. Durresi, „Quality of Service (QoS) in Software Defined Networking (SDN): A survey", J. of Network and Computer App., 2016 (DOI: 80. 10.1016/j.jnca.2016.12.019).
• [19] L. Le, D. Sinh, B. P. Lin, and L. Tung, „Applying Big Data, Machine Learning, and SDN/NFV to 5G traffic clustering, forecasting, and management", 4th IEEE Conf. on Network Softwarization and Workshops (NetSoft), Montreal, Canada, 2018 (DOI: 10.1109/NETSOFT.2018.8460129).
• [20] S. Zander and G. Armitage, „Practical machine learning based multimedia traffic classification for distributed QOS management", 2011 IEEE 36th Conf. on Local Computer Networks, Bonn, Germany, 2011, pp. 399-406 (DOI: 10.1109/LCN.2011.6115322).
• [21] J. H. Shu et al., „Network traffic classification based on deep learning", First Int. Conf. on Advanced Algorithms and Control Engin., Pingtung, Taiwan, 2018 (DOI: 10.1088/1742-6596/1087/6/062021).
• [22] W. Ma, C. Medina, and D. Pan, „Traffic-aware placement of NFV middleboxes", IEEE Global Commun. Conf. (GLOBECOM), San Diego, CA, USA, 2015, pp. 1-6 (DOI: 10.1109/GLOCOM.2015.7417851).
• [23] D. Bonfiglio, M. Mellia, M. Meo, D. Rossi, and P. Tofanelli, „Revealing Skype traffic: when randomness plays with you", ACM SIG-COMM Computer Commun. Review, vol. 37, no. 4, pp. 37-48, 2007 (DOI: 10.1145/1282427.1282386).
• [24] Oracle VirtualBox [Online]. Available: https://www.virtualbox.org (accessed on 10.09.2020).
• [25] M. V. Bernal, I. Cerrato, F. Risso, and D. Verbeiren, „Transparent optimization of inter-virtual network function communication In open vSwitch", 5th IEEE Int. Conf. on Cloud Netw. (Cloudnet), Pisa, Italy, 2016, pp. 76-82 (DOI: 10.1109/CloudNet.2016.26).
• [26] Linux Foundation, Open vSwitch Project, 2016 [Online]. Available: http://www.openvswitch.org
• [27] Wireshark [Online]. Available: https://www.wireshark.org/(accessed on 10.09.2020).
• [28] Mininet: An instant virtual network on your laptop (or other PC) [Online]. Available: http://mininet.org (accessed on 12.09.2020).
• [29] Ryu Framework [Online]. Available: http://osrg.github.io/ryu/(accessed on 10.09.2020).
• [30] A. Botta, A. Dainotti, and A. Pescapfie, „A tool for the generation of realistic network workload for emerging networking scenarios", Computer Networks (Elsevier), 2012, vol. 56, no. 15, pp. 3531-3547 (DOI: 10.1016/j.comnet.2012.02.019).
• [31] Argus Quosient [Online]. Available: https://qosient.com/argus/(accessed on 10.09.2020).

Uwagi

Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2021).