short-paper

Free access

A Meta-Analysis Approach for Feature Selection in Network Traffic Research

Authors:

Daniel C. Ferreira,

Félix Iglesias Vázquez,

Gernot Vormayr,

Maximilian Bachl, and

Tanja ZsebyAuthors Info & Claims

Reproducibility '17: Proceedings of the Reproducibility Workshop

August 2017

Pages 17 - 20

https://doi.org/10.1145/3097766.3097771

Published: 11 August 2017 Publication History

PDF eReader

Abstract

The selection of features for network traffic analysis and anomaly detection is a challenge for experts who aim to build systems that discover traffic patterns, characterize networks, and improve security. There are no major guidelines or best practices for feature selection in the field. The literature is full of different proposals that ultimately depend on feature availability, types of known traffic, tool limitations, specific goals, and, fundamentally, the experts' knowledge and intuition. In this work we have revisited 71 principal publications in the field of network traffic analysis from 2005 to 2017. Relevant information has been curated according to formalized data structures and stored in JSON format, creating a database for the smart retrieval of network traffic analysis researches. Meta-analysis performed upon the explored publications disclosed a set of main features that are common in a considerable volume of works and could be used as a baseline for future research. Additionally, aiming for validation and generalization in network traffic research, the creation of such meta-analysis environments is highly valuable. It allows homogenizing and joining criteria for the design of experiments, thus avoiding getting lost or becoming irrelevant due to the high complexity and variability that network traffic analysis involves.

Supplementary Material

WEBM File (ametaanalysisapproachforfeatureselectioninnetworktrafficresearch.webm)

Download
66.08 MB

References

[1]

Maristella Agosti, Giorgio Maria Di Nunzio, and Nicola Ferro. 2007. The Importance of Scientific Data Curation for Evaluation Campaigns. Springer Berlin Heidelberg, Berlin, Heidelberg, 157--166.

Digital Library

Google Scholar

[2]

Michael Borenstein, Larry V. Hedges, Julian P. T. Higgins, and Hannah R. Roth-stein. 2009. Introduction to Meta-Analysis. John Wiley & Sons, Ltd. 409--414 pages.

Google Scholar

[3]

T. Bray. 2014. RFC 7159: The JavaScript Object Notation (JSON) Data Interchange Format. Technical Report. Internet Engineering Task Force (IETF).

Google Scholar

[4]

A. Callado, C. Kamienski, G. Szabo, B. P. Gero, J. Kelner, S. Fernandes, and D. Sadok. 2009. A Survey on Internet Traffic Identification. IEEE Communications Surveys Tutorials 11, 3 (2009), 37--52.

Digital Library

Google Scholar

[5]

B. Claise and B. Trammell. 2013. RFC 7012: Information Model for IP Flow Information Export (IPFIX). Technical Report. Internet Engineering Task Force (IETF). https://www.iana.org/assignments/ipfix/ipfix.xhtml

Google Scholar

[6]

Félix Iglesias and Tanja Zseby. 2015. Analysis of network traffic features for anomaly detection. Machine Learning 101, 1 (2015), 59--84.

Digital Library

Google Scholar

[7]

Hyunchul Kim, KC Claffy, Marina Fomenkov, Dhiman Barman, Michalis Faloutsos, and KiYoung Lee. 2008. Internet Traffic Classification Demystified: Myths, Caveats, and the Best Practices. In Proceedings of the 2008 ACM CoNEXT Conference (CoNEXT '08). ACM, New York, NY, USA, Article 11, 12 pages.

Digital Library

Google Scholar

[8]

TU Wien CN Group. 2017. Network Traffic Analysis Database. (2017). https://www.cn.tuwien.ac.at/meta

Google Scholar

[9]

Tanja Zseby, Felix Iglesias Vazquez, Alistair King, and K.C. Claffy. 2015. Teaching Network Security With IP Darkspace Data. IEEE Transactions on Education 59, 1 (2015), 1--7.

Digital Library

Google Scholar

Cited By

View all

Brenner BHollerer SBhosale PSauter TKastner WFabini JZseby T(2023)Better Safe Than Sorry: Risk Management Based on a Safety-Augmented Network Intrusion Detection SystemIEEE Open Journal of the Industrial Electronics Society10.1109/OJIES.2023.32970574(287-303)Online publication date: 2023
https://doi.org/10.1109/OJIES.2023.3297057
Aguilar JJerez MPinto ADe Mesa JMontoya E(2022)Context Knowledge Extraction using Network Traffic Information2022 XVLIII Latin American Computer Conference (CLEI)10.1109/CLEI56649.2022.9959904(1-10)Online publication date: 17-Oct-2022
https://doi.org/10.1109/CLEI56649.2022.9959904
Li YGuo HHou JZhang ZJiang TLiu Z(2021) A Survey of Encrypted Malicious Traffic Detection * 2021 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI)10.1109/CCCI52664.2021.9583191(1-7)Online publication date: 15-Oct-2021
https://doi.org/10.1109/CCCI52664.2021.9583191
Show More Cited By

Index Terms

A Meta-Analysis Approach for Feature Selection in Network Traffic Research
1. Applied computing
  1. Computer forensics
    1. Evidence collection, storage and analysis
    2. Network forensics
  2. Document management and text processing
    1. Document capture
      1. Document analysis
    2. Document management
      1. Document metadata
2. Information systems
  1. Information retrieval
    1. Document representation
      1. Content analysis and feature selection

Recommendations

A Clustering Analysis Method for Network Traffic Based on Feature Parameter Distribution
ETCS '09: Proceedings of the 2009 First International Workshop on Education Technology and Computer Science - Volume 02

Network traffic analysis needs a lot of data which include much information. Predominating pattern state of traffic true and roundly has been an active and difficult research topic in the field of traffic analysis for many years. Up to now, simplex data ...
Read More
Meta-analysis in psychology: a bibliometric study

Meta-analysis refers to the statistical methods used in research synthesis for combining and integrating results from individual studies. The present study draws on the strengths of bibliometric methods in order to offer an overview of meta-analytic ...
Read More
A machine learning approach for feature selection traffic classification using security analysis

Class imbalance has become a big problem that leads to inaccurate traffic classification. Accurate traffic classification of traffic flows helps us in security monitoring, IP management, intrusion detection, etc. To address the traffic classification ...
Read More

Comments

Information & Contributors

Information

Published In

Reproducibility '17: Proceedings of the Reproducibility Workshop

August 2017

31 pages

ISBN:9781450350600

DOI:10.1145/3097766

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 August 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Funding Sources

Vienna Science and Technology Fund (WWTF)

Conference

SIGCOMM '17

Sponsor:

SIGCOMM

SIGCOMM '17: ACM SIGCOMM 2017 Conference

August 25, 2017

CA, Los Angeles, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
679
Total Downloads

Downloads (Last 12 months)57
Downloads (Last 6 weeks)3

Other Metrics

View Author Metrics

Citations

Cited By

View all

Brenner BHollerer SBhosale PSauter TKastner WFabini JZseby T(2023)Better Safe Than Sorry: Risk Management Based on a Safety-Augmented Network Intrusion Detection SystemIEEE Open Journal of the Industrial Electronics Society10.1109/OJIES.2023.32970574(287-303)Online publication date: 2023
https://doi.org/10.1109/OJIES.2023.3297057
Aguilar JJerez MPinto ADe Mesa JMontoya E(2022)Context Knowledge Extraction using Network Traffic Information2022 XVLIII Latin American Computer Conference (CLEI)10.1109/CLEI56649.2022.9959904(1-10)Online publication date: 17-Oct-2022
https://doi.org/10.1109/CLEI56649.2022.9959904
Li YGuo HHou JZhang ZJiang TLiu Z(2021) A Survey of Encrypted Malicious Traffic Detection * 2021 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI)10.1109/CCCI52664.2021.9583191(1-7)Online publication date: 15-Oct-2021
https://doi.org/10.1109/CCCI52664.2021.9583191
Iglesias FFerreira DVormayr GBachl MZseby T(2020)NTARC: A Data Model for the Systematic Review of Network Traffic Analysis ResearchApplied Sciences10.3390/app1012430710:12(4307)Online publication date: 23-Jun-2020
https://doi.org/10.3390/app10124307
Meghdouri FVazquez FZseby T(2020)Anomaly Detection for Mixed Packet Sequences2020 IEEE 45th LCN Symposium on Emerging Topics in Networking (LCN Symposium)10.1109/LCNSymposium50271.2020.9363264(120-130)Online publication date: 17-Nov-2020
https://doi.org/10.1109/LCNSymposium50271.2020.9363264
Meghdouri FVazquez FZseby T(2020)Cross-Layer Profiling of Encrypted Network Data for Anomaly Detection2020 IEEE 7th International Conference on Data Science and Advanced Analytics (DSAA)10.1109/DSAA49011.2020.00061(469-478)Online publication date: Oct-2020
https://doi.org/10.1109/DSAA49011.2020.00061
Li GTong Y(2020)Mathematical Model Analysis of Network Traffic Data Detection Under the Background of Big Data2019 6th International Conference on Dependable Systems and Their Applications (DSA)10.1109/DSA.2019.00027(159-166)Online publication date: Jan-2020
https://doi.org/10.1109/DSA.2019.00027
Fejrskov MPedersen JVasilomanolakis E(2020)Cyber-security research by ISPs: A NetFlow and DNS Anonymization Policy2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)10.1109/CyberSecurity49315.2020.9138869(1-8)Online publication date: Jun-2020
https://doi.org/10.1109/CyberSecurity49315.2020.9138869
Vormayr GFabini JZseby T(2020)Why are My Flows Different? A Tutorial on Flow ExportersIEEE Communications Surveys & Tutorials10.1109/COMST.2020.298969522:3(2064-2103)Online publication date: Nov-2021
https://doi.org/10.1109/COMST.2020.2989695
Iglesias FHartl AZseby TZimek A(2020)Are Network Attacks Outliers? A Study of Space Representations and Unsupervised AlgorithmsMachine Learning and Knowledge Discovery in Databases10.1007/978-3-030-43887-6_13(159-175)Online publication date: 28-Mar-2020
https://doi.org/10.1007/978-3-030-43887-6_13
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

A Clustering Analysis Method for Network Traffic Based on Feature Parameter Distribution

Meta-analysis in psychology: a bibliometric study

A machine learning approach for feature selection traffic classification using security analysis

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF

eReader

Login options

Full Access

Abstract

Supplementary Material

References

Cited By

Index Terms

Recommendations

A Clustering Analysis Method for Network Traffic Based on Feature Parameter Distribution

Meta-analysis in psychology: a bibliometric study

A machine learning approach for feature selection traffic classification using security analysis

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations