publication . Preprint . 2018

Automated Big Traffic Analytics for Cyber Security

Miao, Yuantian; Ruan, Zichan; Pan, Lei; Wang, Yu; Zhang, Jun; Xiang, Yang;
Open Access English
  • Published: 24 Apr 2018
Network traffic analytics technology is a cornerstone for cyber security systems. We demonstrate its use through three popular and contemporary cyber security applications in intrusion detection, malware analysis and botnet detection. However, automated traffic analytics faces the challenges raised by big traffic data. In terms of big data's three characteristics --- volume, variety and velocity, we review three state of the art techniques to mitigate the key challenges including real-time traffic classification, unknown traffic classification, and efficiency of classifiers. The new techniques using statistical features, unknown discovery and correlation analyti...
free text keywords: Computer Science - Cryptography and Security
Related Organizations
Download from

[1] T. T. Nguyen and G. Armitage, “A survey of techniques for internet traffic classification using machine learning,” IEEE Communications Surveys & Tutorials, vol. 10, no. 4, pp. 56-76, 2008.

[2] X. Gui, J. Liu, M. Chi, C. Li, and Z. Lei, “Analysis of malware application based on massive network traffic,” China Communications, vol. 13, no. 8, pp. 209-221, 2016.

[3] A. Dainotti, A. King, F. Papale, A. Pescape et al., “Analysis of a/0 stealth scan from a botnet,” in Proceedings of the 2012 ACM conference on Internet measurement conference. ACM, 2012, pp. 1-14.

[4] S. Suthaharan, “Big data classification: Problems and challenges in network intrusion prediction with machine learning,” ACM SIGMETRICS Performance Evaluation Review, vol. 41, no. 4, pp. 70-73, 2014. [OpenAIRE]

[5] J. Zhang, X. Chen, Y. Xiang, W. Zhou, and J. Wu, “Robust network traffic classification,” IEEE/ACM transactions on networking, vol. 23, no. 4, pp. 1257-1270, 2015.

[6] J. Ma, K. Levchenko, C. Kreibich, S. Savage, and G. M. Voelker, “Unexpected means of protocol inference,” in Proceedings of the 6th ACM SIGCOMM conference on Internet measurement. ACM, 2006, pp. 313-326.

[7] Y. Wang, Y. Xiang, J. Zhang, W. Zhou, G. Wei, and L. T. Yang, “Internet traffic classification using constrained clustering,” IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 11, pp. 2932-2943, 2014.

[8] Z. Ling, J. Luo, K. Wu, W. Yu, and X. Fu, “Torward: Discovery, blocking, and traceback of malicious traffic over tor,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 12, pp. 2515-2530, 2015.

[9] M. Antonakakis, R. Perdisci, Y. Nadji, N. Vasiloglou, S. Abu-Nimeh, W. Lee, and D. Dagon, “From throw-away traffic to bots: detecting the rise of dga-based malware,” in Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), 2012, pp. 491-506.

[10] A. W. Moore and D. Zuev, “Internet traffic classification using bayesian analysis techniques,” in ACM SIGMETRICS Performance Evaluation Review, vol. 33, no. 1. ACM, 2005, pp. 50-60.

[11] H. Dahmouni, S. Vaton, and D. Rossé, “A markovian signature-based approach to ip traffic classification,” in Proceedings of the 3rd annual ACM workshop on Mining network data. ACM, 2007, pp. 29-34. [OpenAIRE]

[12] B. Biggio, B. Nelson, and P. Laskov, “Poisoning attacks against support vector machines,” in Proceedings of the 29th International Conference on Machine Learning, J. Langford and J. Pineau, Eds., 2012, pp. 1-8.

[13] J. Zhang, Y. Xiang, Y. Wang, W. Zhou, Y. Xiang, and Y. Guan, “Network traffic classification using correlation information,” IEEE Transactions on Parallel and Distributed Systems, vol. 24, no. 1, pp. 104-117, 2013.

Any information missing or wrong?Report an Issue