Research Article

Online P2P Internet Traffic Classification and Mitigation Based on Snort and ML

Haitham Ahmed Jamil
University of Elimam Elmahdi, Kosti, White Nile State, Sudan
* Corresponding author
Bushra M. Ali
University Technology Malaysia, 81310 Skudai, Johor Bahru, Malaysia
Mosab Hamdan
University Technology Malaysia, 81310 Skudai, Johor Bahru, Malaysia
Ahmed E. Osman
University Technology Malaysia, 81310 Skudai, Johor Bahru, Malaysia
DOI icon 10.24018/ejeng.2019.4.10.1534

Read Counter
845

Downloads
476

Citations

Share

Article Sidebar

Submitted 2019-09-11
Published 2019-10-25

Read counter = 845 times

Table of Contents

Article Main Content

Peer to peer applications have modified the nature of internet traffic.   It will consume high internet bandwidth and affect the performance of traditional traffic internet applications.   Therefore, the management and monitoring activity of internet traffic is the important activities involved in the optimization.   In order to detect and mitigate the P2P traffic, port, payload, and transport layer based methods were developed in the past.  Nevertheless, the performances of these methods were not up to the expectation.  Machine Learning (ML) is one of the promising methods to identify and mitigate the traffic of the Internet.   However, the classification accuracy is inconsistent.   The reason for the inconsistency is the relevant training datasets generation and feature selection.   In this research, a technique based on signature-based and ML is proposed to develop a model for online P2P traffic detection and mitigation.   The proposed work can be employed to evaluate the robustness of the online P2P machine learning classifier based on real network traffic traces containing flows labelled by SNORT tool and from special shared resources.  Analysis and validation were carried out on traffic traces of University Technology Malaysia.   The period of traffic was 2011 and 2013.   The output of research is revealing that the proposed work has spent less computation time for classification.  This method gives 99.7% accuracy which equals the classification performance attained for P2P using deep packet inspector. The findings show that classifying network traffic at the flow level can differentiate P2P over non-P2P (nP2P) with high confidence for online P2P mitigation.

Keywords: P2P Traffic Flow Traffic Classification and Mitigation SNORT Machine Learning

References

  1. Jamil, H.A. and B. M Ali, Classifying Internet Traffic Using an Efficient Classifier. International Journal of Recent Technology and Engineering (IJRTE), 2019. 8(3).
     Google Scholar
  2. Jamil, H.A., Feature Selection and Machine Learning Classification for Live P2P Traffic. IJEOM, 2019.
     Google Scholar
  3. Abdalla, B.M.A., et al. Multi-stage Feature Selection for On-Line Flow Peer-to-Peer Traffic Identification. in Asian Simulation Conference. 2017. Springer.
     Google Scholar
  4. Jamil, H.A., A. Abdalla, and B. M K, Improving P2P Network Traffic Classification with ML multi-classifiers. International Journal of P2P Network Trends and Technology (IJPTT), 2014. 4(2).
     Google Scholar
  5. Ibrahim, H.A.H., S.M. Nor, and H.A. Jamil. Online hybrid internet traffic classification algorithm based on signature statistical and port methods to identify internet applications. in 2013 IEEE International Conference on Control System, Computing and Engineering. 2013. IEEE.
     Google Scholar
  6. Jamil, H.A., Detection and Mitigation Framework of Peer-to-Peer Traffic in Campus Networks. International Review on Computers and Software (I.RE.CO.S.), 2013. 8(8).
     Google Scholar
  7. O. Mula-Valls, "A practical retraining mechanism for network traffic classification in operational environments," Master Thesis in Computer Architecture, Networks and Systems, Universitat Politecnica de Catalunya, 2011.
     Google Scholar
  8. M. M. Hassan and M. Marsono, "A three-class heuristics technique: Generating training corpus for Peer-to-Peer traffic classification," in Internet Multimedia Services Architecture and Application (IMSAA), 2010 IEEE 4th International Conference on, 2010, pp. 1-5.
     Google Scholar
  9. H. Lu and C. Wu, "Identification of P2P traffic in campus network," 2010, pp. V1-21-V1-23.
     Google Scholar
  10. A. Moore and K. Papagiannaki, "Toward the accurate identification of network applications," Passive and Active Network Measurement, pp. 41-54, 2005.
     Google Scholar
  11. A. W. Moore and D. Zuev, "Internet traffic classification using bayesian analysis techniques," 2005, pp. 50-60.
     Google Scholar
  12. J. Erman, A. Mahanti, M. Arlitt, I. Cohen, and C. Williamson, "Offline/realtime traffic classification using semi-supervised learning," Performance Evaluation, vol. 64, pp. 1194-1213, 2007.
     Google Scholar
  13. L. Bernaille, R. Teixeira, I. Akodkenou, A. Soule, and K. Salamatian, "Traffic classification on the fly," ACM SIGCOMM Computer Communication Review, vol. 36, pp. 23-26, 2006.
     Google Scholar
  14. J. Erman, M. Arlitt, and A. Mahanti, "Traffic classification using clustering algorithms," in ACM SIGCOMM 2006 - Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, September 11, 2006 - September 15, 2006, Pisa, Italy, 2006, pp. 281-286.
     Google Scholar
  15. N. Williams, S. Zander, and G. Armitage, "A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification," ACM SIGCOMM Computer Communication Review, vol. 36, pp. 5-16, 2006.
     Google Scholar
  16. T. Auld, A. W. Moore, and S. F. Gull, "Bayesian neural networks for internet traffic classification," Neural Networks, IEEE Transactions on, vol. 18, pp. 223-239, 2007.
     Google Scholar
  17. Y. Ma, Z. Qian, G. Shou, and Y. Hu, "Study of information network traffic identification based on C4. 5 algorithm," 2008, pp. 1-5.
     Google Scholar
  18. Y. Luo, "Survey on P2P traffic managements," vol. 145 AISC, ed. Bali, 2012, pp. 191-196.
     Google Scholar
  19. K. Salah and A. Kahtani, "Performance evaluation comparison of Snort NIDS under Linux and Windows Server," Journal of Network and Computer Applications, vol. 33, pp. 6-15, Jan 2010.
     Google Scholar
  20. K. Salah and F. Haidari, "Performance evaluation and comparison of four network packet rate estimators," Aeu-International Journal of Electronics and Communications, vol. 64, pp. 1015-1023, 2010.
     Google Scholar
  21. D. A. Carvalho, M. Pereira, and M. M. Freire, "Towards the Detection of Encrypted BitTorrent Traffic through Deep Packet Inspection," in Security Technology, ed: Springer, 2009, pp. 265-272.
     Google Scholar
  22. (2012). Emergingthreats (ET) Rules. Available: http://rules.emergingthreats.net/open/snort-2.9.0/rules/emerging-p2p.rules
     Google Scholar
  23. J.-j. Zhao, X.-h. Huang, Q. Sun, and Y. Ma, "Real-time feature selection in traffic classification," The Journal of China Universities of Posts and Telecommunications, vol. 15, Supplement, pp. 68-72, 2008.
     Google Scholar
  24. H. A. Jamil, R. Zarei, N. O. Fadlelssied, M. Aliyu, S. M. Nor, and M. N. Marsono, "Analysis of features selection for P2P traffic detection using support vector machine," in Information and Communication Technology (ICoICT), 2013 International Conference of, 2013, pp. 116-121.
     Google Scholar
  25. A. W. Moore, D. Zuev, and M. Crogan, "Discriminators for use in flow-based classification," Technical report, Intel Research, Cambridge2005.
     Google Scholar
  26. (2012). Support vector machines (SVM). Available: http://www.support-vector-machines.org
     Google Scholar
  27. R. Wang, Y. Liu, Y. Yang, and H. Wang, "A new method for P2P traffic identification based on support vector machine," Artificial Intelligence Markup Language. Egypt: IEEE Computer Society, pp. 58-63, 2006.
     Google Scholar
  28. A. Nogueira, P. Salvador, A. Couto, and R. Valadas, "Towards the On-line Identification of Peer-to-peer Flow Patterns," Journal of Networks, vol. 4, 2009.
     Google Scholar
  29. (2012). Peer-to-Peer rules for snort. Available: http://rules.emergingthreats.net/open/snort-2.9.0/rules/emerging-p2p.rules
     Google Scholar
  30. (2012). SOURCEfire. Available: http://www.sourcefire.com/security-technologies/snort/snort-rules
     Google Scholar
  31. (2013). SANS detecting-torrents-snort. Available: http://www.sans.org/reading-room/whitepapers/detection/detecting-torrents-snort-33144
     Google Scholar
  32. (2012). Snort community-rules. Available: http://www.snort.org/snort-rules
     Google Scholar
  33. H. A. Jamil, A. M, A. Hamza, S. M. Nor, and M. N. Marsono, "Selection of online Features for Peer-to-Peer Network Traffic Classification," in Recent Advances in Intelligent Informatics. vol. 235, ed: Springer International Publishing, 2014, pp. 379-390.
     Google Scholar
  34. (2010). Wireshark. Available: http://www.wireshark.org
     Google Scholar
  35. SNORT Network Intrusion Detection System. Available: www.snort.org
     Google Scholar
  36. (2013, 10 April 2013). The Cooperative Association for Internet Data Analysis. Available: http://www.caida.org/data
     Google Scholar
  37. (19 Nov). Università Brescia data sets. Available: http://www.ing.unibs.it/ntw/tools/traces/download/
     Google Scholar
  38. (18 nov 2012). Cambridge data sets. Available: http://www.cl.cam.ac.uk/research/srg/netos/nprobe/data/papers/sigmetrics/index.html
     Google Scholar
  39. H. L. Zhang, G. Lu, M. T. Qassrawi, Y. Zhang, and X. Z. Yu, "Feature selection for optimizing traffic classification," Computer Communications, vol. 35, pp. 1457-1471, Jul 1 2012.
     Google Scholar