Skip to main content
SpringerLink
Log in

Performance analysis of network traffic capture tools and machine learning algorithms for the classification of applications, states and anomalies

  • Original Research
  • Published:
International Journal of Information Technology Aims and scope Submit manuscript

Abstract

Network analytics is of key importance for the proper management of network resources as the rate of Internet traffic continues to rise. The aim of this paper is to investigate the performance of different network traffic capture tools for extracting features and to evaluate the performance of eight Machine Learning (ML) algorithms in the classification of (1) applications; (2) states and (3) anomalies. Six Internet applications were considered along with four PC states and two network anomalies. The network was monitored by three traffic capture tools: PRTG, Colasoft Capsa and Wireshark and classification was performed using the Weka Toolkit. The performance of the eight ML classifiers was determined based on several metrics. The Colasoft Capsa feature set gave the highest accuracy for the classification of applications while same was achieved with features from PRTG for the classification of the four states considered. For anomaly classification, the ML algorithms showed almost similar classification behavior when the Colasoft Capsa or PRTG feature set was used.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

References

  1. Joshi P, Bhandari A, Jamunkar K, Warghade K, Lokhande P (2016) Network traffic analysis measurement and classification using Hadoop. Int J Adv Res Comput Commun Eng. https://doi.org/10.17148/IJARCCE.2016.5360

    Article  Google Scholar 

  2. Mellia M (2010) Traffic monitoring and analysis: second international workshop, TMA, 2010, Zurich, Switzerland, April 7, 2010. In: Proceedings, computer communication networks and telecommunications volume 6003 of Lecture Notes in Computer Science, Springer, Berlin. ISSN 0302-9743

  3. Srinivasa KG, Siddesh GM, Srinidhi H (2018) Network data analytics: a hands-on approach for application development. In: Computer communications and networks series, 1st edn. Berlinl: Springer. 2018 edition 27 Apr 2018

  4. Parsaei MR, Sobouti MJ, Khayami SR, Javidan R (2017) Network traffic classification using machine learning techniques over software defined networks. IJACSA 8(7):220–225

    Google Scholar 

  5. Shafiq M, Xiangzhan Y, Asif AL, Lu Y, Nabin KK, Foudil A (2016) Network traffic classification techniques and comparative analysis using machine learning algorithms. In: 2nd IEEE international conference on computer and communications (ICCC), Chengdu China, 14–17 Oct 2016

  6. Singh K, Agrawal S (2011) Comparative analysis of five machine learning algorithms for IP traffic classification. In: International conference on emerging trends in networks and computer communications (ETNCC), 22–24 Apr 2011, Udaipur, India

  7. Agrawal S, Jaspreet K, Sohi BS, Machine learning classifier for internet traffic from academic perspective. In: International conference on recent advances and future trends in information technology (iRAFIT2012), Proceedings published in International Journal of Computer Applications® (IJCA)

  8. Zhoua D, Yana Z, Fua Y, Yaoa Z (2018) A survey on network data collection. J Netw Comput Appl 116:9–23. https://doi.org/10.1016/j.jnca.2018.05.004

    Article  Google Scholar 

  9. Iglesias F, Zseby T (2015) Analysis of network traffic features for anomaly detection. Mach Learn 101(1–3):59–84. https://doi.org/10.1007/s10994-014-5473-9

    Article  MathSciNet  Google Scholar 

  10. PRTG Network Monitor, Paessler, [Online]. Available: https://www.paessler.com/prtg

  11. PRTG Manual: Key Features, Paessler, 2019. [Online]. Available: https://www.paessler.com/manuals/prtg/key_features. Accessed 18 Nov 2018

  12. Lammle T (2016) CCNA Routing and switching complete study guide: Exam 100-105, Exam 200-105, Exam 200-125, Sybex; 2 edition. 17 Oct 2016

  13. Wireshark (online) Available: https://www.wireshark.org/

  14. Chappell L (2017) Wireshark® 101: Essential Skills for Network Analysis, Second Edition: Wireshark Solution Series [Print Replica] Kindle Edition, 2017, Amazon Digital Services LLC

  15. Capsa Standard 11, Colasoft (2018) (online). Available: https://www.colasoft.com/landing/capsa_std.php

  16. Monitor Network Traffic, Colasoft (2018) (online). Available: https://www.colasoft.com/capsa/monitor-network-traffic.php. Accessed 2 Mar 2019

  17. Zheng J, Jamalipour A (2009) Broadcasting, multicasting, and geocasting. Wiley, New York, pp 145–172. https://doi.org/10.1002/9780470443521.ch5

    Book  Google Scholar 

  18. Cheng J, Greiner R (2001) Learning bayesian belief network classifiers: algorithms and system. In: Stroulia E, Matwin S (eds) Advances in artificial intelligence. Canadian AI 2001. Lecture notes in computer science (lecture notes in artificial intelligence), vol 2056. Springer, Berlin

  19. Huang D, Guan G, Zhou J, Wang H (2018) Network-based naive Bayes model for social network. Sci China Math 61(4):627–640. https://doi.org/10.1007/s11425-017-9209-6

    Article  MathSciNet  MATH  Google Scholar 

  20. Friedman N, Geiger D, Goldszmidt M (1997) Bayesian network classifiers. Mach Learn 29(2–3):131–163. https://doi.org/10.1023/A:1007465528199

    Article  MATH  Google Scholar 

  21. Kruse R, Borgelt C, Braune C, Mostaghim S, Steinbrecher M (2016) Multilayer perceptrons. In: Computational intelligence. Texts in computer science. Springer, London. https://doi.org/10.1007/978-1-4471-7296-3_5

  22. Zhongqi W, Bo Y, Yonggang K, Yuan Y (2016) Development of a prediction model based on RBF neural network for sheet metal fixture locating layout design and optimization. Comput Intell Neurosci. https://doi.org/10.1155/2016/7620438

    Article  Google Scholar 

  23. Weka 3: Data Mining Software in Java, The University of Waikato, [Online]. Available: https://www.cs.waikato.ac.nz/ml/weka/

  24. Susmaga R (2004) Confusion matrix visualization. In: Kłopotek MA, Wierzchoń ST, Trojanowski K (eds) Intelligent information processing and web mining Advances in Soft Computing, vol 25. Springer, Berlin. https://doi.org/10.1007/978-3-540-39985-8_12

    Chapter  Google Scholar 

  25. Rao UH, Nayak U (2014) Understanding networks and network security. In: The InfoSec Handbook. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4302-6383-8_9

  26. Rodriguez-Gil L, Orduña P, García-Zubia J, López-de-Ipiña D (2018) Interactive live-streaming technologies and approaches for web-based applications. Multimed Tools Appl 77:6471. https://doi.org/10.1007/s11042-017-4556-6

    Article  Google Scholar 

  27. Ransome JF, Rittinghouse JW (2005) Voice over Internet Protocol (VoIP) Security. Digital Press. https://doi.org/10.1016/B978-1-55558-332-3.X5000-6

    Article  Google Scholar 

  28. Mahjabin T, Xiao Y, Sun G, Jiang W (2017) A survey of distributed denial-of-service attack, prevention, and mitigation techniques. Int J Distrib Sens Netw. https://doi.org/10.1177/1550147717741463

    Article  Google Scholar 

  29. Razaque A, Elleithy K (2013) Controlling attacks of rogue dynamic host configuration protocol (DHCP) to improve pedagogical activities in mobile collaborative learning (MCL) environment. J Commun Comput Eng 3(1):15–29

    Article  Google Scholar 

  30. Univeristy of Waikato, Attribute-Relation File Format (ARFF), 1 November 2008. [Online]. Available: https://www.cs.waikato.ac.nz/ml/weka/arff.html. Accessed 4 Nov 2018

Download references

Acknowledgements

The authors would like to thank the University of Mauritius for providing the necessary facilities to conduct this research.

Author information

Authors and Affiliations

  1. Department of Electrical and Electronics Engineering, University of Mauritius, Reduit, Mauritius

    T. P. Fowdur, B. N. Baulum & Y. Beeharry

Authors
  1. T. P. Fowdur
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B. N. Baulum
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Y. Beeharry
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to T. P. Fowdur.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fowdur, T.P., Baulum, B.N. & Beeharry, Y. Performance analysis of network traffic capture tools and machine learning algorithms for the classification of applications, states and anomalies. Int. j. inf. tecnol. 12, 805–824 (2020). https://doi.org/10.1007/s41870-020-00458-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41870-020-00458-0

Keywords

Search

Navigation