Abstract
Network analytics is of key importance for the proper management of network resources as the rate of Internet traffic continues to rise. The aim of this paper is to investigate the performance of different network traffic capture tools for extracting features and to evaluate the performance of eight Machine Learning (ML) algorithms in the classification of (1) applications; (2) states and (3) anomalies. Six Internet applications were considered along with four PC states and two network anomalies. The network was monitored by three traffic capture tools: PRTG, Colasoft Capsa and Wireshark and classification was performed using the Weka Toolkit. The performance of the eight ML classifiers was determined based on several metrics. The Colasoft Capsa feature set gave the highest accuracy for the classification of applications while same was achieved with features from PRTG for the classification of the four states considered. For anomaly classification, the ML algorithms showed almost similar classification behavior when the Colasoft Capsa or PRTG feature set was used.
Similar content being viewed by others
References
Joshi P, Bhandari A, Jamunkar K, Warghade K, Lokhande P (2016) Network traffic analysis measurement and classification using Hadoop. Int J Adv Res Comput Commun Eng. https://doi.org/10.17148/IJARCCE.2016.5360
Mellia M (2010) Traffic monitoring and analysis: second international workshop, TMA, 2010, Zurich, Switzerland, April 7, 2010. In: Proceedings, computer communication networks and telecommunications volume 6003 of Lecture Notes in Computer Science, Springer, Berlin. ISSN 0302-9743
Srinivasa KG, Siddesh GM, Srinidhi H (2018) Network data analytics: a hands-on approach for application development. In: Computer communications and networks series, 1st edn. Berlinl: Springer. 2018 edition 27 Apr 2018
Parsaei MR, Sobouti MJ, Khayami SR, Javidan R (2017) Network traffic classification using machine learning techniques over software defined networks. IJACSA 8(7):220–225
Shafiq M, Xiangzhan Y, Asif AL, Lu Y, Nabin KK, Foudil A (2016) Network traffic classification techniques and comparative analysis using machine learning algorithms. In: 2nd IEEE international conference on computer and communications (ICCC), Chengdu China, 14–17 Oct 2016
Singh K, Agrawal S (2011) Comparative analysis of five machine learning algorithms for IP traffic classification. In: International conference on emerging trends in networks and computer communications (ETNCC), 22–24 Apr 2011, Udaipur, India
Agrawal S, Jaspreet K, Sohi BS, Machine learning classifier for internet traffic from academic perspective. In: International conference on recent advances and future trends in information technology (iRAFIT2012), Proceedings published in International Journal of Computer Applications® (IJCA)
Zhoua D, Yana Z, Fua Y, Yaoa Z (2018) A survey on network data collection. J Netw Comput Appl 116:9–23. https://doi.org/10.1016/j.jnca.2018.05.004
Iglesias F, Zseby T (2015) Analysis of network traffic features for anomaly detection. Mach Learn 101(1–3):59–84. https://doi.org/10.1007/s10994-014-5473-9
PRTG Network Monitor, Paessler, [Online]. Available: https://www.paessler.com/prtg
PRTG Manual: Key Features, Paessler, 2019. [Online]. Available: https://www.paessler.com/manuals/prtg/key_features. Accessed 18 Nov 2018
Lammle T (2016) CCNA Routing and switching complete study guide: Exam 100-105, Exam 200-105, Exam 200-125, Sybex; 2 edition. 17 Oct 2016
Wireshark (online) Available: https://www.wireshark.org/
Chappell L (2017) Wireshark® 101: Essential Skills for Network Analysis, Second Edition: Wireshark Solution Series [Print Replica] Kindle Edition, 2017, Amazon Digital Services LLC
Capsa Standard 11, Colasoft (2018) (online). Available: https://www.colasoft.com/landing/capsa_std.php
Monitor Network Traffic, Colasoft (2018) (online). Available: https://www.colasoft.com/capsa/monitor-network-traffic.php. Accessed 2 Mar 2019
Zheng J, Jamalipour A (2009) Broadcasting, multicasting, and geocasting. Wiley, New York, pp 145–172. https://doi.org/10.1002/9780470443521.ch5
Cheng J, Greiner R (2001) Learning bayesian belief network classifiers: algorithms and system. In: Stroulia E, Matwin S (eds) Advances in artificial intelligence. Canadian AI 2001. Lecture notes in computer science (lecture notes in artificial intelligence), vol 2056. Springer, Berlin
Huang D, Guan G, Zhou J, Wang H (2018) Network-based naive Bayes model for social network. Sci China Math 61(4):627–640. https://doi.org/10.1007/s11425-017-9209-6
Friedman N, Geiger D, Goldszmidt M (1997) Bayesian network classifiers. Mach Learn 29(2–3):131–163. https://doi.org/10.1023/A:1007465528199
Kruse R, Borgelt C, Braune C, Mostaghim S, Steinbrecher M (2016) Multilayer perceptrons. In: Computational intelligence. Texts in computer science. Springer, London. https://doi.org/10.1007/978-1-4471-7296-3_5
Zhongqi W, Bo Y, Yonggang K, Yuan Y (2016) Development of a prediction model based on RBF neural network for sheet metal fixture locating layout design and optimization. Comput Intell Neurosci. https://doi.org/10.1155/2016/7620438
Weka 3: Data Mining Software in Java, The University of Waikato, [Online]. Available: https://www.cs.waikato.ac.nz/ml/weka/
Susmaga R (2004) Confusion matrix visualization. In: Kłopotek MA, Wierzchoń ST, Trojanowski K (eds) Intelligent information processing and web mining Advances in Soft Computing, vol 25. Springer, Berlin. https://doi.org/10.1007/978-3-540-39985-8_12
Rao UH, Nayak U (2014) Understanding networks and network security. In: The InfoSec Handbook. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4302-6383-8_9
Rodriguez-Gil L, Orduña P, García-Zubia J, López-de-Ipiña D (2018) Interactive live-streaming technologies and approaches for web-based applications. Multimed Tools Appl 77:6471. https://doi.org/10.1007/s11042-017-4556-6
Ransome JF, Rittinghouse JW (2005) Voice over Internet Protocol (VoIP) Security. Digital Press. https://doi.org/10.1016/B978-1-55558-332-3.X5000-6
Mahjabin T, Xiao Y, Sun G, Jiang W (2017) A survey of distributed denial-of-service attack, prevention, and mitigation techniques. Int J Distrib Sens Netw. https://doi.org/10.1177/1550147717741463
Razaque A, Elleithy K (2013) Controlling attacks of rogue dynamic host configuration protocol (DHCP) to improve pedagogical activities in mobile collaborative learning (MCL) environment. J Commun Comput Eng 3(1):15–29
Univeristy of Waikato, Attribute-Relation File Format (ARFF), 1 November 2008. [Online]. Available: https://www.cs.waikato.ac.nz/ml/weka/arff.html. Accessed 4 Nov 2018
Acknowledgements
The authors would like to thank the University of Mauritius for providing the necessary facilities to conduct this research.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Fowdur, T.P., Baulum, B.N. & Beeharry, Y. Performance analysis of network traffic capture tools and machine learning algorithms for the classification of applications, states and anomalies. Int. j. inf. tecnol. 12, 805–824 (2020). https://doi.org/10.1007/s41870-020-00458-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41870-020-00458-0