Online classification of user activities using machine learning on network traffic

doi:10.1016/j.comnet.2020.107557

Computer Networks

Volume 181, 9 November 2020, 107557

https://doi.org/10.1016/j.comnet.2020.107557 Get rights and content

Under a Creative Commons license

open access

Abstract

The daily deployment of new applications, along with the exponential increase in network traffic, entails a growth in the complexity of network analysis and monitoring. Conversely, the increasing availability and decreasing cost of computational capacity have increased the popularity and usability of machine learning algorithms. In this paper, a system for classifying user activities from network traffic using both supervised and unsupervised learning is proposed. The system uses the behaviour exhibited over the network and classifies the underlying user activity, taking into consideration all of the traffic generated by the user within a given time window. Those windows are characterised with features extracted from the network and transport layer headers in the traffic flows. A three-layer model is proposed to perform the classification task. The first two layers of the model are implemented using K-Means, while the last one uses a Random Forest to obtain the activity labels. An average accuracy of 97.37% is obtained, with values of precision and recall that allow online classification of network traffic for Quality of Service (QoS) and user profiling, outperforming previous proposals.

Cited by (0)

VICTOR LABAYEN graduated on Telecommunication Engineering in 2019 from the Public University of Navarre (UPNA), Spain. During 2018/2019 he held a scholarship on the Electrical, Electronic and Communications Department. Since 2019 he is a network traffic analyst at Naudit High Performance Computing and Networking S.L., a company specialized in network traffic analysis.

EDUARDO MAGAÑA received his M.Sc. and Ph.D. degrees in Telecommunications Engineering from Public University of Navarra, Pamplona, Spain, in 1998 and 2001, respectively. Since 2005, he is associate professor at Public University of Navarra. During 2002 he was a postdoctoral visiting research fellow at the Department of Electrical Engineering and Computer Science, University of California, Berkeley. His main research interests are network monitoring, traffic analysis and performance evaluation of communication networks.

DANIEL MORATO received the M.Sc. degree in Telecommunication Engineering and the Ph.D. degree from the Public University of Navarre, Spain. During 2002 he was a visiting postdoctoral fellow at the Electrical Engineering and Computer Sciences Department, University of California, Berkeley. Since 2006 he has been working at the Department of Automatics and Computing, Public University of Navarre, as an associate professor. His research interests include high‐speed networks, performance and traffic analysis of Internet services and network monitoring.

MIKEL IZAL received his M.Sc. and Ph.D. degrees in telecommunication engineering in 1997 and 2002 respectively. In 2003 he worked as a scientific visitant at Institute Eurecom, Sophia‐ Antipolis, France, performing measures in net‐ work tomography and peer‐to‐peer systems. Since then, he has been with the Department of Automatics and Computing of the Public University of Navarre where he is an Associate Professor. His research interests include traffic analysis, network tomography, high speed next generation networks and peer to peer systems.