A Classifier to Detect Stream Applications Based on Network Traffic Statistical Metrics

2022 International Arab Conference on Information Technology (ACIT) Pub Date : 2022-11-22 DOI:10.1109/ACIT57182.2022.9994184

Omar M. Darwish, Sarah Herzallah, Majdi Maabreh, Shorouq Al-Eidi, Mahmoud Al-Maani, Yahya M. Tashtoush

{"title":"A Classifier to Detect Stream Applications Based on Network Traffic Statistical Metrics","authors":"Omar M. Darwish, Sarah Herzallah, Majdi Maabreh, Shorouq Al-Eidi, Mahmoud Al-Maani, Yahya M. Tashtoush","doi":"10.1109/ACIT57182.2022.9994184","DOIUrl":null,"url":null,"abstract":"One of the most crucial considerations, when considering security vulnerabilities, is network traffic. There is still potential for more research on the inter-arrival time side, even though some studies concentrate on network traffic from the perspective of the packet fields such as packet length and packet number. Inter-arrival timings are crucial to investigate because there are numerous attacks, such as Covert Timing Channels attacks, that heavily rely on them. In this article, we conduct a statistical analysis of the TCP inter-arrival times of two major key streaming programs (Zoom and Skype), which are frequently used, particularly during and following the COVID-19 pandemic. Using two internet-connected devices and the statistical measures of TCP, a dataset of 18,371 instances is created for this use. Five machine learning algorithms are evaluated on balanced and imbalanced forms of the dataset. The results revealed that the traffic of Zoom and Skype calls can be identified by machine learning algorithms with an accuracy of up to 99% by random forest.","PeriodicalId":256713,"journal":{"name":"2022 International Arab Conference on Information Technology (ACIT)","volume":"84 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Arab Conference on Information Technology (ACIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ACIT57182.2022.9994184","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

One of the most crucial considerations, when considering security vulnerabilities, is network traffic. There is still potential for more research on the inter-arrival time side, even though some studies concentrate on network traffic from the perspective of the packet fields such as packet length and packet number. Inter-arrival timings are crucial to investigate because there are numerous attacks, such as Covert Timing Channels attacks, that heavily rely on them. In this article, we conduct a statistical analysis of the TCP inter-arrival times of two major key streaming programs (Zoom and Skype), which are frequently used, particularly during and following the COVID-19 pandemic. Using two internet-connected devices and the statistical measures of TCP, a dataset of 18,371 instances is created for this use. Five machine learning algorithms are evaluated on balanced and imbalanced forms of the dataset. The results revealed that the traffic of Zoom and Skype calls can be identified by machine learning algorithms with an accuracy of up to 99% by random forest.

查看原文本刊更多论文

基于网络流量统计度量的流应用检测分类器

在考虑安全漏洞时，最重要的考虑因素之一是网络流量。尽管一些研究主要是从包长度、包数等包域的角度对网络流量进行研究，但在到达间时间方面的研究仍有潜力。到达间隔时间对于调查是至关重要的，因为有许多攻击，如隐蔽时间通道攻击，严重依赖于它们。在本文中，我们对两个主要关键流媒体程序(Zoom和Skype)的TCP间隔到达时间进行了统计分析，这两个程序经常被使用，特别是在COVID-19大流行期间和之后。使用两个连接互联网的设备和TCP的统计度量，为此创建了一个包含18,371个实例的数据集。在数据集的平衡和不平衡形式上评估了五种机器学习算法。结果显示，Zoom和Skype通话的流量可以通过随机森林的机器学习算法识别，准确率高达99%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 International Arab Conference on Information Technology (ACIT)

自引率

0.00%

发文量