Countering Machine-Learning Classification of Applications by Equalizing Network Traffic Statistics

Document Type

Article

Publication Date

1-1-2021

Abstract

We propose to equalize primary statistical metrics to decrease adversarial classification accuracy of network traffic classifiers that are based on supervised machine learning (ML) algorithms. We use packet count, inter-arrival times, and packet length as primary traffic metrics and estimate their effect on classification accuracy when used for application identification. Internet traffic classification has been used for website fingerprinting and application layer protocols in the past. Here, we consider for identifying six popular but different user applications (e.g., Skype and others). We evaluate the performance of many ML algorithms in the identification of user applications on intact traffic collected from an actual production campus network and show that these ML algorithms classify the considered applications with an average precision and recall of up to 0.96. We apply the three proposed equalizing methods and show that the modified statistics decrease the average precision and recall of the considered traffic classifiers to 0.56. We discuss the efficacy of each of the proposed methods through exhaustive evaluations on actual network traffic and the effect of the implementation of these methods on other traffic properties.

Identifier

85115728285 (Scopus)

Publication Title

IEEE Transactions on Network Science and Engineering

External Full Text Location

https://doi.org/10.1109/TNSE.2021.3113656

e-ISSN

23274697

First Page

3392

Last Page

3403

Issue

4

Volume

8

This document is currently not available here.

Share

COinS