Combining Machine and Automata Learning for Network Traffic Classification
Abstract
Viewing the generated packets of an application as the words of a language, automata learning can be used to derive the behavioral packet-based model of applications. The alphabets of the learned automata, manually defined in terms of packets, may cause overfitting. As some packets always appear together, we apply machine learning techniques to automatically define the alphabet set based on the timing and statistical features of packets. Using the learned automata models, the classifier should detect the accepted words of the models in the input. To improve this time-consuming process, we present a framework, called NeTLang, that identifies the application model in terms of k-testable languages. The classification problem is reduced to observing only $$\varTheta (k)$$ symbols from the input with the help of machine learning techniques. Our framework utilizes the two diverse automata learning and machine learning techniques to build on their strengths (to be fast and accurate) and to eliminate their weaknesses (i.e., ignoring temporal relations among packets). According to our results, NeTLang outperforms the state-of-the-art methods using each technique alone.
Origin | Files produced by the author(s) |
---|