New Directions in Automated Traffic Analysis

Jordan Holland; Paul Schmitt; Nick Feamster; Prateek Mittal

doi:10.1145/3460120.3484758

New Directions in Automated Traffic Analysis

Jordan Holland, Paul Schmitt, Nick Feamster, Prateek Mittal

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

87 Scopus citations

Abstract

Machine learning is leveraged for many network traffic analysis tasks in security, from application identification to intrusion detection. Yet, the aspects of the machine learning pipeline that ultimately determine the performance of the model - -feature selection and representation, model selection, and parameter tuning - -remain manual and painstaking. This paper presents a method to automate many aspects of traffic analysis, making it easier to apply machine learning techniques to a wider variety of traffic analysis tasks. We introduce nPrint, a tool that generates a unified packet representation that is amenable for representation learning and model training. We integrate nPrint with automated machine learning (AutoML), resulting in nPrintML, a public system that largely eliminates feature extraction and model tuning for a wide variety of traffic analysis tasks. We have evaluated nPrintML on eight separate traffic analysis tasks and released nPrint, nPrintML and the corresponding datasets from our evaluation to enable future work to extend these methods.

Original language	English (US)
Title of host publication	CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	3366-3383
Number of pages	18
ISBN (Electronic)	9781450384544
DOIs	https://doi.org/10.1145/3460120.3484758
State	Published - Nov 12 2021
Event	27th ACM Annual Conference on Computer and Communication Security, CCS 2021 - Virtual, Online, Korea, Republic of Duration: Nov 15 2021 → Nov 19 2021

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	27th ACM Annual Conference on Computer and Communication Security, CCS 2021
Country/Territory	Korea, Republic of
City	Virtual, Online
Period	11/15/21 → 11/19/21

All Science Journal Classification (ASJC) codes

Software
Computer Networks and Communications

Keywords

automated traffic analysis
machine learning on network traffic
network traffic analysis

Access to Document

10.1145/3460120.3484758

Cite this

Holland, J., Schmitt, P., Feamster, N., & Mittal, P. (2021). New Directions in Automated Traffic Analysis. In CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (pp. 3366-3383). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3460120.3484758

@inproceedings{9fa406d4f2eb4ccca6466dcaf639e82a,

title = "New Directions in Automated Traffic Analysis",

abstract = "Machine learning is leveraged for many network traffic analysis tasks in security, from application identification to intrusion detection. Yet, the aspects of the machine learning pipeline that ultimately determine the performance of the model - -feature selection and representation, model selection, and parameter tuning - -remain manual and painstaking. This paper presents a method to automate many aspects of traffic analysis, making it easier to apply machine learning techniques to a wider variety of traffic analysis tasks. We introduce nPrint, a tool that generates a unified packet representation that is amenable for representation learning and model training. We integrate nPrint with automated machine learning (AutoML), resulting in nPrintML, a public system that largely eliminates feature extraction and model tuning for a wide variety of traffic analysis tasks. We have evaluated nPrintML on eight separate traffic analysis tasks and released nPrint, nPrintML and the corresponding datasets from our evaluation to enable future work to extend these methods.",

keywords = "automated traffic analysis, machine learning on network traffic, network traffic analysis",

author = "Jordan Holland and Paul Schmitt and Nick Feamster and Prateek Mittal",

note = "Publisher Copyright: {\textcopyright} 2021 Owner/Author.; 27th ACM Annual Conference on Computer and Communication Security, CCS 2021 ; Conference date: 15-11-2021 Through 19-11-2021",

year = "2021",

month = nov,

day = "12",

doi = "10.1145/3460120.3484758",

language = "English (US)",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "3366--3383",

booktitle = "CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security",

}

Holland, J, Schmitt, P, Feamster, N & Mittal, P 2021, New Directions in Automated Traffic Analysis. in CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 3366-3383, 27th ACM Annual Conference on Computer and Communication Security, CCS 2021, Virtual, Online, Korea, Republic of, 11/15/21. https://doi.org/10.1145/3460120.3484758

New Directions in Automated Traffic Analysis. / Holland, Jordan; Schmitt, Paul; Feamster, Nick et al.
CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2021. p. 3366-3383 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - New Directions in Automated Traffic Analysis

AU - Holland, Jordan

AU - Schmitt, Paul

AU - Feamster, Nick

AU - Mittal, Prateek

PY - 2021/11/12

Y1 - 2021/11/12

N2 - Machine learning is leveraged for many network traffic analysis tasks in security, from application identification to intrusion detection. Yet, the aspects of the machine learning pipeline that ultimately determine the performance of the model - -feature selection and representation, model selection, and parameter tuning - -remain manual and painstaking. This paper presents a method to automate many aspects of traffic analysis, making it easier to apply machine learning techniques to a wider variety of traffic analysis tasks. We introduce nPrint, a tool that generates a unified packet representation that is amenable for representation learning and model training. We integrate nPrint with automated machine learning (AutoML), resulting in nPrintML, a public system that largely eliminates feature extraction and model tuning for a wide variety of traffic analysis tasks. We have evaluated nPrintML on eight separate traffic analysis tasks and released nPrint, nPrintML and the corresponding datasets from our evaluation to enable future work to extend these methods.

AB - Machine learning is leveraged for many network traffic analysis tasks in security, from application identification to intrusion detection. Yet, the aspects of the machine learning pipeline that ultimately determine the performance of the model - -feature selection and representation, model selection, and parameter tuning - -remain manual and painstaking. This paper presents a method to automate many aspects of traffic analysis, making it easier to apply machine learning techniques to a wider variety of traffic analysis tasks. We introduce nPrint, a tool that generates a unified packet representation that is amenable for representation learning and model training. We integrate nPrint with automated machine learning (AutoML), resulting in nPrintML, a public system that largely eliminates feature extraction and model tuning for a wide variety of traffic analysis tasks. We have evaluated nPrintML on eight separate traffic analysis tasks and released nPrint, nPrintML and the corresponding datasets from our evaluation to enable future work to extend these methods.

KW - automated traffic analysis

KW - machine learning on network traffic

KW - network traffic analysis

UR - http://www.scopus.com/inward/record.url?scp=85119373011&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85119373011&partnerID=8YFLogxK

U2 - 10.1145/3460120.3484758

DO - 10.1145/3460120.3484758

M3 - Conference contribution

AN - SCOPUS:85119373011

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 3366

EP - 3383

BT - CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 27th ACM Annual Conference on Computer and Communication Security, CCS 2021

Y2 - 15 November 2021 through 19 November 2021

ER -

New Directions in Automated Traffic Analysis

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this