Network traffic classification: Techniques, datasets, and challenges

Ahmad Azab; Mahmoud Khasawneh; Saed Alrabaee; Kim Kwang Raymond Choo; Maysa Sarsour

doi:10.1016/j.dcan.2022.09.009

Network traffic classification: Techniques, datasets, and challenges

Ahmad Azab, Mahmoud Khasawneh, Saed Alrabaee, Kim Kwang Raymond Choo, Maysa Sarsour

Department of Information System and Security

Research output: Contribution to journal › Review article › peer-review

79 Citations (Scopus)

Abstract

In network traffic classification, it is important to understand the correlation between network traffic and its causal application, protocol, or service group, for example, in facilitating lawful interception, ensuring the quality of service, preventing application choke points, and facilitating malicious behavior identification. In this paper, we review existing network classification techniques, such as port-based identification and those based on deep packet inspection, statistical features in conjunction with machine learning, and deep learning algorithms. We also explain the implementations, advantages, and limitations associated with these techniques. Our review also extends to publicly available datasets used in the literature. Finally, we discuss existing and emerging challenges, as well as future research directions.

Original language	English
Pages (from-to)	676-692
Number of pages	17
Journal	Digital Communications and Networks
Volume	10
Issue number	3
DOIs	https://doi.org/10.1016/j.dcan.2022.09.009
Publication status	Published - Jun 2024

Keywords

Deep learning
Deep packet inspection
Machine learning
Network classification
Traffic monitoring

ASJC Scopus subject areas

Hardware and Architecture
Computer Networks and Communications

Access to Document

10.1016/j.dcan.2022.09.009

Cite this

@article{56f5feae5c124d67b5a403c812fb03e6,

title = "Network traffic classification: Techniques, datasets, and challenges",

abstract = "In network traffic classification, it is important to understand the correlation between network traffic and its causal application, protocol, or service group, for example, in facilitating lawful interception, ensuring the quality of service, preventing application choke points, and facilitating malicious behavior identification. In this paper, we review existing network classification techniques, such as port-based identification and those based on deep packet inspection, statistical features in conjunction with machine learning, and deep learning algorithms. We also explain the implementations, advantages, and limitations associated with these techniques. Our review also extends to publicly available datasets used in the literature. Finally, we discuss existing and emerging challenges, as well as future research directions.",

keywords = "Deep learning, Deep packet inspection, Machine learning, Network classification, Traffic monitoring",

author = "Ahmad Azab and Mahmoud Khasawneh and Saed Alrabaee and Choo, {Kim Kwang Raymond} and Maysa Sarsour",

note = "Publisher Copyright: {\textcopyright} 2024 Chongqing University of Posts and Telecommunications",

year = "2024",

month = jun,

doi = "10.1016/j.dcan.2022.09.009",

language = "English",

volume = "10",

pages = "676--692",

journal = "Digital Communications and Networks",

issn = "2468-5925",

publisher = "KeAi Communications Co",

number = "3",

}

TY - JOUR

T1 - Network traffic classification

T2 - Techniques, datasets, and challenges

AU - Azab, Ahmad

AU - Khasawneh, Mahmoud

AU - Alrabaee, Saed

AU - Choo, Kim Kwang Raymond

AU - Sarsour, Maysa

PY - 2024/6

Y1 - 2024/6

N2 - In network traffic classification, it is important to understand the correlation between network traffic and its causal application, protocol, or service group, for example, in facilitating lawful interception, ensuring the quality of service, preventing application choke points, and facilitating malicious behavior identification. In this paper, we review existing network classification techniques, such as port-based identification and those based on deep packet inspection, statistical features in conjunction with machine learning, and deep learning algorithms. We also explain the implementations, advantages, and limitations associated with these techniques. Our review also extends to publicly available datasets used in the literature. Finally, we discuss existing and emerging challenges, as well as future research directions.

AB - In network traffic classification, it is important to understand the correlation between network traffic and its causal application, protocol, or service group, for example, in facilitating lawful interception, ensuring the quality of service, preventing application choke points, and facilitating malicious behavior identification. In this paper, we review existing network classification techniques, such as port-based identification and those based on deep packet inspection, statistical features in conjunction with machine learning, and deep learning algorithms. We also explain the implementations, advantages, and limitations associated with these techniques. Our review also extends to publicly available datasets used in the literature. Finally, we discuss existing and emerging challenges, as well as future research directions.

KW - Deep learning

KW - Deep packet inspection

KW - Machine learning

KW - Network classification

KW - Traffic monitoring

UR - http://www.scopus.com/inward/record.url?scp=85146766916&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85146766916&partnerID=8YFLogxK

U2 - 10.1016/j.dcan.2022.09.009

DO - 10.1016/j.dcan.2022.09.009

M3 - Review article

AN - SCOPUS:85146766916

SN - 2468-5925

VL - 10

SP - 676

EP - 692

JO - Digital Communications and Networks

JF - Digital Communications and Networks

IS - 3

ER -

Network traffic classification: Techniques, datasets, and challenges

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this