Hybrid multicriteria fuzzy classification of network traffic patterns, anomalies, and protocols

Traffic classification in computer networks has very significant roles in network operation, management, and security. Examples include controlling the flow of information, allocating resources effectively, provisioning quality of service, detecting intrusions, and blocking malicious and unauthorized access. This problem has attracted a growing attention over years and a number of techniques have been proposed ranging from traditional port-based and payload inspection of TCP/IP packets to supervised, unsupervised, and semi-supervised machine learning paradigms. With the increasing complexity of network environments and support for emerging mobility services and applications, more robust and accurate techniques need to be investigated. In this paper, we propose a new supervised hybrid machine-learning approach for ubiquitous traffic classification based on multicriteria fuzzy decision trees with attribute selection. Moreover, our approach can handle well the imbalanced datasets and zero-day applications (i.e., those without previously known traffic patterns). Evaluating the proposed methodology on several benchmark real-world traffic datasets of different nature demonstrated its capability to effectively discriminate a variety of traffic patterns, anomalies, and protocols for unencrypted and encrypted traffic flows. Comparing with other methods, the performance of the proposed methodology showed remarkably better classification accuracy.