Classification of network traffic using machine learning methods

Abstract

The growth of traffic sources and their diversity leads to increased traffic volumes. This makes existing traffic classification methods less effective. In addition, the expansion of the range of services provided leads to the emergence of new threats and vulnerabilities in the network. The task of detecting threats at an early stage is very important, as losses from threats have increased significantly worldwide in recent years, and early detection will help minimize possible risks. At the same time, implementing artificial intelligence software into all network elements, as part of the 5G/6G concept, allows part of the attack detection procedures to be transferred to the network edge, primarily to base stations. The use of intelligent traffic classification methods will help to increase the efficiency of information processing, as well as detect anomalous traffic blocks and block their sources. The paper is devoted to the urgent task of analyzing the efficiency (accuracy, speed) of traffic classification methods with subsequent detection of malicious traffic. According to the results, the best methods for accuracy and speed are Decision Tree (DT) and Random Forest (RF). The optimal sets of hyper-parameters have been determined for all the analyzed methods. The next most efficient are multilayer perceptron neural networks and methods based on rules and fuzzy sets, but both algorithms require much longer training time than all others. The scientific novelty of the work is due to the analysis of the possibilities of applying classification methods based on rules and fuzzy sets and a comprehensive analysis of the performance of the studied methods on a real dataset. These traffic classification and anomaly detection methods should be implemented at base stations to increase the security and resilience of mobile networks.