Classifying SSH encrypted traffic with minimum packet header features using genetic programming

Riyad Alshammari, Peter I. Lichodzijewski, Malcolm Heywood, A. Nur Zincir-Heywood
<span title="">2009</span> <i title="ACM Press"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/fdhfwmjdwjbvxo6zc7cdt5hi7q" style="color: black;">Proceedings of the 11th annual conference companion on Genetic and evolutionary computation conference - GECCO &#39;09</a> </i> &nbsp;
The classification of Encrypted Traffic, namely Secure Shell (SSH), on the fly from network TCP traffic represents a particularly challenging application domain for machine learning. Solutions should ideally be both simple -therefore efficient to deploy -and accurate. Recent advances to teambased Genetic Programming provide the opportunity to decompose the original problem into a subset of classifiers with non-overlapping behaviors, in effect providing further insight into the problem domain
more &raquo; ... increasing the throughput of solutions. Thus, in this work we have investigated the identification of SSH encrypted traffic based on packet header features without using IP addresses, port numbers and payload data. Evaluation of C4.5 and AdaBoost -representing current best practice -against the Symbiotic Bid-based (SBB) paradigm of team-based Genetic Programming (GP) under data sets common and independent from the training condition indicates that SBB based GP solutions are capable of providing simpler solutions without sacrificing accuracy.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/1570256.1570358">doi:10.1145/1570256.1570358</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/gecco/AlshammariLHZ09.html">dblp:conf/gecco/AlshammariLHZ09</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/jlfsgtzk3jgz5eb4ddmutfgtxa">fatcat:jlfsgtzk3jgz5eb4ddmutfgtxa</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20110401191457/http://web.cs.dal.ca/~zincir/bildiri/daci09-rpnm.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/68/76/6876bd85a1d9e76231afb1e6682dfcd6604f453d.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/1570256.1570358"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> acm.org </button> </a>