CLASSIFICATION OF NETWORK PROTOCOLS WITH APPLICATION OF MACHINE LEARNING METHODS AND FUZZY LOGIC ALGORITHMS IN TRAFFIC ANALYSIS SYSTEMS

Abstract

This paper presents a new effective approach to analyzing network traffic in order to determine the protocol of information exchange. A brief description of the structure of the algorithm for classifying network packets by belonging to one of the known network protocols is given. To define the protocol, the principle of high-speed one-packet classification is used, which consists in analyzing the information transmitted in each particular packet. Elements of behavioral analysis are used, namely, the transition states of information exchange protocols are classified, which allows to achieve a higher level of accuracy of classification and a higher degree of generalization in new test samples. The topic of the article is relevant in connection with the rapid growth of transmitted traffic, including malicious traffic, and the emergence of new technologies for transmitting and processing information. The article analyzes the place of traffic analysis systems among other information security systems, describes the tasks that they allow to solve. It is shown that when recognizing the internal state in which a particular protocol may be in the process of information exchange at the handshake stage, a classifier of network packets of the application level can be useful. To classify network packets, we used fuzzy logic algorithms (Mamdani model) and machine learning methods (neural network solutions based on logistic regression). The paper presents 4 stages of developing a network packet classifier – monitoring and collecting packet statistics of the most famous network traffic protocols, preprocessing primary packet statistics, building a classifier for network packets and testing. The test results of the constructed software module capable of identifying network protocols for information exchange are demonstrated.