Machine Learning based Traffic Classification using Low Level Features and Statistical Analysis

In this paper, Data mining technique is used to present the concept of attack data analysis and traffic classification. Here the system is completely a automated system that contains packet capturing, processing of multiple attack logs, labeling of network traffic based on low level features and applying the classification algorithm to build a traffic classifier which will classify the normal and malicious traffic. In this paper mixing of machine learning approach and behavior based analysis is done to valid the analysis results in a better way. Previously lot's of work has been done in this field to classify the network logs but all of the existing techniques such as payload based, port based classifications have their own advantages and disadvantages but classification using Machine Learning techniques is still an open field to explore and has provided an excellent results up till now. The main aim of the proposed work is to perform the passive traffic monitoring based on honeypot technology and then analyze the network attack logs to determine the intruders. We collect attack data throw honeypot system and normal user browser than we combined that attack data and develop an automated traffic classification system based on the low level features of the network traffic. This type of classification will help the IT administrators to determine the unknown attacks spreading in the IT industry.