An analysis of clustering objectives for feature selection applied to encrypted traffic identification

Author

Bacquet, Carlos ; Zincir-Heywood, Nur A. ; Heywood, Malcolm I.

Author_Institution

Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada

fYear

2010

fDate

18-23 July 2010

Firstpage

1

Lastpage

8

Abstract

This work explores the use of clustering objectives in a Multi-Objective Genetic Algorithm (MOGA) for both, feature selection and cluster count optimization, under the application of flow based encrypted traffic identification. We first explore whether it is possible to achieve the performance of a gold standard model (i.e., classification objectives), using a MOGA based on clustering objectives. Then, we explore the performance gain (if it exists) of applying a logarithmic transformation to the data prior to running the MOGA. Results show that MOGA trained with clustering objectives can closely reproduce the behavior of a gold standard model, not only in terms of the selected features, but also in terms of the achieved detection rate and false positives rate, above 90% and less than 1% respectively. On the other hand, no gain was observed by applying logarithmic transformation to the data.

Keywords

cryptography; genetic algorithms; pattern clustering; telecommunication security; telecommunication traffic; cluster count optimization; clustering objective analysis; feature selection; flow generation; gold standard model; logarithmic transformation; multiobjective genetic algorithm; traffic identification encryption; Accuracy; Cryptography; Gold; Payloads; Protocols; Training; Training data;

fLanguage

English

Publisher

ieee

Conference_Titel

Evolutionary Computation (CEC), 2010 IEEE Congress on

Conference_Location

Barcelona

Print_ISBN

978-1-4244-6909-3

Type

conf

DOI

10.1109/CEC.2010.5586163

Filename

5586163