Next Article in Journal
Robust Detection of Bearing Early Fault Based on Deep Transfer Learning
Previous Article in Journal
Study on Operational Characteristics of Protection Relay with Fault Current Limiters in an LVDC System
Open AccessArticle

Improved KNN Algorithm for Fine-Grained Classification of Encrypted Network Flow

by Chencheng Ma 1,2, Xuehui Du 1,2,* and Lifeng Cao 1,2
1
National Digital Switching System Engineering and Technological Research Center, Zhengzhou 450000, China
2
Zhengzhou Science and Technology Institute, Zhengzhou 450000, China
*
Author to whom correspondence should be addressed.
Electronics 2020, 9(2), 324; https://doi.org/10.3390/electronics9020324
Received: 8 January 2020 / Revised: 7 February 2020 / Accepted: 11 February 2020 / Published: 13 February 2020
(This article belongs to the Section Networks)
The fine-grained classification of encrypted traffic is important for network security analysis. Malicious attacks are usually encrypted and simulated as normal application or content traffic. Supervised machine learning methods are widely used for traffic classification and show good performances. However, they need a large amount of labeled data to train a model, while labeled data is hard to obtain. Aiming at solving this problem, this paper proposes a method to train a model based on the K-nearest neighbor (KNN) algorithm, which only needs a small amount of data. Due to the fact that the importance of different traffic features varies, and traditional KNN does not highlight the importance of different features, this study introduces the concept of feature weight and proposes the weighted feature KNN (WKNN) algorithm. Furthermore, to obtain the optimal feature set and the corresponding feature weight set, a feature selection and feature weight self-adaptive algorithm for WKNN is proposed. In addition, a three-layer classification framework for encrypted network flows is established. Based on the improved KNN and the framework, this study finally presents a method for fine-grained classification of encrypted network flows, which can identify the encryption status, application type and content type of encrypted network flows with high accuracies of 99.3%, 92.4%, and 97.0%, respectively. View Full-Text
Keywords: encrypted network flow classification; K-nearest neighbor algorithm; feature selection and weighted; fine-grained analysis; small training set encrypted network flow classification; K-nearest neighbor algorithm; feature selection and weighted; fine-grained analysis; small training set
Show Figures

Figure 1

MDPI and ACS Style

Ma, C.; Du, X.; Cao, L. Improved KNN Algorithm for Fine-Grained Classification of Encrypted Network Flow. Electronics 2020, 9, 324.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop