Lame´ curve-based signature discovery learning technique for network traffic classification

Most recent research shows that network intrusion traffic types can be represented by concentric unit circles while network protocols such as http and https can be represented by rectangles. These geometric properties can be used to develop signatures which can be applied to classify different types of network traffic. Discovering these signatures can be done using representation learning techniques. This paper proposes an approach which constructs signatures using a Lame´ curve and its parameters. A Lame´ curve is useful for defining hypo- and hyper- ellipses, and therefore helps approximate intrusion patterns and http/https traffic patterns to circular and rectangular models respectively. Using a supervised learning approach, a p-fold cross-validation technique, and labeled network traffic datasets, suitable values for the Lame´ curve parameters are learned that can robustly create signatures for both intrusion traffic and network protocol (http and https) types. Unlike the concentric unit-circle algorithm that defines perfect circular patterns, and a rectangular representation algorithm that defines fine rectangular patterns, the proposed Lame´ curve technique helps represent the traffic data by approximated geometric (circles and rectangles) shapes. This signature property leads to a robust representation learning technique that is suitable for discrete-value traffic data and helps achieve robust classification of different types of network traffic.