An Investigation of Multi-objective Genetic Algorithms for Encrypted Traffic Identification

  • Carlos Bacquet
  • A. Nur Zincir-Heywood
  • Malcolm I. Heywood
Conference paper
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 63)


The increasing use of encrypted traffic combined with non-standard port associations makes the task of traffic identification increasingly difficult. This work adopts a multi-objective clustering approach to the problem in which a Genetic Algorithm performs both feature selection and cluster count optimization under a flow based representation. Solutions do not use port numbers, IP address or payload. Performance of the resulting model provides 90% detection 0.8% false positive rates with 13 clusters supported by 14 of the original 38 features.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alshammari, R., Zincir-Heywood, N.: Generalization of Signatures for SSH Traffic Identification. In: IEEE Symposium Series on Computational Intelligence (2009)Google Scholar
  2. 2.
    Alshammari, R., Zincir-Heywood, N.: Investigating two different approaches for encrypted traffic classification. In: Sixth Annual Conference on Privacy, Security and Trust, pp. 156–166 (2008)Google Scholar
  3. 3.
    Alshammari, R., Zincir-Heywood, N.: A flow based approach for SSH traffic detection. ISIC. In: IEEE International Conference on Systems, Man and Cybernetics, pp. 296–301 (2007)Google Scholar
  4. 4.
    Bernaille, L., Teixeira, R., Akodkenou, I., Soule, A., Salamatian, K.: Traffic classification on the fly. SIGCOMM Comput. Commun. Rev. 36(2), 23–26 (2006)CrossRefGoogle Scholar
  5. 5.
    Erman, J., Arlitt, M., Mahanti, A.: Traffic classification using clustering algorithms. In: SIGCOMM Workshop on Mining Network Data, pp. 281–286. ACM, New York (2006)CrossRefGoogle Scholar
  6. 6.
    YeongSeog, K., Street, W.N., Menczer, F.: Feature selection in unsupervised learning via evolutionary search. In: Sixth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 365–369. ACM, New York (2000)Google Scholar
  7. 7.
    Kumar, R., Rockett, P.: Improved sampling of the pareto-front in multiobjective genetic optimizations by steady-state evolution: A pareto converging genetic algorithm. Evol. Comput. 10(3), 283–314 (2002)CrossRefGoogle Scholar
  8. 8.
    Siqueira Junior, G.P., Bessa Maia, J.E., Holanda, R., Neuman de Sousa, J.: P2P traffic identification using cluster analysis. In: First International Global Information Infrastructure Symposium (GIIS), pp. 128–133 (2007)Google Scholar
  9. 9.
    Wright, C., Monrose, F., Masson, G.: On inferring application protocol behaviors in encrypted network traffic. J. Mach. Learn. Res. 7, 2745–2769 (2006)MathSciNetGoogle Scholar
  10. 10.
    Yingqiu, L., Wei, L., Yun-Chun, L.: Network traffic classification using K-means clustering. In: Second International Multi-Symposiums on Computer and Computational Sciences (IMSCCS), pp. 360–365. IEEE Computer Society, Washington (2007)Google Scholar
  11. 11.
  12. 12.
  13. 13.
  14. 14.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Carlos Bacquet
    • 1
  • A. Nur Zincir-Heywood
    • 1
  • Malcolm I. Heywood
    • 1
  1. 1.Faculty of Computer ScienceDalhousie University 

Personalised recommendations