Network Supervision via Protocol Identification in the Network

Abstract

This paper is focused on a comparison of ML (Machine Learning) and DNN (Deep Neural Network) techniques in protocol recognition to support network supervision for further proper handling, e.g., detection of a security incident. The DNN approach uses 11 layers and the ML approach is consisting of 28 mutually different predictive models. Both techniques were performed/compared on a freely accessible dataset containing browsing pcap files for further comparison, e.g., with other approaches. The predictive multiclass models were trained (fitted) to be capable of detecting five network protocols. Both approaches were compared by the achieved accuracy (based on testing and validating data), learning time, and predicting the time point of view. Using the ML approach, we were able to recognize the protocol with an accuracy of 1 and using DNN with an accuracy of 0.97.