Traffic classification using machine learning

We are currently working with a team from the Institute for Web Technologies & Applications at the University of Applied Sciences Kufstein to get our Application Control module ready for the future. Machine learning (ML) is to be used to classify data traffic as part of a project funded by the state

Initial position

Application Control uses Deep Packet Inspection (DPI) to both monitor and filter data traffic. It is possible to ensure that certain applications or protocols are allowed to pass entirely or with limited throughput, or not allowed to pass at all. This makes this IACBOX module a valuable tool for WiFi operators: they can allow their guests, staff or visitors to check emails but not stream movies or series, for example. This may be appropriate when it comes to making efficient use of available bandwidth, or when user groups have specific requirements. This is because it does not always make sense to treat an adult and a child, or a luxury guest and someone booking a bargain deal in the same way.

Deep Packet Inspection essentially works if you can monitor the data on a connection, or if the connection setup is unique. This is the point at which we realise what motivated us to deal with a project like this in the first place. Increasingly encrypted connections are a data transmission development that should actually be welcomed, but this has now become the biggest obstacle to DPI, and hence to our Application Control.

What is a clear benefit for data protection and general network security presents an obstacle for a network operator, even if it has legitimate reasons for using a DPI. Targeted restrictions can maintain the quality of the network at a high level, ensure funding by distinguishing between WiFi offerings at different prices, and also protect children or pupils, for example, from unwanted or illegal content.

Application Control only partially detects encrypted connections and rates them unknown – they cannot be blocked, nor can their bandwidth be limited. Encrypted connections (mainly HTTPS) will become more common in future, so Application Control needs support.

How  is this support structured?

A new technique is needed for classifying data packets. This is where the university team comes in. The project team from the Institute for Web Technologies & Applications under the direction of lecturer Lukas Huber, MSc, will be working on a potential process until February 2020 with the aid of machine learning. The objective of the first project phase is to differentiate between WhatsApp connections and Facebook connections. Connection metadata such as packet size, the number of packets and packet timing are filtered out, which trains the model. This is a self-learning algorithm where data is input and the goal is identified.

Speaking of Artificial Intelligence: IBM’s Deep Blue chess computer beat reigning world chess champion Garry Kasparov more than 20 years ago. In those days, this news triggered days of headlines throughout the mainstream media. When an AI like Google’s ALphaZero has no prior knowledge of the game yet turns into a grand master within four hours of starting to play and defeats Stockfish, currently the best chess program, in 100 consecutive games or reaches a stalemate, this is still an interesting headline in specialist journals – but mainly for tech enthusiasts.

But chess is merely a training ground: AI is becoming suitable for everyday use and is being used in increasingly defined areas. Projects like ours indicate clearly how artificial intelligence methods and techniques are finding their way into more and more technologies used in our day-to-day lives.

The first phase of the IACBOX ML project is devoted solely to basic research in order to determine which metadata is suitable for training. In the next step, the model will then be developed further for practical use until it can be incorporated into our product. Machine learning will play an important part in the classification of data traffic in future, and this research project with the University of Applied Sciences Kufstein will bring the IACBOX one step closer to this objective.

Are you interested in wireless Internet access for guests, staff or things for your enterprise, or do you provide network solutions for clients? Drop a few lines to share your opinion with us:

At Asteas, we see it as our task to shape wireless Internet access in networks efficient and legally conformant for the supplier, efficient and comfortable for the user and secure for both.

For more information, visit our website or contact us here.

More information
This website uses cookies to improve its usability.