Table 8 Summary of NFV ⋆ and SDN †-based traffic classification
Ref. | ML Technique | Dataset | Features | Classes | Evaluation | |
|---|---|---|---|---|---|---|
Settings | Results | |||||
He et al. [182] ⋆ | Supervised k-NN, Linear-SVM, Radial-SVM, DT, RF, Extended Tree, AdaBoost, Gradient-AdaBoost, NB, MLP | KDD [42] | Protocol, network service, source bytes, destination bytes, login status, error rate, connection counts, connection percentages (different services among the same host, different hosts among the same service) | Attack types from [450] | Dynamic selection of classifier and features to collect | Accuracy = 95.6% |
Amaral et al. [19] †| Supervised RF, SGBoost, XGBoost | Proprietary: enterprise network | Packet size (1 to N packets), packet timestamp (1 to N packets), inter-arrival time (N packets), source/destination MAC, source/destination IP, source/destination port, flow duration, packet count byte count | BitTorrent, Dropbox, Facebook, Web Browsing (HTTP), LinkedIn, Skype, Vimeo, YouTube | N=5 | RF: Accuracy 73.6-96.0% SGBoost: Accuracy 71.2-93.6% XGBoost: Accuracy 73.6-95.2% |
Wang et al. [462] †| Semi-supervised Laplacian-SVM | Proprietary: univ. network | Entropy of packet length, average packet length (source to destination and vice versa), source port, destination port, packets to respond from source to destination, minimum length of packets from destination to source, packet inactivity degree from source to destination, median of packet length from source to destination for the first N packets | Voice/video conference, streaming, bulk data transfer, interactive | N=20, Laplacian-SVM parameters λ=0.00001−0.0001, σ=0.21−0.23 | Accuracy > 90% |