Network Phenotyping for Network Traffic Classification and Anomaly Detection

This paper proposes a network phenotyping mechanism based on network resource usage analysis for network traffic classification and anomaly detection. The network phenotyping may use different metrics in the cyber-physical systems (CPS), including resource and network usage monitoring, physical state estimation. The set of devices will collectively decide a holistic view of the entire system through advanced image analysis and machine learning methods. In this paper, we choose the network traffic pattern as a study case to demonstrate the effectiveness of the proposed method, while the methodology may similarly apply to classification and anomaly detection for other resource metrics. We extract and recognize the spatial and temporal communication patterns based on the network resource usage. The phenotype method is testified through four real-world decentralized applications. With proper length of network resource usage, the overall recognition accuracy achieves as high as 99%. Sequentially, the recognition accuracy is used to detect the network traffic anomaly. We simulate the anomalous usage to be 10%, 20% and 30% of the normal network resource usage. The experiments show the proposed method is efficient in detecting each intensity of network resource usage anomaly.