Classifying SSH encrypted traffic with minimum packet header features using genetic programming
Created by W.Langdon from
gp-bibliography.bib Revision:1.2031
@InProceedings{DBLP:conf/gecco/AlshammariLHZ09,
author = "Riyad Alshammari and Peter Lichodzijewski and
Malcolm I. Heywood and A. Nur Zincir-Heywood",
title = "Classifying {SSH} encrypted traffic with minimum
packet header features using genetic programming",
booktitle = "GECCO-2009 Defense applications of computational
intelligence workshop",
year = "2009",
editor = "Anna I. Esparcia and Ying-ping Chen and
Gabriela Ochoa and Ender Ozcan and Marc Schoenauer and Anne Auger and
Hans-Georg Beyer and Nikolaus Hansen and
Steffen Finck and Raymond Ros and Darrell Whitley and
Garnett Wilson and Simon Harding and W. B. Langdon and
Man Leung Wong and Laurence D. Merkle and Frank W. Moore and
Sevan G. Ficici and William Rand and Rick Riolo and
Nawwaf Kharma and William R. Buckley and Julian Miller and
Kenneth Stanley and Jaume Bacardit and Will Browne and
Jan Drugowitsch and Nicola Beume and Mike Preuss and
Stephen L. Smith and Stefano Cagnoni and Jim DeLeo and
Alexandru Floares and Aaron Baughman and
Steven Gustafson and Maarten Keijzer and Arthur Kordon and
Clare Bates Congdon and Laurence D. Merkle and
Frank W. Moore",
pages = "2539--2546",
address = "Montreal",
publisher = "ACM",
publisher_address = "New York, NY, USA",
month = "8-12 " # jul,
organisation = "SigEvo",
keywords = "genetic algorithms, genetic programming",
isbn13 = "978-1-60558-325-9",
bibsource = "DBLP, http://dblp.uni-trier.de",
doi = "
doi:10.1145/1570256.1570358",
abstract = "The classification of Encrypted Traffic, namely Secure
Shell (SSH), on the fly from network TCP traffic
represents a particularly challenging application
domain for machine learning. Solutions should ideally
be both simple - therefore efficient to deploy - and
accurate. Recent advances to team based Genetic
Programming provide the opportunity to decompose the
original problem into a subset of classifiers with
non-overlapping behaviors, in effect providing further
insight into the problem domain and increasing the
throughput of solutions. Thus, in this work we have
investigated the identification of SSH encrypted
traffic based on packet header features without using
IP addresses, port numbers and payload data. Evaluation
of C4.5 and AdaBoost - representing current best
practice - against the Symbiotic Bid-based (SBB)
paradigm of team-based Genetic Programming (GP) under
data sets common and independent from the training
condition indicates that SBB based GP solutions are
capable of providing simpler solutions without
sacrificing accuracy.
",
notes = "Distributed on CD-ROM at GECCO-2009.
ACM Order Number 910092.",
}
Genetic Programming entries for
Riyad Alshammari
Peter Lichodzijewski
Malcolm Heywood
Nur Zincir-Heywood