Classifying SSH encrypted traffic with minimum packet header features using genetic programming

Created by W.Langdon from gp-bibliography.bib Revision:1.4524

  author =       "Riyad Alshammari and Peter Lichodzijewski and 
                 Malcolm I. Heywood and A. Nur Zincir-Heywood",
  title =        "Classifying SSH encrypted traffic with minimum packet
                 header features using genetic programming",
  booktitle =    "GECCO-2009 Defense applications of computational
                 intelligence workshop",
  year =         "2009",
  editor =       "Anna I. Esparcia and Ying-ping Chen and 
                 Gabriela Ochoa and Ender Ozcan and Marc Schoenauer and Anne Auger and 
                 Hans-Georg Beyer and Nikolaus Hansen and 
                 Steffen Finck and Raymond Ros and Darrell Whitley and 
                 Garnett Wilson and Simon Harding and W. B. Langdon and 
                 Man Leung Wong and Laurence D. Merkle and Frank W. Moore and 
                 Sevan G. Ficici and William Rand and Rick Riolo and 
                 Nawwaf Kharma and William R. Buckley and Julian Miller and 
                 Kenneth Stanley and Jaume Bacardit and Will Browne and 
                 Jan Drugowitsch and Nicola Beume and Mike Preuss and 
                 Stephen L. Smith and Stefano Cagnoni and Jim DeLeo and 
                 Alexandru Floares and Aaron Baughman and 
                 Steven Gustafson and Maarten Keijzer and Arthur Kordon and 
                 Clare Bates Congdon and Laurence D. Merkle and 
                 Frank W. Moore",
  pages =        "2539--2546",
  address =      "Montreal",
  publisher =    "ACM",
  publisher_address = "New York, NY, USA",
  month =        "8-12 " # jul,
  organisation = "SigEvo",
  keywords =     "genetic algorithms, genetic programming",
  isbn13 =       "978-1-60558-325-9",
  bibsource =    "DBLP,",
  DOI =          "doi:10.1145/1570256.1570358",
  abstract =     "The classification of Encrypted Traffic, namely Secure
                 Shell (SSH), on the fly from network TCP traffic
                 represents a particularly challenging application
                 domain for machine learning. Solutions should ideally
                 be both simple - therefore efficient to deploy - and
                 accurate. Recent advances to team based Genetic
                 Programming provide the opportunity to decompose the
                 original problem into a subset of classifiers with
                 non-overlapping behaviors, in effect providing further
                 insight into the problem domain and increasing the
                 throughput of solutions. Thus, in this work we have
                 investigated the identification of SSH encrypted
                 traffic based on packet header features without using
                 IP addresses, port numbers and payload data. Evaluation
                 of C4.5 and AdaBoost - representing current best
                 practice - against the Symbiotic Bid-based (SBB)
                 paradigm of team-based Genetic Programming (GP) under
                 data sets common and independent from the training
                 condition indicates that SBB based GP solutions are
                 capable of providing simpler solutions without
                 sacrificing accuracy.

  notes =        "Distributed on CD-ROM at GECCO-2009.

                 ACM Order Number 910092.",

Genetic Programming entries for Riyad Alshammari Peter Lichodzijewski Malcolm Heywood Nur Zincir-Heywood