An Investigation of Learning Model Technologies for Network Traffic Classification Design in Cyber Security Exercisesopen access
- Authors
- Jang, Younghoan; Kim, Dong-Wook; Shin, Gun-Yoon; Cho, Seungjae; Kim, Kwangsoo; Kang, Jaesik; Han, Myung-Mook
- Issue Date
- Nov-2023
- Publisher
- IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
- Keywords
- Classification; cyber resilience; cyber-attack; network traffic; reinforcement learning supervised learning; unsupervised learning
- Citation
- IEEE ACCESS, v.11, pp 138712 - 138731
- Pages
- 20
- Journal Title
- IEEE ACCESS
- Volume
- 11
- Start Page
- 138712
- End Page
- 138731
- URI
- https://scholarworks.bwise.kr/gachon/handle/2020.sw.gachon/89835
- DOI
- 10.1109/ACCESS.2023.3336674
- ISSN
- 2169-3536
- Abstract
- With the proliferation of network systems, the boundaries between cyber and physical environments are blurring, leading to an increased risk of sophisticated cyber-attacks equipped with advanced technologies. In particular, as advancements in artificial intelligence through learning models have led to automated attacks and attack scenarios, countries are implementing cyber training and constructing training systems to respond to cyber security threats. This cyber training is based on existing cyber-attacks and conducted in virtual spaces similar to reality, generating network traffic through simulators and focusing on training for attack response and cyber resilience. However, the exponential increase in the number of network-based devices and the amount of network traffic they generate is leading to a gradual increase in threats to cyber security. In this study, first investigated the existing port number-based network traffic classification technologies and payload-based network traffic classification technologies to identify their shortcomings in the current network environment. We then categorized existing studies into supervised, unsupervised, and reinforcement learning to analyze the technology of classifying network traffic based on learning models as well as classification methods, procedures, performance standards, evaluation methods, quality of service/quality of experience, etc. Based on the analysis, presented limitations for application to training networks according to the learning method and suggested recommendations for establishing future research directions. Therefore, refining learning model-based network traffic classification technology will contribute to the construction of automated cyber training grounds such as cyber-attack-defense scenarios, network traffic anomaly detection, and maximizing cumulative rewards.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - ETC > 1. Journal Articles
![qrcode](https://api.qrserver.com/v1/create-qr-code/?size=55x55&data=https://scholarworks.bwise.kr/gachon/handle/2020.sw.gachon/89835)
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.