Thesis Open Access

Network Traffic Classification Using Machine Learning: A Step Towards Over-the-Top Bypass Fraud Detection

tewodros hailu

MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <controlfield tag="005">20241202095156.0</controlfield>
  <controlfield tag="001">4488</controlfield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">647925</subfield>
    <subfield code="z">md5:d45cbd5fd89e1d88df48cadeabb670f7</subfield>
    <subfield code="u">https://zenodo.org/record/4488/files/f1042664640.pdf</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2018-11-14</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">user-aau</subfield>
    <subfield code="p">user-zenodo</subfield>
    <subfield code="o">oai:zenodo.org:4488</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="a">tewodros hailu</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">Network Traffic Classification Using Machine Learning: A Step Towards Over-the-Top Bypass Fraud Detection</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">user-aau</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">user-zenodo</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">http://www.opendefinition.org/licenses/cc-by</subfield>
    <subfield code="a">Creative Commons Attribution</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;Over-the-Top (OTT) bypass is a type of Interconnect Bypass fraud where regular&lt;br&gt;
voice calls are rerouted through OTT network and terminated as an OTT call. These&lt;br&gt;
calls are terminated using OTT applications which need user&amp;rsquo;s Mobile Station International&lt;br&gt;
Subscriber Directory Number (MSISDN) for authentication. Detecting&lt;br&gt;
OTT voice call packets through different network traffic classification techniques is&lt;br&gt;
one subtask in the detection of this fraud.&lt;br&gt;
In this thesis, performance of three machine learning algorithms; Adaptive Booster&lt;br&gt;
(AdaBoost) + J48, Repeated Incremental Pruning to Produce Error Reduction (RIPPER),&lt;br&gt;
and Support Vector Machine (SVM) is evaluated in detecting MSISDN-based OTT&lt;br&gt;
packets taking Viber, Tango, and Telegram as a sample. Detection of OTT traffic&lt;br&gt;
and voice call packets from the OTT traffic have been treated separately as classification&lt;br&gt;
tasks. Ten cross-fold and separate test data validation techniques together&lt;br&gt;
with 1.7 million labeled packets generated and captured in controlled laboratory&lt;br&gt;
environment are used in the evaluation process.&lt;br&gt;
AdaBoost + J48 achieved the best accuracy on both classification tasks compared to&lt;br&gt;
the others while using ten cross-fold validation. However, an accuracy of 48.4%&lt;br&gt;
obtained in detecting voice call packets while using separate test data validation&lt;br&gt;
makes it less preferable in the classification task. Even if it takes longer time to&lt;br&gt;
train SVM, it was the best performer (95.35% accurate) in detecting voice call packets&lt;br&gt;
in separate test data validation. Considering accuracy attained by the algorithms&lt;br&gt;
in separate test data validation technique together with the detection rate&lt;br&gt;
of OTT voice call packets, SVM is preferable than the other two algorithms&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="773" ind1=" " ind2=" ">
    <subfield code="n">doi</subfield>
    <subfield code="i">isVersionOf</subfield>
    <subfield code="a">10.20372/nadre:4487</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.20372/nadre:4488</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">thesis</subfield>
  </datafield>
</record>
0
0
views
downloads
All versions This version
Views 00
Downloads 00
Data volume 0 Bytes0 Bytes
Unique views 00
Unique downloads 00
More info on how stats are collected.
Indexed in
Publication date:
November 14, 2018
DOI:
10.20372/nadre:4488

Zenodo DOI Badge

DOI 

10.20372/nadre:4488

Markdown 

[![DOI](https://nadre.ethernet.edu.et/badge/DOI/10.20372/nadre:4488.svg)](https://doi.org/10.20372/nadre:4488)

reStructedText 

.. image:: https://nadre.ethernet.edu.et/badge/DOI/10.20372/nadre:4488.svg
   :target: https://doi.org/10.20372/nadre:4488

HTML 

<a href="https://doi.org/10.20372/nadre:4488"><img src="https://nadre.ethernet.edu.et/badge/DOI/10.20372/nadre:4488.svg" alt="DOI"></a>

Image URL 

https://nadre.ethernet.edu.et/badge/DOI/10.20372/nadre:4488.svg

Target URL 

https://doi.org/10.20372/nadre:4488

Communities:
License (for files):
Creative Commons Attribution

Versions

Version 1 10.20372/nadre:4488 Nov 14, 2018
Cite all versions? You can cite all versions by using the DOI 10.20372/nadre:4487. This DOI represents all versions, and will always resolve to the latest one. Read more.

Share

Cite as

Export