INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 02, FEBRUARY 2020 ISSN 2277-8616

Deep Learning Based Traffic Classification In

Software Defined Networking –A Survey
K. Tamil Selvi, Dr. R.Thamilselvan

Abstract : Real time analysis of network traffic is prime factor for network intrusion detection. The core element of intrusion detection is the traffic
classification. The traditional network is distributed in nature and implementation of intelligence in the network is a complex task. Software Defined
Networking (SDN) provides a way for including intelligence into the network. SDN can provide centralized controller, dynamic update of flow table and
traffic analysis, global view of network topology and dynamic routing. With these characteristics, network intelligence can be easily integrated into SDN
environment. Machine learning algorithms are implemented for traffic classification. But it cannot suit to dynamic nature of the network and also
classification of new trends of traffic. Deep learning techniques are best needed solution for traffic classification. It exhibits dynamic feature selection
from the input traffic and provides higher rate of traffic classification accuracy. This paper summarizes various traffic classification techniques based on
deep learning applied to SDN.

Index Terms : Controller, deep learning, features, software defined networking, traffic classification
————————————————————

1 INTRODUCTION with large volume of network traffic. Hence network analysis

Rapid development of Internet and networking technologies and management in timely manner can be facilitated by DL.
has provided exponential growth of network traffic. The view of traffic classification using deep learning model is
Distribution of traffic in an optimized way and managing shown in Figure 1. The article reviews the state-of-art
large volume of heterogeneous devices is a complex task. techniques of deep learning for traffic classification in
Deployment of intelligence in network can solve the above software defined networking environment. High-level
issues. Knowledge plane [1] had been proposed to overview of Software Defined Networking is projected. Then
incorporate intelligence, automation and recommendation to Deep learning models are explored. Finally, an insight on
the network through machine learning techniques. But traffic classification techniques is provided.
distributed nature of traditional network systems had made
the process complex [2]. To reduce the complexity of
learning, Software Defined networking (SDN) paved a way
for it. It is an innovative architecture which decouples control
plane from data plane [1]. The centralized control plane is
responsible for routing and management policies. Fig.2
depicts the architecture of SDN. The data plane forwards the
packet only through protocols like OpenFlow. An intelligent
Figure 1 Model of Traffic classification
task of categorizing network traffic into different classes is
termed as traffic classification. It is widely used for
managing network, measuring services, network monitoring, 2 SOFTWARE DEFINED NETWORKING
and network design and so on. Classification of network In this section, brief background knowledge of SDN in terms
traffic accurately is beneficial for providing Quality of Service of architecture and workflow is presented.
(QoS), access control and imposing other security
parameters. Traffic classification is a network function which 2.1 Architecture of SDN
identified different flow types in a fine-grained manner for SDN consists of three planes namely data plane, control
network management. Handling of network and resource plane and application plane. As per Open Networking
allocation can be done effectively through traffic Foundation (ONF), control plane is decoupled from data
classification. Machine Learning (ML) enables logical mining plane, network automation and intelligence are specified to
of valuable information from the collected network traffic or centralized control plane and provides abstraction of network
discovers the correlation automatically. The heterogeneous infrastructure to the application. The architecture component
network traffic generated from sources exhibit different of each plane is shown in Figure 2.
format and complex correlation. Traditional ML tools find it
difficult to solve the problem of interest. ML degrades in 2.2 Data Plane
performance [3] when provided with more volume of network Data plane is the lowest layer in SDN architecture. It
traffic and cannot handle high dimension data. Hierarchical consists of network forwarding elements like physical
feature extraction can be provided by Deep Learning (DL) switches and logical switches (virtual). Software switches
are virtual switches which run on common operating
______________________ systems like Linux. Some of the virtual switch
implementations are Indigo, Open vSwitch and Pantou [4].
 K.Tamil Selvi, Assistant Professor, Department of CSE, Kongu The complete features of SDN protocol are supported by
Engineering College, Perundurai – 638060. virtual switches whereas physical switches lack flexibility and
E-mail: [email protected]
feature completeness. The major responsibility of switches
 Dr.R.Thamilselvan, Professor, Department of IT, Kongu
Engineering College, Perundurai - 638060 in data plane are forward, drop and modify packets based on
E-mail :[email protected] flow rules received from the controller in the control plane.
The communication protocol is OpenFlow.
2034
IJSTR©2020
www.ijstr.org
INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 02, FEBRUARY 2020 ISSN 2277-8616

Control Plane 3. DEEP LEARNING IN NETWORKING

The brain of the SDN architecture is the SDN controller In this section, a potential briefing on deep learning
present in the control plane. It is centralized controller application in networking has presented. It also highlights
provides the dynamic programming of network resources, the basic principles behind the deep learning algorithms and
updation of flow rules and make network administration its advantages. The key principle behind the deep learning is
flexible and agile. The information about network state of to approximate complex functions by decomposing it into
data plane is provided to application plane by the control simple and predefined operations of neuron. The operations
plane. The application requirements are translated into are performed by weighted combination of hidden layers
policies and distributed to forwarding devices through control with activation functions based on the structure of the model.
plane. The controller also provides functionalities like Some of the available deep learning architectures are
routing, network topology storage, device configuration,  Recurrent Neural Networks (RNN)
state information and so on. The various controllers  Long Short Term Memory and Gated Recurrent
available are NOX, POX, Ryu, OpenDayLight, FloodLight, Units (LSTM-GRU)
Beacon, etc. Through OpenFlow protocol, the centralized  Convolution Neural Networks (CNN)
control plane communicates with the network devices. Flow
 Deep Belief Networks (DBN)
tables [5] which contain flow entries in the Open Flow
switches provide the forwarding path for the flows. The fields
3.1 Recurrent Neural Networks
of the flow table are match fields and associated actions.
In RNN, output from the previous step is given as input to
The native features of flow like source IP, Destination IP and
the next step. The feedback mechanism is provided by
header data. And also includes other statistical features like
hidden layers, which remember some information about the
number of bytes, duration and so on. SDN realizes traffic
sequences. Since RNN have memory, it remembers all the
classification and feature selection. The SDN controller
information calculated so far. It is less complex because it
provides the global view of the network through which
uses same parameters for each input or hidden layers to
classification of traffic can be performed. The effective
produce output. Accurately identifying various attacks in
matching of incoming packet is based on ruleset [6].
intrusion detection systems is the key in information security
Effective bits are bits in rule set which partition ruleset at the
[12]. The data collected consist of 41 features and one class
best effort to find out highly related rules for each incoming
label. The label value is of four types namely Denial of
packets.
Services (DoS), Root to Local attack (R2L), User to Root
attack (U2R) and Probing attacks. RNN based intrusion
2.3 Application Plane
detection provides higher accuracy than other classification
The layer in the SDN architecture composed of business
techniques. Table 1 provides overview of SDN solutions for
application is called application plane. The services in the
traffic classification based on deep learning. Convolution
application plane provide business management and
Neural Network provides higher accuracy rate compared to
optimization. The business services for applications are
other neural network models. The SDN controller provides
provided by the controller [7]. Some of the SDN applications
the complete view of the network and traffic collection. Thus
are Traffic Engineering [7], security [8], Distributed Denial of
the intelligence in traffic classification is performed by the
services attack [9], Fault management [10] and so on. SDN
centralized controller. Based on the application, the deep
has been deployed in many networks like transport network,
learning techniques may vary to meet the requirement of the
optical network, wireless sensor network, Internet of Things,
network condition.
edge computing, Wide Area Network, cloud computing and
Network Function Virtualization.
3.2 Long Short Term Memory and Gated Recurrent Units
LSTM contain memory cell which retains its information for
long or short time based on the function of input value. It
consists of three gates namely input gate, forget gate and
output gate. The simplified form of LSTM is gated recurrent
unit which lacks output gate. The two gates are update and
reset gates. A GRU can model RNN by setting reset gate to
1 and the update gate to 0. GRU-RNNbased intrusion
detection system has been proposed by [13]. With only six
features, the system provided accuracy of 89%. Dynamic
network routing based on LSTM [14] predict the Internet
traffic with high accuracy. Estimating the future network
traffic from the previous and achieved network data has
been done using LSTM [15]. LSTM models long range
dependencies more accurately than RNN. In order to identify
time related characteristics of the traffic [16], LSTM is
applied. It classifies the network traffic based on time
features of the network traffic.

Figure 2 SDN Architecture [11]

2035
IJSTR©2020
www.ijstr.org
INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 02, FEBRUARY 2020 ISSN 2277-8616

Table 1 Deep Learning based Traffic classification in SDN

Deep Learning
Traffic collection Traffic processing Tool used Parameters Comments Ref
techniques
Deep
Mobile Network Virtual In-Network and
reinforcement Tensor Flow Convergence Faster
Operators and SDN Computing [17]
learning rate convergence rate
controller
Statistical based Improved
NSL-KDD Dataset CNN Tensor Flow Accuracy [18]
traffic classification Accuracy

Exploits non-
Mean squared Long durability
SDN controller regularities of CNN ONTS [19]
error and fast forecast
network traffic

Real time in IoT Improved

SDN controller CNN and DBN C++ WILL Accuracy [20]
network Accuracy

Predicting future Improved

GEANT dataset LSTM Tensor Flow Accuracy [21]
traffic matrix Accuracy

Predicting future
SDN Controller and Mean squared Improved
traffic matrix over LSTM POX controller [15]
GEANT dataset error Accuracy
time

Payload based Improved

SDN controller LSTM Tensor Flow F1- score [22]
traffic classification Accuracy

3.3 Convolution Neural Networks Large scale IoT deployments like smart cities needs high
CNN is a multilayer neural network which implements network resiliency and scalability [28]. DNB is used as
feature extraction and then applies classification. It consists dimensionality reduction tool for support vector machines.
of processing layer, convolution layer, pooling layer and Short term traffic flow prediction [29] in Internet vehicular
classification layer. It uses multilayer perceptron to do network using RBM provides better nonlinear fitting ability
computational tasks and uses filters for learning. The and prediction accuracy. DNB provides unsupervised
security in the SDN environment is implemented using CNN feature learning [30] and multitask regression predicts the
[23]. Automatic extraction of features from the network traffic network traffic flows.
and classification of traffic as malicious is done with [24] high
accuracy rate using CNN characteristics. In Vehicular Adhoc 4 NETWORK TRAFFIC CLASSIFICATION
Network, SDN controller is used to learn highest routing path Classifying network traffic with the generated application is
trust value usingCNN. The trust based optimized routing is essential for traffic analysis. Traffic classification is an
provided by CNN enabled SDN controller. Distributed Denial important network function for network operators to handle
of Services (DDoS) attack is the major threat in the Internet. network resources effectively. The available network traffic
CNN provides classification of attacks with accuracy rate of classification techniques are
98.2%. The optimized feature selection is done using CNN  Port based classification
algorithms [25]. One dimensional CNN [16] is used to find  Payload based classification
the features to classify the traffic from spatial range. To  Statistical classification
improve the performance of CNN, Capsule network [26] can
 Behavioral classification
be used. The activation function of this network is an
instantiation parameter of a particular type of an entity.
4.1 Port based classification
The header of the data packet contains TCP or UDP [31]
3.4 Deep Belief Networks
port number which uniquely identifies the application. Earlier
DBN is a multilayer neural network with training algorithm. In
these port numbers are registered with Internet Assigned
DBN, each pair of hidden layer is a restricted Boltzmann
Numbers Authority (IANA). But peer to peer applications can
machine (RBM). Hence DBN is represented as stack of
take some random port number. Hence classification of
RBMs. There are two phases of training namely
network traffic results in increase of false negative classifier
unsupervised pretraining and supervised fine tuning. The
rate. So this method becomes obsolete [32]. Table 2
output is the network classification. DDoS attack is identified
through SDN controller [27] in the wireless sensor network.
The attack prevention model is built using DBN. This model
is implemented in multitenant cloud and IoT enabled
architecture which shows high accuracy of classification.

2036
IJSTR©2020
www.ijstr.org
INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 02, FEBRUARY 2020 ISSN 2277-8616

Table 2 Traffic classification Techniques

Classification Processing
Category Features used Granularity
technique overhead

Port based Protocol Port Protocol Port High Low

Deep Packet
Payload inspection of first n packets High High
Inspection
Payload based
Stochastic Packet Statistical properties inherent in packet
High High
inference header and payload
Behavioral End host Behavioral pattern of end hosts Low Moderate
technique Traffic accounting Analysis of inspected packets and flows High High

packet duration, length of packet, packet

Statistical Packet based High Moderate
inter-arrival time and flow idle time
technique
Flow based Duration, transmission rate, flow features Low Low

provides over all analysis of traffic classification techniques. 4.3 Statistical Classification
To incorporate deep learning techniques for traffic The network traffic is identified based on statistical
classification, statistical classification is widely accepted. characteristics of network traffic flow. The various statistical
data of flow are packet duration, length of packet, packet
4.2 Payload based classification inter-arrival time and flow idle time. These parameters are
In order to overcome the flaws in port based classification, unique for each traffic that can distinguish applications from
inspection goes beyond the header of the packet to the each other. The OpenFlow switch is incorporated with traffic
payload part of it. It works by examining the payload part of classification [40]. Statistical classification is performed
the packet and matching them with a set of stored patterns. based on mean number of flows and coefficient of variation.
Based on four degree of verification [33] namely signature- With greater traffic intensity, the model behaves well with
based, syntax, protocol conformance and semantic, a light high classification accuracy. Packet bursts [41] are the
weight traffic classifier has proposed. It achieved higher characterized by HTTP and DNS traffic. SDN supports
accuracy, completeness and convergence. [22] Proposed native flow features that do not describe intrinsic traffic
payload based traffic classification using multilayer LSTM in profile. A sub optimal flow feature selection is enabled for
software defined network. The optimal hyper parameter classification of traffic with high accuracy. One of the
tuning is performed with improved F1-score. Payload applications of traffic classification is providing Quality of
signature based traffic classification suffers from low Services (QoS) [42]. The SDN controller is modelled with
processing speed [34]. To overcome this limitation, various adaptive, real-time and accurate traffic classification
design options has been proposed. To address the problem mechanism. DPI and semi supervised algorithms are used
of unknown application, unsupervised clustering algorithms for traffic classification with high accuracy.
are used [35]. The proposed method uses bag of words
model to represent the content of traffic clusters. To 4.4 Behavioral classification
aggregate the similar traffic clusters, latent semantic In Behavioral classification, the whole traffic received by host
analysis is applied. The model is trained using flow statistical or end point is observed for the examination of pattern. The
properties and payload. Deep Packet Inspection (DPI) main work of the classifier is to classify the application
locates, examines, and classifies the data packet. A semi- running in the hosts. NetFlow [43] records are exploited for
supervised multi-classifier is used in SDN controller [36]. traffic classification based on behavioral algorithm that uses
Dynamic flow table can be maintained through DPI. Dynamic number of packets and bytes. The supervised classifier
nature of network application and network characteristics provides 90% accuracy in worst case scenario. A CNN
can be adapted using the classifier. In order to reduce the based traffic classification is proposed based on traffic data
complexity of DPI process, SDN data planes are offloaded image [44]. Encrypted network traffic [45] can be classified
down to the network processing of filtering traffic to DPI [37]. using behavioral classification. CNN is used for feature
DPI module in the SDN controller provides application aware extraction, feature selection and classification. The
traffic management [38]. This provides implementation of automatic non-linear relationship between the input and
firewall and bandwidth manager. To detect elephant flows output is mapped based on the behavioral profile of the end
[39] in the data center network, DPI can be employed. A cost hosts. The relationship between the flows [46] is used to
sensitive learning technique is used with DPI for classify the traffic. This reduces the number of packets used
classification of elephant or mice flows. in classification of flows.

4.5 Other classification Models

The changing nature of network traffic [47] makes the
classification task complex. For accurate classification of

2037
IJSTR©2020
www.ijstr.org
INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 02, FEBRUARY 2020 ISSN 2277-8616

network traffic, training and test dataset should have CNN is used to extract highly correlated features from big
identical features. For different features, maximum entropy intrusion detection environment. To prevent overfitting of
based model is used as base classifier in the transfer recurrent data, LSTM is is applied to retain long term
learning model. The stateless nature of User Datagram dependencies among extracted features. To resolve
Protocol (UDP) [48] makes traffic classification hard. It imbalance in data, data gravitation based method is used
analyses the statistical properties of UDP and Internet [63]. The hybrid model of traffic classification is shown in
Control Message Protocol (ICMP) and uses vector machines Table 3.

Table 3 Deep Learning based traffic classification Model (hybrid)

Ref Classification Model Contributions
 Distinct features in training dataset and test dataset
 Improved the learning ability of the prediction function
[47] Transfer Learning Model
 Transfer learning model will dynamically learn the traffic and classify the new
kind of traffic
 Applied for connectionless traffic
Hybrid classifier based on pattern of  Classify high and low rate attack traffics
[48]
arrival – incremental learning  Supervised classifier for detecting the attacks and unsupervised classifier for
payload threats inspection
 Addresses multi-class imbalance problem
Efficient feature optimization approach
 Uses DBN classifier
[50] using deep learning and feature
selection technique  Handles the problem of drift of Internet traffic
 Can handle high dimensionality traffic
 Automatic extraction of features from multifaceted traffic
[51] Multimodal deep learning classifier
 It is a multi-class traffic classification technique
 Uses wavelet function as activation function
Kernel based Extreme Machine
[52]  Optimized feature selection through genetic algorithm
learning
 Classification using Kernel based extreme learning classifier
 Extract multi fractal features from traffic flow using wavelet leaders multi
fractal formalism
[53] Support Vector Machine classifier
 Optimized selection of features using principal component analysis
 Classification using support vector machine
 Multilayer Perceptron based classifier
[54] Datanet  Stacked autoencoder
 CNN based classifier
Transfer Learning and One-shot  Traffic classification based on multi-output deep neural network
[55]
learning  Common knowledge from common layers
for classification. The salient features hidden in the
multimedia traffic [49] helps in the 5 DISCUSSION
Traffic classification is a complex process due to influence of
accurately differentiation network traffic. The stacked various parameters like traffic collection, classifier accuracy,
encoder model is used to learn relevant features of learning algorithms and so on. From the related works of
multimedia traffic. Filter wrapper feature selection [56] traffic classification using deep learning in SDN environment,
selects robust features that represents minority classes the following issues has to solved with further research
resistant to concept drift. A self learning classifier [57], a
unsupervised algorithm with adaptive seeding to  The traffic classifier must deal with big volume of
automatically let classes of traffic emerge, being identified data (Big Data) with increasing rate of traffic and
and labeled. It will automatically group flows into traffic transmission rate
homogeneous clusters using simple statistical features.  The classifier algorithms are computational
Correlation based flow classification [58] reduces sampling intensive. Light weight classifier algorithm is needed
overhead with estimation of arrival time of elephant flows.  The growing needs of traffic encryption and protocol
The supervised learning algorithm classifies the flow and encapsulation pose a challenge on traffic
provides dynamic scheduling of elephant and mice flows. classification
Flow level features of online traffic are classified using C4.5
 New class of traffic being developed which is hard
decision tree classifier [59]. Entropy based minimum
for the classification
description length discretization algorithm achieves higher
accuracy rate. Fingerprinting algorithm maps larger data
items to smaller bit strings, its fingerprint which uniquely 6 SUMMARY
identifies the original data [60]. For single content Cyber attacks and cyber crimes are providing challenges to
addressable memory, it provides high efficient sampling for identify the security hole. Traffic classification is the base for
TCP flows. It can accommodate dynamic network conditions filtering the unwanted traffic by the security wall. This paper
such as congestion, retransmission, varying network loads, provides a cross field review on the traffic classification. IP
delay, fragmentation and duplication. Hybrid deep learning traffic classifications based on deep learning architecture
model based on Bi-directional LSTM – LSTM provides provides the way for handling Big data. SDN is enhancing
higher classification accuracy than support vector machine the traffic classification through its inherent nature of
[61]. CNN and Weight dropped LSTM hybrid deep learning programmability, global view of network and dynamic
model is used in big data networking environment [62]. Deep updation of flow table. The different DL architectures are
reviewed and based on application, hybrid DL models can
2038
IJSTR©2020
www.ijstr.org
INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 02, FEBRUARY 2020 ISSN 2277-8616

be employed. Thus this discussion and exploration opened Network and Service Management (CNSM), 2017, pp.
an avenue for development of SDN and implement of more 1-6.
intelligent network. [15] A. Azzouni and G. Pujolle, "NeuTM: A neural network-
based framework for traffic matrix prediction in SDN," in
REFERENCES NOMS 2018-2018 IEEE/IFIP Network Operations and
[1] J. A. Wickboldt, W. P. De Jesus, P. H. Isolani, C. B. Management Symposium, 2018, pp. 1-5.
Both, J. Rochol, and L. Z. Granville, "Software-defined [16] Y. Zeng, H. Gu, W. Wei, and Y. Guo, "$ Deep-Full-
networking: management requirements and Range $: A Deep Learning Based Network Encrypted
challenges," IEEE Communications Magazine, vol. 53, Traffic Classification and Intrusion Detection
pp. 278-285, 2015. Framework," IEEE Access, vol. 7, pp. 45182-45190,
[2] A. Mestres, A. Rodriguez-Natal, J. Carner, P. Barlet- 2019.
Ros, E. Alarcón, M. Solé, et al., "Knowledge-defined [17] Y. He, F. R. Yu, N. Zhao, V. C. Leung, and H. Yin,
networking," ACM SIGCOMM Computer "Software-defined networks with mobile edge
Communication Review, vol. 47, pp. 2-10, 2017. computing and caching for smart cities: A big data deep
[3] I. Goodfellow, Y. Bengio, and A. Courville, Deep reinforcement learning approach," IEEE
learning: MIT press, 2016. Communications Magazine, vol. 55, pp. 31-37, 2017.
[4] J. Xie, F. R. Yu, T. Huang, R. Xie, J. Liu, C. Wang, et [18] T. A. Tang, L. Mhamdi, D. McLernon, S. A. R. Zaidi,
al., "A survey of machine learning techniques applied to and M. Ghogho, "Deep learning approach for network
software defined networking (SDN): Research issues intrusion detection in software defined networking," in
and challenges," IEEE Communications Surveys & 2016 International Conference on Wireless Networks
Tutorials, vol. 21, pp. 393-430, 2018. and Mobile Communications (WINCOM), 2016, pp.
[5] F. Hu, Q. Hao, and K. Bao, "A survey on software- 258-263.
defined network and openflow: From concept to [19] A. Mozo, B. Ordozgoiti, and S. Gomez-Canaval,
implementation," IEEE Communications Surveys & "Forecasting short-term data center network traffic load
Tutorials, vol. 16, pp. 2181-2206, 2014. with convolutional neural networks," PloS one, vol. 13,
[6] C.-L. Hsieh, N. Weng, and W. Wei, "Scalable Many- p. e0191939, 2018.
Field Packet Classification for Traffic Steering in SDN [20] F. Tang, Z. M. Fadlullah, B. Mao, and N. Kato, "An
Switches," IEEE Transactions on Network and Service intelligent traffic load prediction-based adaptive channel
Management, vol. 16, pp. 348-361, 2018. assignment algorithm in SDN-IoT: A deep learning
[7] A. Mendiola, J. Astorga, E. Jacob, and M. Higuero, "A approach," IEEE Internet of Things Journal, vol. 5, pp.
survey on the contributions of software-defined 5141-5154, 2018.
networking to traffic engineering," IEEE [21] R. Vinayakumar, K. Soman, and P. Poornachandran,
Communications Surveys & Tutorials, vol. 19, pp. 918- "Applying deep learning approaches for network traffic
953, 2016. prediction," in 2017 International Conference on
[8] I. Ahmad, S. Namal, M. Ylianttila, and A. Gurtov, Advances in Computing, Communications and
"Security in software defined networks: A survey," IEEE Informatics (ICACCI), 2017, pp. 2353-2358.
Communications Surveys & Tutorials, vol. 17, pp. 2317- [22] H.-K. Lim, J.-B. Kim, K. Kim, Y.-G. Hong, and Y.-H.
2346, 2015. Han, "Payload-Based Traffic Classification Using Multi-
[9] Q. Yan, F. R. Yu, Q. Gong, and J. Li, "Software-defined Layer LSTM in Software Defined Networks," Applied
networking (SDN) and distributed denial of service Sciences, vol. 9, p. 2550, 2019.
(DDoS) attacks in cloud computing environments: A [23] Y. Qin, J. Wei, and W. Yang, "Deep Learning Based
survey, some research issues, and challenges," IEEE Anomaly Detection Scheme in Software-Defined
Communications Surveys & Tutorials, vol. 18, pp. 602- Networking," in 2019 20th Asia-Pacific Network
622, 2015. Operations and Management Symposium (APNOMS),
[10] P. C. da Rocha Fonseca and E. S. Mota, "A survey on 2019, pp. 1-4.
fault management in software-defined networks," IEEE [24] D. Zhang, F. R. Yu, and R. Yang, "A Machine Learning
Communications Surveys & Tutorials, vol. 19, pp. 2284- Approach for Software-Defined Vehicular Ad Hoc
2321, 2017. Networks with Trust Management," in 2018 IEEE
[11] Y. Sung, P. Sharma, E. Lopez, and J. Park, "FS- Global Communications Conference (GLOBECOM),
OpenSecurity: a taxonomic modeling of security threats 2018, pp. 1-6.
in SDN for future sustainable computing," [25] D. Arivudainambi, V. K. KA, and S. S. Chakkaravarthy,
Sustainability, vol. 8, p. 919, 2016. "LION IDS: A meta-heuristics approach to detect DDoS
[12] C. Yin, Y. Zhu, J. Fei, and X. He, "A deep learning attacks against Software-Defined Networks," Neural
approach for intrusion detection using recurrent neural Computing and Applications, vol. 31, pp. 1491-1501,
networks," Ieee Access, vol. 5, pp. 21954-21961, 2017. 2019.
[13] T. A. Tang, L. Mhamdi, D. McLernon, S. A. R. Zaidi, [26] H. Yao, P. Gao, J. Wang, P. Zhang, C. Jiang, and Z.
and M. Ghogho, "Deep recurrent neural network for Han, "Capsule Network Assisted IoT Traffic
intrusion detection in sdn-based networks," in 2018 4th Classification Mechanism for Smart Cities," IEEE
IEEE Conference on Network Softwarization and Internet of Things Journal, 2019.
Workshops (NetSoft), 2018, pp. 202-206. [27] P. K. Sharma, S. Singh, and J. H. Park, "OpCloudSec:
[14] A. Azzouni, R. Boutaba, and G. Pujolle, "NeuRoute: open cloud software defined wireless network security
Predictive dynamic routing for software-defined for the Internet of Things," Computer Communications,
networks," in 2017 13th International Conference on vol. 122, pp. 1-8, 2018.

2039
IJSTR©2020
www.ijstr.org
INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 02, FEBRUARY 2020 ISSN 2277-8616

[28] A. Dawoud, S. Shahristani, and C. Raun, "Deep [42] P. Wang, S.-C. Lin, and M. Luo, "A framework for QoS-
learning and software-defined networks: towards aware traffic classification using semi-supervised
secure Iot architecture," Internet of Things, vol. 3, pp. machine learning in SDNs," in 2016 IEEE International
82-89, 2018. Conference on Services Computing (SCC), 2016, pp.
[29] F. Kong, J. Li, B. Jiang, and H. Song, "Short-term traffic 760-765.
flow prediction in smart multimedia system for Internet [43] D. Rossi and S. Valenti, "Fine-grained traffic
of Vehicles based on deep belief network," Future classification with netflow data," in Proceedings of the
Generation Computer Systems, vol. 93, pp. 460-472, 6th international wireless communications and mobile
2019. computing conference, 2010, pp. 479-483.
[30] W. Huang, G. Song, H. Hong, and K. Xie, "Deep [44] W. Wang, M. Zhu, X. Zeng, X. Ye, and Y. Sheng,
architecture for traffic flow prediction: deep belief "Malware traffic classification using convolutional neural
networks with multitask learning," IEEE Transactions network for representation learning," in 2017
on Intelligent Transportation Systems, vol. 15, pp. International Conference on Information Networking
2191-2201, 2014. (ICOIN), 2017, pp. 712-717.
[31] N. Al Khater and R. E. Overill, "Network traffic [45] W. Wang, M. Zhu, J. Wang, X. Zeng, and Z. Yang,
classification techniques and challenges," in 2015 "End-to-end encrypted traffic classification with one-
Tenth International Conference on Digital Information dimensional convolution neural networks," in 2017
Management (ICDIM), 2015, pp. 43-48. IEEE International Conference on Intelligence and
[32] T. Bakhshi and B. Ghita, "On internet traffic Security Informatics (ISI), 2017, pp. 43-48.
classification: A two-phased machine learning [46] L. Ding, J. Liu, T. Qin, and H. Li, "Internet traffic
approach," Journal of Computer Networks and classification based on expanding vector of flow,"
Communications, vol. 2016, 2016. Computer Networks, vol. 129, pp. 178-192, 2017.
[33] F. Risso, M. Baldi, O. Morandi, A. Baldini, and P. [47] G. Sun, L. Liang, T. Chen, F. Xiao, and F. Lang,
Monclus, "Lightweight, payload-based traffic "Network traffic classification based on transfer
classification: An experimental evaluation," in 2008 learning," Computers & electrical engineering, vol. 69,
IEEE International Conference on Communications, pp. 920-927, 2018.
2008, pp. 5869-5875. [48] V. Punitha and C. Mala, "Traffic classification for
[34] J.-S. Park, S.-H. Yoon, and M.-S. Kim, "Software connectionless services with incremental learning,"
architecture for a lightweight payload signature-based Computer Communications, 2019.
traffic classification system," in International Workshop [49] Z. Wang, S. Mao, and W. Yang, "Deep learning
on Traffic Monitoring and Analysis, 2011, pp. 136-149. approach to multimedia traffic classification based on
[35] J. Zhang, Y. Xiang, W. Zhou, and Y. Wang, QoS characteristics," IET Networks, vol. 8, pp. 145-
"Unsupervised traffic classification using flow statistical 154, 2018.
properties and IP packet payload," Journal of Computer [50] H. Shi, H. Li, D. Zhang, C. Cheng, and X. Cao, "An
and System Sciences, vol. 79, pp. 573-585, 2013. efficient feature generation approach based on deep
[36] C. Yu, J. Lan, J. Xie, and Y. Hu, "QoS-aware traffic learning and feature selection techniques for traffic
classification architecture using machine learning and classification," Computer Networks, vol. 132, pp. 81-98,
deep packet inspection in SDNs," Procedia computer 2018.
science, vol. 131, pp. 1209-1216, 2018. [51] G. Aceto, D. Ciuonzo, A. Montieri, and A. Pescapè,
[37] D. Sanvito, D. Moro, and A. Capone, "Towards traffic "MIMETIC: Mobile encrypted traffic classification using
classification offloading to stateful SDN data planes," in multimodal deep learning," Computer Networks, vol.
2017 IEEE Conference on Network Softwarization 165, p. 106944, 2019.
(NetSoft), 2017, pp. 1-4. [52] F. Ertam and E. Avcı, "A new approach for internet
[38] S. Jeong, D. Lee, J. Choi, J. Li, and J. W.-K. Hong, traffic classification: GA-WK-ELM," Measurement, vol.
"Application-aware traffic management for OpenFlow 95, pp. 135-142, 2017.
networks," in 2016 18th Asia-Pacific Network [53] H. Shi, H. Li, D. Zhang, C. Cheng, and W. Wu,
Operations and Management Symposium (APNOMS), "Efficient and robust feature extraction and selection for
2016, pp. 1-5. traffic classification," Computer Networks, vol. 119, pp.
[39] P. Xiao, W. Qu, H. Qi, Y. Xu, and Z. Li, "An efficient 1-16, 2017.
elephant flow detection with cost-sensitive in SDN," in [54] P. Wang, F. Ye, X. Chen, and Y. Qian, "Datanet: Deep
2015 1st International Conference on Industrial learning based encrypted network traffic classification
Networks and Intelligent Systems (INISCom), 2015, pp. in sdn home gateway," IEEE Access, vol. 6, pp. 55380-
24-28. 55391, 2018.
[40] S. Ogasawara and Y. Takahashi, "Performance [55] H. Sun, Y. Xiao, J. Wang, J. Wang, Q. Qi, J. Liao, et al.,
analysis of traffic classification in an OpenFlow switch," "Common Knowledge Based and One-Shot Learning
in 2016 Cloudification of the Internet of Things (CIoT), Enabled Multi-Task Traffic Classification," IEEE
2016, pp. 1-6. Access, vol. 7, pp. 39485-39495, 2019.
[41] A. S. Da Silva, C. C. Machado, R. V. Bisol, L. Z. [56] F. A. M. Zaki and T. S. Chin, "FWFS: Selecting Robust
Granville, and A. Schaeffer-Filho, "Identification and Features Towards Reliable and Stable Traffic Classifier
selection of flow features for accurate traffic in SDN," IEEE Access, vol. 7, pp. 166011-166020,
classification in SDN," in 2015 IEEE 14th International 2019.
Symposium on Network Computing and Applications, [57] L. Grimaudo, M. Mellia, E. Baralis, and R. Keralapura,
2015, pp. 134-141. "Select: Self-learning classifier for internet traffic," IEEE

2040
IJSTR©2020
www.ijstr.org
INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 02, FEBRUARY 2020 ISSN 2277-8616

Transactions on Network and Service Management,

vol. 11, pp. 144-157, 2014.
[58] F. Tang, H. Zhang, L. T. Yang, and L. Chen, "Elephant
Flow Detection and Differentiated Scheduling with
Efficient Sampling and Classification," IEEE
Transactions on Cloud Computing, 2019.
[59] D. Tong, Y. R. Qu, and V. K. Prasanna, "Accelerating
decision tree based traffic classification on FPGA and
multicore platforms," IEEE Transactions on Parallel and
Distributed Systems, vol. 28, pp. 3046-3059, 2017.
[60] J. Kampeas, A. Cohen, and O. Gurewitz, "Traffic
classification based on zero-length packets," IEEE
Transactions on Network and Service Management,
vol. 15, pp. 1049-1062, 2018.
[61] F. Ertam, "An efficient hybrid deep learning approach
for internet security," Physica A: Statistical Mechanics
and its Applications, vol. 535, p. 122492, 2019.
[62] M. M. Hassan, A. Gumaei, A. Alsanad, M. Alrubaian,
and G. Fortino, "A Hybrid Deep Learning Model for
Efficient Intrusion Detection in Big Data Environment,"
Information Sciences, 2019.
[63] L. Peng, H. Zhang, Y. Chen, and B. Yang, "Imbalanced
traffic identification using an imbalanced data
gravitation-based classification model," Computer
Communications, vol. 102, pp. 177-189, 2017.

2041
IJSTR©2020
www.ijstr.org