A Novel Way to Generate Adversarial Network Traffic Samples against Network Traffic Classification
Table 1
Five types of flow in network traffic classification.
Flow granularity
Points of interest
TCP connections
Heuristics based on the observation of some TCP flags (i.e., SYN, FIN, and RST) or TCP state machines are used to identify the start and the end of each connection.
Flow
A typical flow definition uses the 5-tuple {source (IP), source (port), destination (IP), destination (port), and transport-level protocol}.
Bidirectional flows
Same as above, but includes both directions of traffic, assuming both directions of flows can be observed (especially challenging on backbones where internet routing is often asymmetric).
Services
Typically defined as all traffic generated by an IP-port pair.
Hosts
Some approaches classify a host by the predominant traffic it generates, assuming both directions of traffic (to and from the host) can be observed.