Evaluating Security Anomalies by Classifying Traffic Using a Multi-Layered Model

Accurate traffic classification is important for various network activities such as accurate network management and proper resource utilization. Port-based approaches, deep packet inspection, and machine learning are widely used techniques for classifying and analyzing network traffic flows. Most classification methods are suitable for small-scale datasets and cannot achieve a high classification accuracy owing to their shallow learning structure and limited learning ability. The emergence of deep learning technology and software-driven networks has enabled the application of classification methods for processing large-scale data.In this study, a two-step classification method based on deep learning algorithms is presented, which can achieve high classification accuracy without manually selecting and extracting features. In the proposed method, an Autoencoder was used to extract features and remove unnecessary and redundant features. In the second step, the proposed method uses the features extracted by the autoencoder from a hybrid deep-learning model based on the CNN and LSTM algorithms to classify network traffic.To evaluate the proposed method, the results of the proposed two-stage hybrid method is compared with comparative algorithms including decision tree, Naïve Bayes, random forest. The proposed combined CNN+LSTM method obtains the best results by obtaining values of 0.997, 0.972, 0.959, and 0.964, respectively, for the evaluation criteria of, accuracy, precision, recall, and F1 score.The proposed method is a practical and operational method with high accuracy, which can be applied in the real world and used in the detection of security anomalies in networks using traffic classification and network data.