skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


This content will become publicly available on October 6, 2026

Title: Non-Invasive User Profiling through Label Inference in FL-based Network Traffic Classification
Artificial intelligence (AI) supported network traffic classification (NTC) has been developed lately for network measurement and quality-of-service (QoS) purposes. More recently, federated learning (FL) approach has been promoted for distributed NTC development due to its nature of unshared dataset for better privacy and confidentiality in raw networking data collection and sharing. However, network measurement still require invasive probes and constant traffic monitoring. In this paper, we propose a non-invasive network traffic estimation and user profiling mechanism by leveraging label inference of FL-based NTC. In specific, the proposed scheme only monitors weight differences in FL model updates from a targeting user and recovers its network application (APP) labels as well as a rough estimate on the traffic pattern. Assuming a slotted FL update mechanism, the proposed scheme further maps inferred labels from multiple slots to different profiling classes that depend on, e.g., QoS and APP categorization. Without loss of generality, user profiles are determined based on normalized productivity, entertainment, and casual usage scores derived from an existing commercial router and its backend server. A slot extension mechanism is further developed for more accurate profiling beyond raw traffic measurement. Evaluations conducted on seven popular APPs across three user profiles demonstrate that our approach can achieve accurate networking user profiling without invasive physical probes nor constant traffic monitoring.  more » « less
Award ID(s):
2344341
PAR ID:
10628016
Author(s) / Creator(s):
;
Publisher / Repository:
The 22nd IEEE International Conference on Mobile Ad-Hoc and Smart Systems (MASS 2025)
Date Published:
Format(s):
Medium: X
Location:
Chicago, IL, USA
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ; (, 2018 IEEE/ACM Symposium on Edge Computing (SEC))
    Network quality-of-service (QoS) does not always translate to user quality-of-experience (QoE). Consequently, knowledge of user QoE is desirable in several scenarios that have traditionally operated on QoS information. Examples include traffic management by ISPs and resource allocation by the operating system. But today these systems lack ways to measure user QoE. To help address this problem, we propose offline generation of per-app models mapping app-independent QoS metrics to app-specific QoE metrics. This enables any entity that can observe an app's network traffic-including ISPs and access points-to infer the app's QoE. We describe how to generate such models for many diverse apps with significantly different QoE metrics. We generate models for common user interactions of 60 popular apps. We then demonstrate the utility of these models by implementing a QoE-aware traffic management framework and evaluate it on a WiFi access point. Our approach successfully improves QoE metrics that reflect user-perceived performance. First, we demonstrate that prioritizing traffic for latency-sensitive apps can improve responsiveness and video frame rate, by 46% and 115%, respectively. Second, we show that a novel QoE-aware bandwidth allocation scheme for bandwidth-intensive apps can improve average video bitrate for multiple users by up to 23%. 
    more » « less
  2. (, IEEE.org IEEE Xplore Digital Library IEEE Standards IEEE Spectrum More Sites IEEE/ACM International Symposium on Quality of Service 4-6 June 2018 – Banff, Alberta, Canada)
    Traditional Internet routing is simple, scalable and robust, but cannot provide perfect QoS support due to the current completely distributed hop-by-hop routing architecture. Software defined networking (SDN) opens up the door to traffic engineering innovation and makes possible QoS routing with a broader picture of overall network resources. We further argue that SDN can provide more opportunity for the network users to make their own routing selections with network programmability. In this paper, we propose OpenMCR, a general framework for network users to make their own choice of routing given various requirements. OpenMCR provides routing subject to several additive QoS constraints, which is NP-hard when the number of constraints is two or more. By composing various necessary conditions with different path extension schemes, our platform can customize routing solutions for each network user based on their own requirements. Through experiments in an SDN emulated environment, we evaluate multiple aspects of OpenMCR, demonstrate its effectiveness compared with several baselines and validate our theoretical analysis. 
    more » « less
  3. ; ; ; ; (, 2019-2019 IEEE Military Communications Conference (MILCOM))
    In this paper, we propose a responsive autonomic and data-driven adaptive virtual networking framework (RAvN) to detect and mitigate anomalous network behavior. The proposed detection scheme detects both low rate and high rate denial of service (DoS) attacks using (1) a new Centroid-based clustering technique, (2) a proposed Intragroup variance technique for data features within network traffic (C.Intra) and (3) a multivariate Gaussian distribution model fitted to the constant changes in the IP addresses of the network. RAvN integrates the adaptive reconfigurable features of a popular SDN platform (open networking operating system (ONOS)); the network performance statistics provided by traffic monitoring tools (such as T-shark or sflow-RT); and the analytics and decision-making tools provided by new and current machine learning techniques. The decision making and execution components generate adaptive policy updates (i.e. anomalous mitigation solutions) on-the-fly to the ONOS SDN controller for updating network configurations and flows. In addition, we compare our anomaly detection schemes for detecting low rate and high rate DoS attacks versus a commonly used unsupervised machine learning technique, Kmeans. Kmeans recorded 72.38% accuracy, while the multivariate clustering and the Intra-group variance methods recorded 80.54% and 96.13% accuracy respectively, a significant performance improvement. 
    more » « less
  4. ; ; ; ; ; ; (, IEEE International Conference on Blockchain and Cryptocurrency (ICBC))
    While the blockchain technology provides strong cryptographic protection on the ledger and the system operations, the underlying blockchain networking remains vulnerable due to potential threats such as denial of service (DoS), Eclipse, spoofing, and Sybil attacks. Effectively detecting such malicious events should thus be an essential task for securing blockchain networks and services. Due to its importance, several studies investigated anomaly detection in Bitcoin and blockchain networks, but their analyses mainly focused on the blockchain ledger in the application context (e.g., transactions) and targets specific types of attacks (e.g., double-spending, deanonymization, etc). In this study, we present a security mechanism based on the analysis of blockchain network traffic statistics (rather than ledger data) to detect malicious events, through the functions of data collection and anomaly detection. The data collection engine senses the underlying blockchain traffic and generates multi-dimensional data streams in a periodic manner. The anomaly detection engine then detects anomalies from the created data instances based on semi-supervised learning, which is capable of detecting previously unseen patterns, and we introduce our profiling-based detection engine implemented on top of AutoEncoder (AE). Our experimental results support the effectiveness of the presented security mechanism for accurate, online detection of malicious events from blockchain networking traffic data. We also show further reduction in time complexity (up to 66.8% for training and 85.7% for testing), without any performance degradation using feature prioritization compared to the utilization of the entire features. 
    more » « less
  5. ; ; ; ; (, Innovative smart grid technologies)
    The smart grid is equipped with bi-directional information flow between its devices, aiming at automation, improved stability, resilience, and robust security. However, enabling effective and reliable communication in a smart grid is a challenging task. The majority of the proposed networking architectures fall short in addressing the key aspects of smart grid communication, including device heterogeneity, protocols and standards interoperability, and particularly application quality- of-service (QoS) requirements. In this paper, we propose iCAAP, an information-centric, QoS-aware network architecture that aims to satisfy the low latency, high bandwidth, and high reliability requirements of smart grid communications. In iCAAP, we categorize smart grid traffic (emanating from diverse applications) into three priority classes to enable preferential treatment of traffic flows. Our simulation results demonstrate the higher scalability of iCAAP in satisfying the stringent requirements of high priority traffic compared to the state-of-the-art. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email