Quick links: By date / By type / By project / By topic / Award winning / Recent docs / Recent talks / Scholar / dblp /

Recent publication (last 20 )

• [TNSM-24b] Gioacchini, Luca and Mellia, Marco and Vassio, Luca and Drago, Idilio and Milan, Giulia and Houidi, Zied Ben and Rossi, Dario, "Cross-Network Embeddings Transfer for Traffic Analysis" In IEEE Transactions on Network and Service Management, Vol. 21, No. 3, pp.2686-2699, jun. 2024, DOI 10.1109/TNSM.2023.3329442 Journal Abstract Bibtex

  @article{TNSM-24b,
    author = {Gioacchini, Luca and Mellia, Marco and Vassio, Luca and Drago, Idilio and Milan, Giulia and Houidi, Zied Ben and Rossi, Dario},
    journal = {IEEE Transactions on Network and Service Management},
    title = {Cross-Network Embeddings Transfer for Traffic Analysis},
    month = jun,
    year = {2024},
    volume = {21},
    number = {3},
    pages = {2686-2699},
    doi = {10.1109/TNSM.2023.3329442},
    howpublished = {https://ieeexplore.ieee.org/abstract/document/10304313}
  }
  

  Artificial Intelligence (AI) approaches have emerged as powerful tools to improve traffic analysis for network monitoring and management. However, the lack of large labeled datasets and the ever-changing networking scenarios make a fundamental difference compared to other domains where AI is thriving. We believe the ability to transfer the specific knowledge acquired in one network (or dataset) to a different network (or dataset) would be fundamental to speed up the adoption of AI-based solutions for traffic analysis and other networking applications (e.g., cybersecurity). We here propose and evaluate different options to transfer the knowledge built from a provider network, owning data and labels, to a customer network that desires to label its traffic but lacks labels. We formulate this problem as a domain adaptation problem that we solve with embedding alignment techniques and canonical transfer learning approaches. We present a thorough experimental analysis to assess the performance considering both supervised (e.g., classification) and unsupervised (e.g., novelty detection) downstream tasks related to darknet and honeypot traffic. Our experiments show the proper transfer techniques to use the models obtained from a network in a different network. We believe our contribution opens new opportunities and business models where network providers can successfully share their knowledge and AI models with customers.
• [arxiv:2405.02649] Gioacchini, Luca and Drago, Idilio and Mellia, Marco and Houidi, Zied Ben and Rossi, Dario, "Generic Multi-modal Representation Learning for Network Traffic Analysis" may. 2024, arXiv Tech.Rep. Bibtex

  @techrep{arxiv:2405.02649,
    title = {Generic Multi-modal Representation Learning for Network Traffic Analysis},
    author = {Gioacchini, Luca and Drago, Idilio and Mellia, Marco and Houidi, Zied Ben and Rossi, Dario},
    month = may,
    year = {2024},
    arxiv = {https://arxiv.org/abs/2405.02649},
    howpublished = {https://arxiv.org/abs/2405.02649}
  }
  
• [COMNET-24] Cerasuolo, Francesco and Nascita, Alfredo and Bovenzi, Giampaolo and Aceto, Giuseppe and Ciuonzo, Domenico and Pescape, Antonio and Rossi, Dario, "MEMENTO: A novel approach for class incremental learning of encrypted traffic" In Computer Networks, pp.110374, may. 2024, DOI https://doi.org/10.1016/j.comnet.2024.110374 Journal Abstract Bibtex

  @article{COMNET-24,
    title = {{MEMENTO: A novel approach for class incremental learning of encrypted traffic}},
    journal = {Computer Networks},
    pages = {110374},
    year = {2024},
    month = may,
    issn = {1389-1286},
    doi = {https://doi.org/10.1016/j.comnet.2024.110374},
    howpublished = {https://www.sciencedirect.com/science/article/pii/S1389128624002068},
    author = {Cerasuolo, Francesco and Nascita, Alfredo and Bovenzi, Giampaolo and Aceto, Giuseppe and Ciuonzo, Domenico and Pescape, Antonio and Rossi, Dario},
    keywords = {Traffic classification, Class incremental learning, Mobile apps, Encrypted traffic, Deep learning}
  }
  

  In the ever-changing digital environment, ensuring the ongoing effectiveness of traffic analysis and security measures is crucial. Therefore, Class Incremental Learning (CIL) in encrypted Traffic Classification (TC) is essential for adapting to evolving network behaviors and the rapid development of new applications. However, the application of CIL techniques in the TC domain is not straightforward, usually leading to unsatisfactory performance figures. Specifically, the improvement goal is to reduce forgetting on old apps and increase the capacity in learning new ones, in order to improve overall classification performance— reducing the drop from a model “trained-from-scratch”. The contribution of this work is the design of a novel fine-tuning approach called MEMENTO, which is obtained through the careful design of different building blocks: memory management, model training, and rectification strategies. In detail, we propose the application of traffic biflows augmentation strategies to better capitalize on old apps biflows, we introduce improvements in the distillation stage, and we design a general rectification strategy that includes several existing proposals. To assess our proposal, we leverage two publicly-available encrypted network traffic datasets, i.e., MIRAGE19 and CESNET-TLS22. As a result, on both datasets MEMENTO achieves a significant improvement in classifying new apps (w.r.t. the best-performing alternative, i.e., BiC) while maintaining stable performance on old ones. Equally important, MEMENTO achieves satisfactory overall TC performance, filling the gap toward a trained-from-scratch model and offering a considerable gain in terms of time (up to 10× speed-up) to obtain up-to-date and running classifiers. The experimental evaluation relies on a comprehensive performance evaluation workbench for CIL proposals, which is based on a wider set of metrics (as opposed to the existing literature in TC).
• [PAM-24] Wang, Chao and Finamore, Alessandro and Pietro, Michiardi and Gallo, Massimo and Rossi, Dario, "Data Augmentation for Traffic Classification" Passive and Active Measurements (PAM) apr. 2024, arXiv Conference Runner-up Bibtex

  @inproceedings{PAM-24,
    title = {{Data Augmentation for Traffic Classification}},
    author = {Wang, Chao and Finamore, Alessandro and Pietro, Michiardi and Gallo, Massimo and Rossi, Dario},
    year = {2024},
    month = apr,
    booktitle = {Passive and Active Measurements (PAM)},
    note = {bestpaperrunnerup},
    arxiv = {https://arxiv.org/abs/2401.10754},
    howpublished = {https://arxiv.org/abs/2401.10754}
  }
  
• [CoNEXT-24a] Azorin, Raphael and Monterubbiano, Andrea and Castellano, Gabriele and Gallo, Massimo and Pontarelli, Salvatore and Rossi, Dario, "Taming the Elephants: Affordable Flow Length Prediction in the Data Plane" In Proc. of CoNEXT’24 (PACMNET)., mar. 2024, DOI 10.1145/3649473 Journal Abstract Bibtex

  @article{CoNEXT-24a,
    author = {Azorin, Raphael and Monterubbiano, Andrea and Castellano, Gabriele and Gallo, Massimo and Pontarelli, Salvatore and Rossi, Dario},
    title = {Taming the Elephants: Affordable Flow Length Prediction in the Data Plane},
    year = {2024},
    month = mar,
    howpublished = {https://dl.acm.org/doi/abs/10.1145/3649473},
    url = {https://doi.org/10.1145/3649473},
    doi = {10.1145/3649473},
    journal = {Proc. of CoNEXT'24 (PACMNET).},
    articleno = {5},
    numpages = {24},
    keywords = {data plane, in-network machine learning, per-flow monitoring}
  }
  

  Machine Learning (ML) shows promising potential for enhancing networking tasks by providing early traffic predictions. However, implementing an ML-enabled system is a challenging task due to network devices limited resources. While previous works have shown the feasibility of running simple ML models in the data plane, integrating them into a practical end-to-end system is not an easy task. It requires addressing issues related to resource management and model maintenance to ensure that the performance improvement justifies the system overhead. In this work, we propose DUMBO, a versatile end-to-end system to generate and exploit early flow size predictions at line rate. Our system seamlessly integrates and maintains a simple ML model that offers early coarse-grain flow size prediction in the data plane. We evaluate the proposed system on flow scheduling, per-flow packet inter-arrival time distribution, and flow size estimation using real traffic traces, and perform experiments using an FPGA prototype running on an AMD(R)-Xilinx(R) Alveo U280 SmartNIC. Our results show that DUMBO outperforms traditional state-of-the-art approaches by equipping network devices data planes with a lightweight ML model. Code is available at https://github.com/cpt-harlock/DUMBO.
• [TNSM-24a] Bovenzi, Giampaolo and Nascita, Alfredo and Yang, Lixuan and Finamore, Alessandro and Aceto, Giuseppe and Ciuonzo, Domenico and Pescape, Antonio and Rossi, Dario, "Benchmarking Class Incremental Learning in Deep Learning Traffic Classification" In IEEE Transactions on Network and Service Management, Vol. 21, No. 1, pp.51-69, feb. 2024, DOI 10.1109/TNSM.2023.3287430 Journal Abstract Bibtex

  @article{TNSM-24a,
    author = {Bovenzi, Giampaolo and Nascita, Alfredo and Yang, Lixuan and Finamore, Alessandro and Aceto, Giuseppe and Ciuonzo, Domenico and Pescape, Antonio and Rossi, Dario},
    journal = {IEEE Transactions on Network and Service Management},
    title = {Benchmarking Class Incremental Learning in Deep Learning Traffic Classification},
    year = {2024},
    volume = {21},
    month = feb,
    number = {1},
    pages = {51-69},
    doi = {10.1109/TNSM.2023.3287430},
    howpublished = {https://ieeexplore.ieee.org/abstract/document/10155294}
  }
  

  Traffic Classification (TC) is experiencing a renewed interest, fostered by the growing popularity of Deep Learning (DL) approaches. In exchange for their proved effectiveness, DL models are characterized by a computationally-intensive training procedure that badly matches the fast-paced release of new (mobile) applications, resulting in significantly limited efficiency of model updates. To address this shortcoming, in this work we systematically explore Class Incremental Learning (CIL) techniques, aimed at adding new apps/services to pre-existing DL-based traffic classifiers without a full retraining, hence speeding up the model’s updates cycle. We investigate a large corpus of state-of-the-art CIL approaches for the DL-based TC task, and delve into their working principles to highlight relevant insight, aiming to understand if there is a case for CIL in TC. We evaluate and discuss their performance varying the number of incremental learning episodes, and the number of new apps added for each episode. Our evaluation is based on the publicly available MIRAGE19 dataset comprising traffic of 40 popular Android applications, fostering reproducibility. Despite our analysis reveals their infancy, CIL techniques are a promising research area on the roadmap towards automated DL-based traffic analysis systems
• [CoNEXT-23a] Monterubbiano, Andrea and Azorin, Raphael and Castellano, Gabriele and Gallo, Massimo and Pontarelli, Salvatore and Rossi, Dario, "SPADA: A Sparse Approximate Data Structure representation for data plane per-flow monitoring" ACM CoNEXT dec. 2023, Conference Bibtex

  @inproceedings{CoNEXT-23a,
    title = {{SPADA: A Sparse Approximate Data Structure representation for data plane per-flow monitoring}},
    author = {Monterubbiano, Andrea and Azorin, Raphael and Castellano, Gabriele and Gallo, Massimo and Pontarelli, Salvatore and Rossi, Dario},
    booktitle = {ACM CoNEXT},
    howpublished = {https://conferences.sigcomm.org/co-next/2023/#!/program},
    month = dec,
    year = {2023}
  }
  
• [CoNEXT-23b] Huet, Alexis and Krolikowski, Jonatan and Navarro, Jose Manuel and Chen, Fuxing and Rossi, Dario, "Change Point Detection in WLANs with Random AP Forests" ACM CoNEXT dec. 2023, DOI 10.1145/3624354.3630587 Conference Abstract Bibtex

  @inproceedings{CoNEXT-23b,
    title = {Change Point Detection in WLANs with Random AP Forests},
    author = {Huet, Alexis and Krolikowski, Jonatan and Navarro, Jose Manuel and Chen, Fuxing and Rossi, Dario},
    booktitle = {ACM CoNEXT},
    doi = {10.1145/3624354.3630587},
    howpublished = {https://doi.org/10.1145/3624354.3630587},
    month = dec,
    year = {2023}
  }
  

  Troubleshooting WiFi networks is knowingly difficult due to the variability of the wireless medium. Complementary to existing works that focus on detecting short-term fluctuations of radio signals (i.e., anomalies), we tackle the problem of reliably detecting long-term changes in statistical properties of WiFi networks. We propose a new method to reliably gain insights on such environmental changes, which we refer to as Random Access Point Forest (RAPF). RAPF identifies the changes from a forest of individual learners, each of them consisting of a random tree approximating the signal of a specific pair of APs. The biased selection of APs in a distributed manner along with the stochastic construction of each individual tree ensure its robustness to noise and biases. We conduct a measurement campaign on a real WLAN by collecting the path loss among pairs of APs in a network for which labels are available and perform an extensive comparison of our methodology against state-of-the-art change point methodologies, which conclusively shows RAPF to yield the most robust detection capabilities.
• [CoNEXT-23c] Wang, Chao and Finamore, Alessandro and Gallo, Massimo and Michiardi, Pietro and Rossi, Dario, "Toward Generative Data Augmentation for Traffic Classification" ACM CoNEXT, Student Workshop dec. 2023, Conference Bibtex

  @inproceedings{CoNEXT-23c,
    title = {Toward Generative Data Augmentation for Traffic Classification},
    author = {Wang, Chao and Finamore, Alessandro and Gallo, Massimo and Michiardi, Pietro and Rossi, Dario},
    booktitle = {ACM CoNEXT, Student Workshop},
    howpublished = {https://conferences.sigcomm.org/co-next/2023/#!/program-student},
    month = dec,
    year = {2023}
  }
  
• [CoNEXT-23d] Monterubbiano, Andrea and Azorin, Raphael and Castellano, Gabriele and Gallo, Massimo and Pontarelli, Salvatore and Rossi, Dario, "Memory-efficient Random Forests in FPGA SmartNICs" ACM CoNEXT, Poster session dec. 2023, Conference Abstract Bibtex

  @inproceedings{CoNEXT-23d,
    title = {Memory-efficient Random Forests in FPGA SmartNICs},
    author = {Monterubbiano, Andrea and Azorin, Raphael and Castellano, Gabriele and Gallo, Massimo and Pontarelli, Salvatore and Rossi, Dario},
    booktitle = {ACM CoNEXT, Poster session},
    howpublished = {https://conferences.sigcomm.org/co-next/2023/#!/program-poster},
    month = dec,
    year = {2023}
  }
  

  Random Forests (RF) have been a popular Machine Learning (ML) algorithm for more than two decades. This success can be attributed to its simplicity, effectiveness and explainability. However, implementing them in a high-speed programmable data plane is not trivial. To make predictions, i.e., inference, RFs must traverse each tree from the root to the leaf by comparing the features vector at each split node. This process is particularly challenging in network devices where memory is limited, and packet processing cannot be delayed, i.e., predictions occur at line rate. Nevertheless, this implementation is crucial for incorporating recent ML advances in the network, which could benefit use cases such as scheduling, measurements, and routing [1]. Prior studies such as Planter [4] have examined the implementation of RF in network switches, mapping trees to Match-Action Tables (MAT). Another line of work focused on RF implementations optimized for FPGA, mapping tree layers to pipeline stages as done in [2]. Such approaches use different tree representations that naturally come with their strengths and weaknesses depending on the trees’ sparsity, depth, and input features. In this work we (1) propose a novel representation for FPGA-based Random Forests, (2) compare it against state-of-the-art implementations in terms of memory and computation requirements, and (3) evaluate our design on a flow classification task using CAIDA traffic traces.
• [ICDM-23] Kong, Lanfang and Huet, Alexis and Rossi, Dario and Sozio, Mauro, "Tree-based Kendall tau Maximization for Explainable Unsupervised Anomaly Detection" IEEE International Conference on Data Mining (ICDM) dec. 2023, Conference Abstract Bibtex

  @inproceedings{ICDM-23,
    author = {Kong, Lanfang and Huet, Alexis and Rossi, Dario and Sozio, Mauro},
    title = {Tree-based Kendall tau Maximization for Explainable Unsupervised Anomaly Detection},
    booktitle = {IEEE International Conference on Data Mining (ICDM)},
    year = {2023},
    month = dec,
    howpublished = {https://ieeexplore.ieee.org/abstract/document/10415648}
  }
  

  We study the problem of building a regression tree with relatively small size, which maximizes the Kendall’s tau coefficient between the anomaly scores of a source anomaly detection algorithm and those predicted by our regression tree. We consider a labeling function which assigns to each leaf the inverse of its size, thereby providing satisfactory explanations when comparing examples with different anomaly scores. We show that our approach can be used as a post-hoc model, i.e. to provide global explanations for an existing anomaly detection algorithm. Moreover, it can be used as an in-model approach, i.e. the source anomaly detection algorithm can be replaced all together. This is made possible by leveraging the off-the-shelf transparency of tree-based approaches and from the fact that the explanations provided by our approach do not rely on the source anomaly detection algorithm. The main technical challenge to tackle is the efficient computation of the Kendall’s tau coefficients when determining the best split at each node of the regression tree. We show how such a coefficient can be computed incrementally, thereby making the running time of our algorithm almost linear (up to a logarithmic factor) in the size of the input. Our approach is completely unsupervised, which is appealing in the case when it is difficult to collect a large number of labeled examples. We complement our study with an extensive experimental evaluation against the state-of-the-art, showing the effectiveness of our approach.
• [TNSM-23] Soro, Francesca and Favale, Thomas and Giordano, Danilo and Drago, Idilio and Rescio, Tommaso and Mellia, Marco and Houidi, Zied Ben and Rossi, Dario, "Enlightening the Darknets: Augmenting Darknet Visibility with Active Probes" In IEEE Transactions on Network and Service Management, Vol. 20, No. 4, pp.5012-5025, dec. 2023, DOI 10.1109/TNSM.2023.3267671 Journal Abstract Bibtex

  @article{DR:TNSM-23,
    author = {Soro, Francesca and Favale, Thomas and Giordano, Danilo and Drago, Idilio and Rescio, Tommaso and Mellia, Marco and Houidi, Zied Ben and Rossi, Dario},
    journal = {IEEE Transactions on Network and Service Management},
    title = {Enlightening the Darknets: Augmenting Darknet Visibility with Active Probes},
    month = dec,
    year = {2023},
    volume = {20},
    number = {4},
    pages = {5012-5025},
    doi = {10.1109/TNSM.2023.3267671},
    howpublished = {https://ieeexplore.ieee.org/document/10102919}
  }
  

  Darknets collect unsolicited traffic reaching unused address spaces. They provide insights into malicious activities, such as the rise of botnets and DDoS attacks. However, darknets provide a shallow view, as traffic is never responded. Here we quantify how their visibility increases by responding to traffic with interactive responders with increasing levels of interaction. We consider four deployments: Darknets, simple, vertical bound to specific ports, and, a honeypot that responds to all protocols on any port. We contrast these alternatives by analyzing the traffic attracted by each deployment and characterizing how traffic changes throughout the responder lifecycle on the darknet. We show that the deployment of responders increases the value of darknet data by revealing patterns that would otherwise be unobservable. We measure Side-Scan phenomena where once a host starts responding, it attracts traffic to other ports and neighboring addresses. uncovers attacks that darknets and would not observe, e.g. large-scale activity on non-standard ports. And we observe how quickly senders can identify and attack new responders. The “enlightened” part of a darknet brings several benefits and offers opportunities to increase the visibility of sender patterns. This information gain is worth taking advantage of, and we, therefore, recommend that organizations consider this option.
• [IMC-23] Finamore, Alessandro and Wang, Chao and Krolikowski, Jonatan and Navarro, Jose M. and Chen, Fuxing and Rossi, Dario, "Replicating: Contrastive Learning and Data Augmentation in Traffic Classification Using a Flowpic Input Representation" ACM Internet Measurement Conference (IMC) oct. 2023, arXiv Conference Abstract Bibtex

  @inproceedings{IMC-23,
    title = {Replicating: Contrastive Learning and Data Augmentation in Traffic Classification Using a Flowpic Input Representation},
    author = {Finamore, Alessandro and Wang, Chao and Krolikowski, Jonatan and Navarro, Jose M. and Chen, Fuxing and Rossi, Dario},
    year = {2023},
    month = oct,
    booktitle = {ACM Internet Measurement Conference (IMC)},
    arxiv = {https://arxiv.org/abs/2309.09733},
    howpublished = {}
  }
  

  Over the last years we witnessed a renewed interest towards Traffic Classification (TC) captivated by the rise of Deep Learning (DL). Yet, the vast majority of TC literature lacks code artifacts, performance assessments across datasets and reference comparisons against Machine Learning (ML) methods. Among those works, a recent study from IMC’22 [17] is worth of attention since it adopts recent DL methodologies (namely, few-shot learning, self-supervision via contrastive learning and data augmentation) appealing for networking as they enable to learn from a few samples and transfer across datasets. The main result of [17] on the UCDAVIS19, ISCX-VPN and ISCX-Tor datasets is that, with such DL methodologies, 100 input samples are enough to achieve very high accuracy using an input representation called "flowpic" (i.e., a per-flow 2d histograms of the packets size evolution over time). In this paper (i) we reproduce [17] on the same datasets and (ii) we replicate its most salient aspect (the importance of data augmentation) on three additional public datasets, MIRAGE-19, MIRAGE-22 and UTMOBILENET21. While we confirm most of the original results, we also found a 20% accuracy drop on some of the investigated scenarios due to a data shift in the original dataset that we uncovered. Additionally, our study validates that the data augmentation strategies studied in [17] perform well on other datasets too. In the spirit of reproducibility and replicability we make all artifacts (code and data) available at [10].
• [AutoML-23] Navarro, Jose Manuel and Huet, Alexis and Rossi, Dario, "Meta-Learning for Fast Model Recommendation in Unsupervised Multivariate Time Series Anomaly Detection" AutoML Conference sep. 2023, Conference Abstract Bibtex

  @inproceedings{DR:AutoML-23,
    title = {Meta-Learning for Fast Model Recommendation in Unsupervised Multivariate Time Series Anomaly Detection},
    author = {Navarro, Jose Manuel and Huet, Alexis and Rossi, Dario},
    year = {2023},
    month = sep,
    booktitle = {AutoML Conference},
    howpublished = {https://openreview.net/pdf?id=7cUV9K3ns9Q},
    dataseturl = {https://figshare.com/articles/software/Meta-Learning_for_Fast_Model_Recommendation_in_Unsupervised_Multivariate_Time_Series_Anomaly_Detection/22320367}
  }
  

  Unsupervised model recommendation for anomaly detection is a recent discipline for which there is no existing work that focuses on multivariate time series data. This paper studies that problem under real-world restrictions, most notably: (i) a limited time to issue a recommendation, which renders existing methods based around the testing of a large pool of models unusable; (ii) the need for generalization to previously unseen data sources, which is seldom factored in the experimental evaluation. We turn to meta-learning and propose Hydra, the first meta-recommender for anomaly detection in literature that we especially analyze in the context of multivariate times series. We conduct our experiments using 94 public datasets from 4 different data sources. Our ablation study testifies that our meta-recommender achieves a higher performance than the current state of the art, including in difficult scenarios in which data similarity is minimal: our proposal is able to recommend a model in the top 10% (13%) of the algorithmic pool for known (unseen) sources of data.
• [TOIT-23] Gioacchini, Luca and Vassio, Luca and Mellia, Marco and Drago, Idilio and Houidi, Zied Ben and Rossi, Dario, "i-DarkVec: Incremental Embeddings for Darknet Traffic Analysis" In ACM Trans. Internet Technol., Vol. 23, No. 3, aug. 2023, DOI 10.1145/3595378 Journal Abstract Bibtex

  @article{DR:TOIT-23,
    author = {Gioacchini, Luca and Vassio, Luca and Mellia, Marco and Drago, Idilio and Houidi, Zied Ben and Rossi, Dario},
    title = {i-DarkVec: Incremental Embeddings for Darknet Traffic Analysis},
    year = {2023},
    volume = {23},
    number = {3},
    issn = {1533-5399},
    url = {https://doi.org/10.1145/3595378},
    howpublished = {https://dl.acm.org/doi/10.1145/3595378},
    doi = {10.1145/3595378},
    journal = {ACM Trans. Internet Technol.},
    month = aug,
    articleno = {45},
    numpages = {28},
    keywords = {darknet, Network Measurements, Word2Vec}
  }
  

  Darknets are probes listening to traffic reaching IP addresses that host no services. Traffic reaching a darknet results from the actions of internet scanners, botnets, and possibly misconfigured hosts. Such peculiar nature of the darknet traffic makes darknets a valuable instrument to discover malicious online activities, e.g., identifying coordinated actions performed by bots or scanners. However, the massive amount of packets and sources that darknets observe makes it hard to extract meaningful insights, calling for scalable tools to automatically identify and group sources that share similar behaviour.We here present i-DarkVec, a methodology to learn meaningful representations of Darknet traffic. i-DarkVec leverages Natural Language Processing techniques (e.g., Word2Vec) to capture the co-occurrence patterns that emerge when scanners or bots launch coordinated actions. As in NLP problems, the embeddings learned with i-DarkVec enable several new machine learning tasks on the darknet traffic, such as identifying clusters of senders engaged in similar activities.We extensively test i-DarkVec and explore its design space in a case study using real darknets. We show that with a proper definition of services, the learned embeddings can be used to (i) solve the classification problem to associate unknown sources’ IP addresses to the correct classes of coordinated actors and (ii) automatically identify clusters of previously unknown sources performing similar attacks and scans, easing the security analyst’s job. i-DarkVec leverages a novel incremental embedding learning approach that is scalable and robust to traffic changes, making it applicable to dynamic and large-scale scenarios.
• [KDD-23] Fauvel, Kevin and Chen, Fuxing and Rossi, Dario, "A Lightweight, Efficient and Explainable-by-Design Convolutional Neural Network for Internet Traffic Classification" ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD’23) aug. 2023, arXiv Conference Abstract Bibtex

  @inproceedings{DR:KDD-23,
    title = {A Lightweight, Efficient and Explainable-by-Design Convolutional Neural Network for Internet Traffic Classification},
    author = {Fauvel, Kevin and Chen, Fuxing and Rossi, Dario},
    booktitle = {ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD'23)},
    year = {2023},
    month = aug,
    arxiv = {https://arxiv.org/abs/2202.05535},
    howpublished = {https://dl.acm.org/doi/10.1145/3580305.3599762}
  }
  

  Traffic classification, i.e. the identification of the type of applications flowing in a network, is a strategic task for numerous activities (e.g., intrusion detection, routing). This task faces some critical challenges that current deep learning approaches do not address. The design of current approaches do not take into consideration the fact that networking hardware (e.g., routers) often runs with limited computational resources. Further, they do not meet the need for faithful explainability highlighted by regulatory bodies. Finally, these traffic classifiers are evaluated on small datasets which fail to reflect the diversity of applications in real-world settings. Therefore, this paper introduces a new Lightweight, Efficient and eXplainable-by-design convolutional neural network (LEXNet) for Internet traffic classification, which relies on a new residual block (for lightweight and efficiency purposes) and prototype layer (for explainability). Based on a commercial-grade dataset, our evaluation shows that LEXNet succeeds to maintain the same accuracy as the best performing state-of-the-art neural network, while providing the additional features previously mentioned. Moreover, we illustrate the explainability feature of our approach, which stems from the communication of detected application prototypes to the end-user, and we highlight the faithfulness of LEXNet explanations through a comparison with post hoc methods
• [TMA-23] Guarino, Idio and Wang, Chao and Finamore, Alessandro and Pescape, Antonio and Rossi, Dario, "Many or Few Samples? Comparing Transfer, Contrastive and Meta-Learning in Encrypted Traffic Classification" Network Traffic Measurement and Analysis Conference (TMA) jun. 2023, DOI 10.23919/TMA58422.2023.10198965 arXiv Conference Abstract Bibtex

  @inproceedings{DR:TMA-23,
    title = {Many or Few Samples? Comparing Transfer, Contrastive and Meta-Learning in Encrypted Traffic Classification},
    author = {Guarino, Idio and Wang, Chao and Finamore, Alessandro and Pescape, Antonio and Rossi, Dario},
    year = {2023},
    month = jun,
    booktitle = {Network Traffic Measurement and Analysis Conference (TMA)},
    doi = {10.23919/TMA58422.2023.10198965},
    arxiv = {https://arxiv.org/abs/2305.12432},
    howpublished = {https://ieeexplore.ieee.org/document/10198965}
  }
  

  The popularity of Deep Learning (DL), coupled with network traffic visibility reduction due to the increased adoption of HTTPS, QUIC and DNS-SEC, re-ignited interest towards Traffic Classification (TC). However, to tame the dependency from task-specific large labeled datasets we need to find better ways to learn representations that are valid across tasks. In this work we investigate this problem comparing transfer learning, meta-learning and contrastive learning against reference Machine Learning (ML) tree-based and monolithic DL models (16 methods total). Using two publicly available datasets, namely MIRAGE19 (40 classes) and AppClassNet (500 classes), we show that (i) using large datasets we can obtain more general representations, (ii) contrastive learning is the best methodology and (iii) meta-learning the worst one, and (iv) while ML tree-based cannot handle large tasks but fits well small tasks, by means of reusing learned representations, DL methods are reaching tree-based models performance also for small tasks.
• [PATENT-PCT/CN2023/080516] FAUVEL, Kevin and ZHAO, Yong and CAO, Zigang and CHEN, Maolin and CHEN, Fuxing and ROSSI, Dario, "Traffic Classification with a Modifiable Ruleset" , mar. 2023, Patent

  @misc{DR:PATENT-PCT/CN2023/080516,
    author = {FAUVEL, Kevin and ZHAO, Yong and CAO, Zigang and CHEN, Maolin and CHEN, Fuxing and ROSSI, Dario},
    title = {Traffic Classification with a Modifiable Ruleset},
    month = mar,
    topic = {tc-xai},
    patent = {True},
    year = {2023},
    howpublished = {}
  }
  
• [arXiv:2302.10676] Krolikowski, Jonatan and Houidi, Zied Ben and Rossi, Dario, "User-aware WLAN Transmit Power Control in the Wild" feb. 2023, arXiv Abstract Bibtex

  @misc{arXiv:2302.10676,
    title = {User-aware WLAN Transmit Power Control in the Wild},
    author = {Krolikowski, Jonatan and Houidi, Zied Ben and Rossi, Dario},
    year = {2023},
    month = feb,
    arxiv = {https://arxiv.org/abs/2302.10676},
    howpublished = {https://arxiv.org/abs/2302.10676}
  }
  

  In Wireless Local Area Networks (WLANs), Access point (AP) transmit power influences (i) received signal quality for users and thus user throughput, (ii) user association and thus load across APs and (iii) AP coverage ranges and thus interference in the network. Despite decades of academic research, transmit power levels are still, in practice, statically assigned to satisfy uniform coverage objectives. Yet each network comes with its unique distribution of users in space, calling for a power control that adapts to users’ probabilities of presence, for example, placing the areas with higher interference probabilities where user density is the lowest. Although nice on paper, putting this simple idea in practice comes with a number of challenges, with gains that are difficult to estimate, if any at all. This paper is the first to address these challenges and evaluate in a production network serving thousands of daily users the benefits of a user-aware transmit power control system. Along the way, we contribute a novel approach to reason about user densities of presence from historical IEEE 802.11k data, as well as a new machine learning approach to impute missing signal-strength measurements. Results of a thorough experimental campaign show feasibility and quantify the gains: compared to state-of-the-art solutions, the new system can increase the median signal strength by 15dBm, while decreasing airtime interference at the same time. This comes at an affordable cost of a 5dBm decrease in uplink signal due to lack of terminal cooperation.
• [AAAI-23-PDL] Azorin, Raphael and Gallo, Massimo and Finamore, Alessandro and Rossi, Dario and Michiardi, Pietro, ""It’s a Match!" – A Benchmark of Task Affinity Scores for Joint Learning" AAAI’23, International Workshop on Practical Deep Learning in the Wild feb. 2023, arXiv Conference Abstract Bibtex

  @inproceedings{DR:AAAI-23-PDL,
    author = {Azorin, Raphael and Gallo, Massimo and Finamore, Alessandro and Rossi, Dario and Michiardi, Pietro},
    title = {"It's a Match!" -- A Benchmark of Task Affinity Scores for Joint Learning},
    booktitle = {AAAI'23, International Workshop on Practical Deep Learning in the Wild},
    arxiv = {https://arxiv.org/abs/2301.02873},
    month = feb,
    year = {2023},
    howpublished = {https://arxiv.org/abs/2301.02873}
  }
  

  While the promises of Multi-Task Learning (MTL) are attractive, characterizing the conditions of its success is still an open problem in Deep Learning. Some tasks may benefit from being learned together while others may be detrimental to one another. From a task perspective, grouping cooperative tasks while separating competing tasks is paramount to reap the benefits of MTL, i.e., reducing training and inference costs. Therefore, estimating task affinity for joint learning is a key endeavor. Recent work suggests that the training conditions themselves have a significant impact on the outcomes of MTL. Yet, the literature is lacking of a benchmark to assess the effectiveness of tasks affinity estimation techniques and their relation with actual MTL performance. In this paper, we take a first step in recovering this gap by (i) defining a set of affinity scores by both revisiting contributions from previous literature as well presenting new ones and (ii) benchmarking them on the Taskonomy dataset. Our empirical campaign reveals how, even in a small-scale scenario, task affinity scoring does not correlate well with actual MTL performance. Yet, some metrics can be more indicative than others