Recommendation ITU-T Y.3180 (02/2022) Mechanism of traffic awareness for application-descriptor-agnostic traffic based on machine learning
Summary
History
FOREWORD
Table of Contents
1 Scope
2 References
3 Definitions
     3.1 Terms defined elsewhere
     3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Overview of traffic awareness for application-descriptor-agnostic traffic
7 General mechanism of traffic awareness for application-descriptor-agnostic traffic
     7.1 Basic architecture of traffic awareness for application-descriptor-agnostic traffic
          7.1.1 Overview of traffic awareness combined with machine learning technologies
          7.1.2 Architecture of traffic awareness with independent machine learning system
          7.1.3 Architecture of traffic awareness with embedded machine learning functions
          7.1.4 Architecture of traffic awareness with hybrid machine learning system
     7.2 Architecture for independent machine learning system
          7.2.1 Overview of independent machine learning system
          7.2.2 Logical structure of independent machine learning system
          7.2.3 Interface specification for independent machine learning system
          7.2.4 Information structure for independent machine learning system
               7.2.4.1 Information structure of machine learning rule
               7.2.4.2 Information structure of training data
     7.3 Protocol layer mechanism of traffic awareness for application-descriptor-agnostic traffic
          7.3.1 Single flow-level protocol feature set traffic
          7.3.2 Multiple flow-level protocol feature set traffic
          7.3.3 Protocol and data separated traffic
     7.4 Application layer mechanism of traffic awareness for application-descriptor-agnostic traffic
          7.4.1 Time related features
          7.4.2 Space related features
          7.4.3 Protocol related application layer features
     7.5 Reliability and availability mechanism for independent machine learning system
8 Machine learning methods used for application-descriptor-agnostic traffic awareness
     8.1 Overview of machine learning methods used for traffic awareness
     8.2 Supervised learning methods
          8.2.1 Support vector machine method applied to traffic awareness for application-descriptor-agnostic traffic
          8.2.2 Learning method base on k-nearest neighbours
          8.2.3 Learning method base on Naive Bayes
          8.2.4 Learning method base on decision tree
          8.2.5 Deep learning method applied to traffic awareness for application-descriptor-agnostic traffic
     8.3 Unsupervised learning methods
          8.3.1 K-means clustering method
          8.3.2 Hierarchical clustering method
          8.3.3 Gaussian mixture model method
9 Implementation consideration of traffic awareness for application-descriptor-agnostic traffic based on machine learning
     9.1 Implementation for flow feature based methods
          9.1.1 Overview of the flow feature based methods
          9.1.2 Feature extraction function
          9.1.3 Feature synthesization function
          9.1.4 Feature representation-transformation
          9.1.5 Feature data identification function
     9.2 Implementation methods based on analysis for payload features
          9.2.1 Methods based on analysis for live payload
          9.2.2 Methods based on analysis for stochastic feature of the payload
     9.3 Implementation of methods based on analysis of traffic behaviour feature
          9.3.1 Methods based on analysis for behaviour features of applications
          9.3.2 Methods based on analysis for time-space distribution of packets
     9.4 Hybrid methods based on analysis for multiple features
10 Report and auxiliary control mechanism for the malicious application-descriptor-agnostic traffic
     10.1 Report mechanism for malicious application-descriptor-agnostic traffic
          10.1.1 Report based on independent machine learning system
          10.1.2 Report based on embedded machine learning system
          10.1.3 Report based on hybrid machine learning system
     10.2 Auxiliary control mechanism for malicious application-descriptor-agnostic traffic
11 Security considerations
Bibliography
<\pre>