Network Transmission Flags Data Affinity-based Classification by K-Nearest Neighbor

Keywords: Transmission control protocol flags, K-nearest neighbors, Investment, Financial risk, Deep learning


Abstract—This research is concerned with the data generated during a network transmission session to understand how to extract value from the data generated and be able to conduct tasks. Instead of comparing all of the transmission flags for a transmission session at the same time to conduct any analysis, this paper conceptualized the influence of each transmission flag on network-aware applications by comparing the flags one by one on their impact to the application during the transmission session, rather than comparing all of the transmission flags at the same time. The K-nearest neighbor (KNN) type classification was used because
it is a simple distance-based learning algorithm that remembers earlier training samples and is suitable for taking various flags with
their effect on application protocols by comparing each new sample with the K-nearest points to make a decision. We used transmission session datasets received from Kaggle for IP flow with 87 features and 3.577.296 instances. We picked 13 features from the datasets and ran them through KNN. RapidMiner was used for the study, and the results of the experiments revealed that the KNN-based model was not only significantly more accurate in categorizing data, but it was also significantly more efficient due to the decreased processing costs.


Download data is not yet available.

Author Biography

Nahla Aljojo, Department of Information System and Technology, College of Computer Science and Engineering, University of Jeddah, Jeddah, Saudi Arabia

Nahla ALJOJO obtained her PhD in Computing at Portsmouth University. She is currently working as Associate Professor at College of Computer Science and Engineering, Information system and information Technology Department, University of Jeddah, Jeddah, Saudi Arabia. Her research interests include: adaptivity in web-based educational systems, eBusiness, leadership’s studies, information security and data integrity, eLearning, education, machine learning, Deep Learning, Networking health informatics, environment and ecology, and logistics and supply chain management. Her contributions have been published in prestigious peer-reviewed journals.


Abubakar, A.I., Chiroma, H., Muaz, S.A. and Ila, L.B., 2015. A review of the advances in cyber security benchmark datasets for evaluating data-driven based intrusion detection systems. Procedia Computer Science, 62, pp.221-227.

Alweshah, M., Al Khalaileh, S., Gupta, B.B., Almomani, A., Hammouri, A.I. and Al-Betar, M.A., 2020. The monarch butterfly optimization algorithm for solving feature selection problems. Neural Computing and Applications, 32(13), pp.1-15.

Amanowicz, M. and Jankowski, D., 2021. Detection and classification of malicious flows in software-defined networks using data mining techniques. Sensors, 21(9), pp.2972.

Atan, F.M., Zulkifl, N., Idrus, S.M., Ismail, N.A. and Zin, A.M., 2021. Understanding degradation attack and TCP performance in next generation passive optical network. Journal of Physics: Conference Series, 1933, p.012107. Available from: [Last accessed 2021 Jun 20].

Chow, J., Li, X. and Mountrouidou, X., 2017. Raising flags: Detecting covert storage channels using relative entropy. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp.25-30.

D’souza, J., Kaur, M.J., Mohamad, H.A. and Maheshwari, P., 2020. Transmission Control Protocol (TCP) Delay Analysis in Real Time Network. In: 2020 Advances in Science and Engineering Technology International Conferences (ASET), pp.1-6.

Demertzis, K., Tsiknas, K., Takezis, D., Skianis, C. and Iliadis, L., 2021. Darknet traffic big-data analysis and network management for real-time automating of the malicious intent detection process by a weight agnostic neural networks framework. Electronics, 10(7), p.781.

Dini, P. and Saponara, S., 2021. Analysis, design, and comparison of machine-learning techniques for networking intrusion detection. Designs, 5(1), p.9.

Gital, A.Y.U., Ismail, A.S., Chiroma, H. and Abubakar, A., 2016. TCP Skudai: AHigh Performance TCP Variant for Collaborative Virtual Environment Systems. In: 2016 6th International Conference on Information and Communication Technology for The Muslim World (ICT4M), pp.118-121.

Gordon, H., Batula, C., Tushir, B., Dezfouli, B. and Liu, Y., 2021. Securing smart homes via software-defined networking and low-cost traffic classification. arXiv, 2021, p.00296.

Hartpence, B. and Kwasinski, A., 2020. Combating TCP Port Scan Attacks Using Sequential Neural Networks. In: 2020 International Conference on Computing, Networking and Communications (ICNC), pp.256-260.

Hartpence, B. and Kwasinski, A., 2020. Combating TCP Port Scan Attacks Using Sequential Neural Networks. In: 2020 International Conference on Computing, Networking and Communications (ICNC), pp.256-260.

Jannach, D. and Ludewig, M., 2017. When Recurrent Neural Networks Meet the Neighborhood for Session-based Recommendation. In: Proceedings of the Eleventh ACM Conference on Recommender Systems, pp.306-310.

Kadhim, J.M. and Abed, A.E., 2017. Steganography Using TCP/IP’s Sequence Number. Al-Nahrain Journal of Science, 20(4), pp.102-108.

Khraisat, A., Gondal, I., Vamplew, P. and Kamruzzaman, J., 2019, Survey of intrusion detection systems: Techniques, datasets, and challenges. Cybersecurity, 2, p.20.

Kumar, P., Tripathi, M., Nehra, A., Conti, M. and Lal, C., 2018. SAFETY: Early detection and mitigation of TCP SYN flood utilizing entropy in SDN. IEEE Transactions on Network and Service Management, 15(4), pp.1545-1559.

Kushwah, D., Singh, R.R. and Tomar, D.S., 2019. An Approach to Meta-Alert Generation for Anomalous TCP Traffic. In: International Conference on Security and Privacy. Springer, Singapore, pp.193-216.

Liao, T., Lei, Z., Zhu, T., Zeng, S., Li, Y. and Yuan, C., 2021. Deep Metric Learning for K Nearest Neighbor Classication. IEEE Transactions on Knowledge and Data Engineering.

Muelas, D., de Vergara, J.E.L., Ramos, J., García-Dorado, J.L. and Aracil, J., 2017, On the impact of TCP segmentation: Experience in VoIP monitoring. In: 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp.708-713.

Nikam, S.S., 2015. A comparative study of classification techniques in data mining algorithms. Oriental Journal of Computer Science and Technology, 8(1), pp.13-19.

Ponmaniraj, S., Rashmi, R. and Anand, M.V. 2018, IDS Based Network Security Architecture with TCP/IP Parameters Using Machine Learning, 2018 International Conference on Computing, Power and Communication Technologies (GUCON), 2018, pp.111-114.

Poorzare, R. and Calveras, A., 2021. FB-TCP: A 5G mm wave friendly TCP for urban deployments. IEEE Access, 9, pp.82812-82832.

Sahi, A., Lai, D., Li, Y. and Diykh, M., 2017. An efficient DDoS TCP flood attack detection and prevention system in a cloud environment. IEEE Access, 5, pp.6036-6048.

Tomar, D.S., 2019. An Approach to Meta-Alert Generation for Anomalous TCP Traffic. Vol. 939. In: Security and Privacy: Second ISEA International Conference, ISEA-ISAP 2018, Jaipur, India, January, 9-11, 2019. Springer, Berlin, p.193.

Wenke, L. and Stolfo, S.J., 1998. Data mining approaches for intrusion detection.In: Proceedings of the 7th USENIX Security Symposium, 7, pp.6-6.

Zanero S. and Savaresi, S.M., 2004. Unsupervised learning techniques for an intrusion detection system. In: Proceedings of the 2004 ACM symposium on Applied computing SAC 04, pp.412-419.

Zhang, S., 2020. Cost-sensitive KNN classification. Neurocomputing, 391, pp.234-242.

Zhang, S., Li, X., Zong, M., Zhu, X., and Cheng, D., 2017. Learning k for knn classification. ACM Transactions on Intelligent Systems and Technology, 8(3), pp.1-19.

How to Cite
Aljojo, N. (2022) “Network Transmission Flags Data Affinity-based Classification by K-Nearest Neighbor”, ARO-THE SCIENTIFIC JOURNAL OF KOYA UNIVERSITY, 10(1), pp. 35-43. doi: 10.14500/aro.10880.