VIETNAM NATIONAL UNIVERSITY - HO CHI MINH CITY
HO CHI MINH UNIVERSITY OF TECHNOLOGY
COMPUTER SCIENCE AND ENGINEERING FACULTY
GRADUATION THESIS
Machine Learning Approaches to Cyber Security
Department: Computer science
Committee:
Advisor:
Reviewer:
Students:
Computer Science 3
Prof. Nguyen Duc Thai
Prof. Nguyen Le Duy Lai
---o0o--Huynh Kien Van 1552423
Nguyen Duc Kien 1552181
HO CHI MINH CITY, 12/2021
ĐẠI HỌC QUỐC GIA TP.HCM
---------TRƯỜNG ĐẠI HỌC BÁCH KHOA
KHOA: KH&KT Máy tính
BỘ MÔN: Hệ thống & Mạng máy tính
CỘNG HÒA XÃ HỘI CHỦ NGHĨA VIỆT NAM
Độc lập - Tự do - Hạnh phúc
NHIỆM VỤ LUẬN ÁN TỐT NGHIỆP
Chú ý: Sinh viên phải dán tờ này vào trang nhất của bản thuyết trình
HỌ VÀ TÊN: Huỳnh Kiến Văn
Nguyễn Đức Kiên
NGÀNH: Khoa học Máy tính
MSSV: 1552423
MSSV: 1552181
LỚP:
1. Đầu đề luận án: Machine Learning Approaches for Cyber Security.
2. Nhiệm vụ (yêu cầu về nội dung và số liệu ban đầu):
- Do reaearch on Machine Learning and its applications.
- Do research on topics related to application of Machine Learning into cyber security.
- Propose a way how to create an IDS (Intrusion Detection System) using Machine Learning.
- Design the desired system as mentioned above.
- Implement the system with using any programming language(s) and technologies, prove that
they are suitable for the solution.
- Demonstration the system to make sure it run properly and correctly.
3. Ngày giao nhiệm vụ luận án: 30/08/2021
4. Ngày hoàn thành nhiệm vụ: 31/12/2021
5. Họ tên giảng viên hướng dẫn: TS. Nguyễn Đức Thái
Nội dung và yêu cầu LVTN đã được thông qua Bộ môn.
Ngày 23 tháng 08 năm 2021
CHỦ NHIỆM BỘ MÔN
GIẢNG VIÊN HƯỚNG DẪN CHÍNH
(Ký và ghi rõ họ tên)
(Ký và ghi rõ họ tên)
TS. Nguyễn Đức Thái
TS. Nguyễn Đức Thái
PHẦN DÀNH CHO KHOA, BỘ MÔN:
Người duyệt (chấm sơ bộ): ________________________
Đơn vị: _______________________________________
Ngày bảo vệ: ___________________________________
Điểm tổng kết: _________________________________
Nơi lưu trữ luận án:______________________________
TRƯỜNG ĐẠI HỌC BÁCH KHOA
KHOA KH & KT MÁY TÍNH
CỘNG HÒA XÃ HỘI CHỦ NGHĨA VIỆT NAM
Độc lập - Tự do - Hạnh phúc
---------------------------Ngày 28 tháng 12 năm 2021
PHIẾU CHẤM BẢO VỆ LVTN
(Dành cho người hướng dẫn)
1. Họ và tên SV: Huỳnh Kiến Văn
Nguyễn Đức Kiên
MSSV: 1552423
MSSV: 1552181
Ngành (chuyên ngành): Computer Science
2. Đề tài: Machine Learning Approaches for Cyber Security.
3. Họ tên người hướng dẫn: Nguyễn Đức Thái
4. Tổng quát về bản thuyết minh:
Số trang:
Số chương:
Số bảng số liệu
Số hình vẽ:
Số tài liệu tham khảo:
Phần mềm tính toán:
Hiện vật (sản phẩm)
5. Tổng quát về các bản vẽ:
- Số bản vẽ:
Bản A1:
Bản A2:
Khổ khác:
- Số bản vẽ vẽ tay
Số bản vẽ trên máy tính:
6. Những ưu điểm chính của LVTN:
• Students completed a desired features of the thesis and demonstrated them.
• The students applied machine learning algorithms to analyze the network traffics and
cybersecurity data.
7. Những thiếu sót chính của LVTN:
• Many parts in the report are short and lack justifications.
• Students provided evaluation of the received results, however, the evaluation was too short and
no discussion presented.
8. Đề nghị: Được bảo vệ R
Bổ sung thêm để bảo vệ o
9. 3 câu hỏi SV phải trả lời trước Hội đồng:
10. Đánh giá chung (bằng chữ: giỏi, khá, TB):
Huỳnh Kiến Văn
Nguyễn Đức Kiên
Không được bảo vệ o
Điểm :
8.2/10
7/10
Ký tên (ghi rõ họ tên)
Nguyễn Đức Thái
75ѬӠ1*ĈҤ,+Ӑ&%È&+.+2$
KHOA KH & KT MÁY TÍNH
&Ӝ1*+Ñ$;+Ӝ,&+Ӫ1*+Ƭ$9,ӊ71$0
ĈӝFOұS- 7ӵGR- +ҥQKSK~F
---------------------------Ngày 27 tháng 12 QăP 2021.
3+,ӂ8&+Ҩ0%Ҧ29ӊ/971
'jQKFKRQJ˱ͥLK˱ͣQJG̳QSK̫QEL͏Q
+ӑYj tên SV:
Huynh Kien Van -1552423 Nguyen Duc Kien -1552181
Ngành (chuyên ngành): Computer Science
ĈӅWjL MACHINELEARNINGAPPROACHESTOCYBER SECURITY
+ӑWrQQJѭӡLKѭӟQJGүQSKҧQELӋQ NguyӉQ/ê Duy Lai
7әQJTXiWYӅEҧQWKX\ӃWPLQK
6ӕWUDQJ 40
6ӕFKѭѫng: 8
6ӕEҧQJVӕOLӋX:
6ӕKuQKYӁ 10
6ӕWjLOLӋXWKDPNKҧR 14
3KҫQPӅPWtQKWRiQ
+LӋQYұWVҧQSKҭP
7әQJTXiWYӅFiFEҧQYӁ
- 6ӕEҧQYӁ
%ҧQ$
%ҧQ$
.KәNKiF
- 6ӕEҧQYӁYӁWD\
6ӕEҧQYӁWUrQPi\WtQK
6. NhӳQJѭXÿLӇPFKtQKFӫD/971
In this dissertation, the topic is about how to apply machine learning approaches to analyze the
amount of live network traffic. The implementation of a Traffic validator expects to validate the
incoming traffic into benign and malicious classes. The network traffic has been filtered through a
rule-based IDS such as Snort, and the model is an add-on to IDSs that aims to eliminate rule-based
IDS false negatives. The detection task is usually expected to be timed in milliseconds, as IDSs
must respond quickly and without affecting user experiences.
7. NhӳQJWKLӃXVyWFKtQKFӫD/971
However, the presented topic is still limited including the inability to support a complex prediction
model. The title of this thesis seems to be very large and authors need to give a concise scope on
problems and the approach to solutions. The fundamental of networks in Section 2.1 retains very
elementarily that may not be necessary for this context. There are some limitations to this approach
such as encrypted packets are not processed by most intrusion detection devices.
ĈӅQJKӏĈѭӧFEҧRYӋ
%әVXQJWKrPÿӇEҧRYӋ
.K{QJÿѭӧFEҧRYӋ
FkXKӓL69SKҧLWUҧOӡLWUѭӟF+ӝLÿӗQJ
a. How do think that the attackers can use some techniques to evade IDS such as Fragmentation,
Avoiding defaults, Coordinated, low-bandwidth attacks, Address spoofing/proxying, Pattern change
evasion. Your IDS integrating ML module can be immune to these evasion techniques?
1ĈiQKJLiFKXQJEҵQJFKӳJLӓi, khá, TB):
ĈLӇP8 /10
Ký tên (ghi rõ KӑWrQ
NguyӉQ/ê Duy Lai
VIETNAME UNIVERSITY OF TECHNOLOGY
HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY
FACULTY OF COMPUTER SCIENCE & ENGINEERNG
BACHELOR OF ENGINEERING THESIS
MACHINE LEARNING APPROACHES TO CYBER
SECURITY
COMPUTER SCIENCE COMMITTEE
Advisor:
Prof. Nguyen Duc Thai
Examiner:
Prof. Nguyen Le Duy Lai
Students:
Huynh Kien Van - 1552423
Nguyen Duc Kien - 1552181
Ho Chi Minh, 2021
Commitment
We guarantee that the work in this dissertation was completed in accordance with the
University’s regulations and that it has not been submitted to any other academic institutions.
The works are our own, unless otherwise stated in the text by a particular reference.
1
Acknowledgement
First and foremost, we would like to express our special thanks of gratitude to our
supervisor, professor Nguyen Duc Thai for his never ending grace. His guidance and
value knowledge helped us in all the time of writing thesis. Also, professor Nguyen Duc
Thai supports us in expertise and spirit to work on the thesis.
We also extend our grateful to our families and friends who have always been beside us
in hard moments and encouraged us in this thesis and university life.
2
Abstract
In this thesis, we are proposing machine learning-based approach to detect lively network
traffic. To increase the accuracy as well as reducing False-Negative cases, we apply the
Deep Learning model. We are building RNN models: LSTMs and GRU to classify a
network traffic if malicious or normal.
Technically, we are building RNN model run parallel with IDS and combining the
results and consider which actions which actions following the decision table.
Dataset used in this thesis mainly came from MTA-KDD19’ which was created by
project have the same name. To enrich our data, we are also using dataset ISCX2012[1]
and USTC-TFC2016[2], then preprocessing following the stagegy of MTA-KDD’19 work.
For all result, the LSTM model is performced better than the GRU model. For accuracy, the
LSTM model even higher than the work of MTA-KDD’19 which used the traditional neural
network, 99.8% compare to 99.74. For Prediction, the LSTM reach 98.3% and the GRU
reach 99.5%. Our goal is eliminate the False-Negative, so the results of Recall score of
these two model is 99.75% (for GRU model) and 99.8% (for LSTM model), respectively.
3
Contents
List of Figures
6
List of Tables
7
List of Abbreviations
8
1
INTRODUCTION
1.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2 Objective and scope . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3 Thesis structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9
10
10
11
2
BACKGROUND KNOWLEDGE
2.1 Fundamental of network . . . . .
2.1.1 Networking concept . . .
2.1.2 Reference models . . . . .
2.2 Intrusion Detection System . . . .
2.3 Word Embedding . . . . . . . . .
2.4 Deep Neural Network . . . . . . .
2.4.1 Recurrent Neural Network
2.4.2 Long Short Term Memory
.
.
.
.
.
.
.
.
12
13
13
13
17
19
19
19
21
3
LITERATURE REVIEW
3.1 Deep learning-based approach in improvement signature of IDSs . . . .
3.2 Deep learning-based approaches for classifying network traffic . . . . .
23
24
24
4
PROPOSED APPROACHES
4.1 Problem statements . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2 Proposed approach . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.3 Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25
26
26
27
5
DATASET
28
6
IMPLEMENTATION
6.1 Data pre-processing . . . . . . . . . . . . . . . . . .
6.1.1 Explaining features of MTA-KDD’19 dataset
6.1.2 Data processing . . . . . . . . . . . . . . . .
6.2 Prediction module . . . . . . . . . . . . . . . . . . .
4
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
31
32
32
32
33
Chapter 0
7
8
EXPERIMENTS
7.1 Evaluation methods . . .
7.1.1 Data preperation
7.1.2 Confusing matrix
7.1.3 Accuracy . . . .
7.1.4 Precision . . . .
7.2 Model evaluation . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
CONCLUSION
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
35
36
36
36
36
37
37
38
Appendices
References
40
5
List of Figures
2.1
2.2
2.3
2.4
2.5
The OSI model. . . . . . . . . . . . . . .
The TCP model . . . . . . . . . . . . . .
Convolution Neural Network Architecture
General Neural Network . . . . . . . . .
LSTM . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
15
17
19
20
22
4.1
Traffic validator architecture . . . . . . . . . . . . . . . . . . . . . . .
27
5.1
5.2
Formula . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
29
30
6.1
6.2
Data processing task . . . . . . . . . . . . . . . . . . . . . . . . . . .
The full network model . . . . . . . . . . . . . . . . . . . . . . . . . .
32
34
6
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
List of Tables
4.1
Decision table for IDS and Prediction model . . . . . . . . . . . . . . .
27
5.1
Summary of benign and malware traffic in USTC-TFC2016 dataset. . .
28
7.1
7.2
7.3
Confusion matrix with normalize . . . . . . . . . . . . . . . . . . . . .
Model evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Comparing models . . . . . . . . . . . . . . . . . . . . . . . . . . . .
36
37
37
7
List of Abbreviations
IDS . . . . . . . Intrusion Detection System.
RNN . . . . . . Recurrent Neural Network.
LSTM . . . . .
Long-Short Term Memory.
OSI . . . . . . . The Open Systems Interconnection
TCP/IP . . . . . Transmission Control Protocol/Internet Protocol
UDP . . . . . .
User Datagram Protocol
HTTP . . . . .
Hyper-Text Transport Protocol
SMTP . . . . .
Simple Mail Transfer Protocol
FTP . . . . . .
File Transfer Protocol
NIDS . . . . . . Network Intrusion Detection System
HIDS . . . . . . Host Intrusion Detection System
WAF . . . . . . Web Application Firewall
GRU . . . . . . Gated Recurrent Unit.
8
1
INTRODUCTION
Contents
1.1
1.2
1.3
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objective and scope . . . . . . . . . . . . . . . . . . . . . . . . . .
Thesis structure . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10
10
11
Chapter 1
1.1
Overview
Many parts of the world have changed as a result of our increased reliance on technology.
The more technology advances, the more valuable data and information become.
Furthermore, as computer networks become more complex, the number of cyber
security risks increases, with a wide range of sophistication, making it more difficult for
professionals to detect and defend against dangers posed by billions of network traffics.
Cyber attacks can result in data breaches and significant financial losses. According to
The World Economic Forum1 (WEF), they estimate the economic cost of cybercrime to
be $3 trillion worldwide in 2015 and totaling $6 trillion USD globally in 2021 .
Threats detection and prevention mostly depends on Intrusion Detection System (IDS) or
Intrusion Prevention System (IPS) by analyzing network traffic for signatures that match
known cyber attacks. The line between Intrusion Detection and Intrusion Prevention
Systems (IDS and IPS respectively) has become increasingly blurred. Currently, Signaturebased IDSs are more common since they are reliable and used by many organizations.
That being said, traditional signature-based IDSs are disposed towards False-Negative
(FN) and impossible to identify novel attacks like zero-day exploit2 since it identifies
attacks based on known attack signatures. A term of false state is the most serious and
dangerous state. This is when the IDS identifies an activity as acceptable when the activity
is actually an attack3. In the other words, a False-Negative is when the IDS fails to catch
an attack.
For the last few years, the strong development of machine learning has had a huge
contribution in automatically behavior anomaly detection. In this thesis, we propose
a machine learning approach to this field. By applying machine learning approach,
we tend to build an intelligent system which classifies threats and threat actors that
helps detect potential attacks as well as improve the domain of computer security
and provide better protection.
1.2
Objective and scope
In this thesis, we want to apply machine learning approaches to analyse millions of the live
network traffic. Specialists may obtain a deeper understanding of each situation thanks
to artificial intelligence automation, which improves network security performance and
reliability.
With Traffic validator, we expect to validate the incoming traffic into benign and malicious
classes. The network traffic have been filtered through a rule-based IDS such as Snort,
and our model is an add-on to IDSs that aims to eliminate rule-based IDS false negative.
1Available at https://reports.weforum.org
2A zero-day attack (also referred to as Day Zero) is an attack that exploits a potentially serious software
security weakness that the vendor or developer may be unaware of
3Available at https://owasp.org/www-community/controls/Intrusion_Detection
10
Chapter 1
The detection task is expected to be timed in milliseconds, as IDSs must respond quickly
and without affecting user experiences.
1.3
Thesis structure
The remainder of this report including contents, researches and proposed approaches is
organised as follows:
Chapter 2 introduces the background knowledge of this thesis, including the fundamental
knowledge of networking and Intrusion Detection Sytstem; machine learning algorithms
of clustering, recurrent deep neural network types and their layers as well as frameworks
and libraries used in the system.
Chapter 3 review some related work to machine learning approaches to anomaly traffic
detection and dataset processing.
Chapter 4 shows the problems as well as the input and output of malicious network traffic
detector. Then we propose the design and architecture of the solutions for each problem.
Chapter 5 describes the datasets which we are going to use to train and evaluate
malicious network traffic module with the details of processing of raw datasets.
11
2
BACKGROUND KNOWLEDGE
Contents
2.1
2.2
2.3
2.4
Fundamental of network . . . .
2.1.1 Networking concept . . .
2.1.2 Reference models . . . . .
Intrusion Detection System . . .
Word Embedding . . . . . . . .
Deep Neural Network . . . . . .
2.4.1 Recurrent Neural Network
2.4.2 Long Short Term Memory
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
13
13
13
17
19
19
19
21
Chapter 2
2.1
Fundamental of network
To understand anomaly detection in networks, we must have a good understanding of
basic network concepts. Therefore, The first part of this chapter discusses networking
concept and types of networks.
2.1.1
Networking concept
A network is a complex interacting system, composed of many individual entities. Two or
more computer systems that can send or receive data from each other through a medium
that they share and access are said to be connected. The behavior of the individual entities
contributes to the ensemble behavior of the entire network. In a computer network,
there are generally three communicating entities: Users: Humans who perform various
activities on the network such as browsing Web pages and shopping, Hosts: Computers,
each one of which is identified with a unique address, say an IP address and Processes:
Instances of executable programs used in a client–server architecture. Client processes
request server(s) for a network service, whereas the server processes provide the requested
services to the clients. An example client is a Web browser that requests pages from
a Web server, which responds to the requests.
2.1.2
Reference models
To reduce network engineering, the whole networking concept is divided into multiple
layers. Each layer is involved in some particular task and is independent of all other layers.
But as a whole, almost all networking tasks depend on all of these layers. Layers share
data between them and they depend on each other only to take input and send output.
Layered architecture
In layered architecture of Network Model, one whole network process is divided into small
tasks. Each small task is then assigned to a particular layer which works dedicatedly to
process the task only. Every layer does only specific work. The rules and conventions used
are collectively referred to as the layer-n protocol. A protocol represents an agreement
as to how communications take place between two parties. A protocol is a set of rules
used to govern the meaning and format of packets, or messages exchanged between two or
more peer entities, as well as actions taken when a message is transmitted or received,
and in certain other situations. Protocols are extensively used by computer networks.
In layered communication system, one layer of a host deals with the task done by
or to be done by its peer layer at the same level on the remote host. The task is either
initiated by layer at the lowest level or at the top most level. If the task is initiated by
the-top most layer, it is passed on to the layer below it for further processing. The lower
layer does the same thing, it processes the task and passes on to lower layer. If the task is
initiated by lower most layer, then the reverse path is taken. There are two well-known
types: The open systems interconnection (OSI) reference model and the transmission
control protocol/Internet protocol (TCP/IP) reference model.
13
Chapter 2
The ISO1 OSI Reference Model
The Open Systems Interconnection model (OSI model2) is a conceptual model created by
the International Organization for Standardization which is characterizes and standardizes
a telecommunications or computing system’s communication operations regardless of
its underlying internal structure and technology. Its objective is to ensure that different
communication systems can communicate with each other using standard communication
protocols.
From the practical implementation of transferring bits through a communications
channel to the highest-level representation of data in a distributed application, the
model divides the flow of data in a communication system into seven abstraction levels.
Each intermediary layer provides a class of functionality to the layer above it while also
receiving service from the layer below. Standard communication protocols are used
to implement classes of functionality in software.
• Application layer: This layer provides users access to the OSI environment and to
distributed information services.
• Presentation layer: This layer provides independence to application processes from
differences in data representation (syntax).
• This layer provides independence to application processes from differences in data
representation (syntax).
• Session layer: It provides the control structure for communication between
applications. Establishment, management and termination of connections (sessions)
between cooperating applications are the major responsibilities of this layer.
• Transport layer: This layer supports reliable and transparent transfer of data between
two end points. It also supports end-to-end error recovery and flow control.
• Network layer: This layer provides upper layers independence from data transmission
and switching technologies used to connect systems. It is also responsible for
the establishment, maintenance and termination of connections. Data link layer:
The responsibility of reliably transferring information across the physical link is
assigned to this layer. It transfers blocks (frames) with necessary synchronization,
error control and flow control.
• Physical layer: This layer is responsible for transmitting a stream of unstructured
bits over the physical medium. It must deal with mechanical, electrical, functional
and procedural issues to access the physical medium.
1International Organization for Standardization
2Available at https://www.cloudflare.com/
14
Chapter 2
Figure 2.1: The OSI reference model
TCP/IP 3 Reference Model
The functions of the TCP/IP architecture are divided into five layers. The functions of
layers 1 and 2 are supported by bridges, and layers 1 through 3 are implemented by routers.
• The application layer: The application layer is responsible for supporting network
applications. As computer and networking technologies change, the types of
applications supported by this layer also change. Each application, such as file
transmission, has its own specific module. Many protocols are included in the
application layer for diverse reasons, such as hyper-text transport protocol (HTTP)
for Web searches, simple mail transfer protocol (SMTP) for electronic mail, and
file transfer protocol (FTP) for file transfer.
• The transport layer: Application layer communications are transported between the
client and the server via the transport layer. With two transport protocols: TCP and
UDP (user datagram protocol), application layer communications can be transported
using these protocols. To transmit application layer messages to the destination,
TCP offers a guaranteed connection-oriented service. TCP also has a congestion
management mechanism that allows a source to limit its transmission pace amid
network congestion by segmenting a large message into shorter parts. The UDP
3Available at https://docs.oracle.com/cd/E19683-01/806-4075/ipov-10/index.html
15
- Xem thêm -