Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
The CoralReef Software Suite as a Tool for System and Network Administrators
LISA '01 Proceedings of the 15th USENIX conference on System administration
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Data Mining
Toward the accurate identification of network applications
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Self-Learning IP traffic classification based on statistical flow characteristics
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
On the stability of the information carried by traffic flow features at the packet level
ACM SIGCOMM Computer Communication Review
Impact of asymmetric routing on statistical traffic classification
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Fine-grained traffic classification with netflow data
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Probabilistic graphical models for semi-supervised traffic classification
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Analysis of the impact of sampling on NetFlow traffic classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
A Modular Machine Learning System for Flow-Level Traffic Classification in Large Networks
ACM Transactions on Knowledge Discovery from Data (TKDD)
Exploiting packet-sampling measurements for traffic characterization and classification
International Journal of Network Management
Review: A survey of network flow applications
Journal of Network and Computer Applications
Traffic classification combining flow correlation and ensemble classifier
International Journal of Wireless and Mobile Computing
| Hi-index | 0.00 |
Traffic application classification is an essential step in the network management process to provide high availability of network services. However, network management has seen limited use of traffic classification because of the significant overheads of existing techniques. In this context we explore the feasibility and performance of lightweight traffic classification based on NetFlow records. In our experiments, the NetFlow records are created from packet-trace data and pre-tagged based upon packet content. This provides us with NetFlow records that are tagged with a high accuracy for ground-truth. Our experiments show that NetFlow records can be usefully employed for application classification. We demonstrate that our machine learning technique is able to provide an identification accuracy (≈ 91%) that, while a little lower than that based upon previous packet-based machine learning work ( 95%), is significantly higher than the commonly used port-based approach (50--70%). Trade-offs such as the complexity of feature selection and packet sampling are also studied. We conclude that a lightweight mechanism of classification can provide application information with a considerably high accuracy, and can be a useful practice towards more effective network management.