Support Vector Machines for TCP traffic classification

Authors:
Alice Este;Francesco Gringoli;Luca Salgarelli
Affiliations:
DEA, Universití degli Studi di Brescia, via Branze, 38, 25123 Brescia, Italy;DEA, Universití degli Studi di Brescia, via Branze, 38, 25123 Brescia, Italy;DEA, Universití degli Studi di Brescia, via Branze, 38, 25123 Brescia, Italy
Venue:
Computer Networks: The International Journal of Computer and Telecommunications Networking
Year:
2009

Citing 15
Cited 11

Empirically derived analytic models of wide-area TCP connections

IEEE/ACM Transactions on Networking (TON)
Wide area traffic: the failure of Poisson modeling

IEEE/ACM Transactions on Networking (TON)
An introduction to support Vector Machines: and other kernel-based learning methods

An introduction to support Vector Machines: and other kernel-based learning methods
A Tutorial on Support Vector Machines for Pattern Recognition

Data Mining and Knowledge Discovery
Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
A tutorial on ν-support vector machines: Research Articles

Applied Stochastic Models in Business and Industry - Statistical Learning
The devil and packet trace anonymization

ACM SIGCOMM Computer Communication Review
Estimating the Support of a High-Dimensional Distribution

Neural Computation
New Support Vector Algorithms

Neural Computation
A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification

ACM SIGCOMM Computer Communication Review
Traffic classification through simple statistical fingerprinting

ACM SIGCOMM Computer Communication Review
A first look at modern enterprise traffic

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Early application identification

CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
A comparison of methods for multiclass support vector machines

IEEE Transactions on Neural Networks

Impact of asymmetric routing on statistical traffic classification

GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
An experimental evaluation of the computational cost of a DPI traffic classifier

GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Estimating routing symmetry on single links by passive flow measurements

Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Optimizing Deep Packet Inspection for High-Speed Traffic Analysis

Journal of Network and Systems Management
Session-based classification of internet applications in 3G wireless networks

Computer Networks: The International Journal of Computer and Telecommunications Networking
Realtime classification for encrypted traffic

SEA'10 Proceedings of the 9th international conference on Experimental Algorithms
Statistical traffic classification by boosting support vector machines

Proceedings of the 7th Latin American Networking Conference
Unsupervised traffic classification using flow statistical properties and IP packet payload

Journal of Computer and System Sciences
Detection and classification of peer-to-peer traffic: A survey

ACM Computing Surveys (CSUR)
Robust network traffic identification with unknown applications

Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
PLDD: Point-lines distance distribution for detection of arbitrary triangles, regular polygons and circles

Journal of Visual Communication and Image Representation

Quantified Score

Hi-index	0.00

Visualization

Abstract

Support Vector Machines (SVM) represent one of the most promising Machine Learning (ML) tools that can be applied to the problem of traffic classification in IP networks. In the case of SVMs, there are still open questions that need to be addressed before they can be generally applied to traffic classifiers. Having being designed essentially as techniques for binary classification, their generalization to multi-class problems is still under research. Furthermore, their performance is highly susceptible to the correct optimization of their working parameters. In this paper we describe an approach to traffic classification based on SVM. We apply one of the approaches to solving multi-class problems with SVMs to the task of statistical traffic classification, and describe a simple optimization algorithm that allows the classifier to perform correctly with as little training as a few hundred samples. The accuracy of the proposed classifier is then evaluated over three sets of traffic traces, coming from different topological points in the Internet. Although the results are relatively preliminary, they confirm that SVM-based classifiers can be very effective at discriminating traffic generated by different applications, even with reduced training set sizes.