Empirically derived analytic models of wide-area TCP connections
IEEE/ACM Transactions on Networking (TON)
Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
An introduction to support Vector Machines: and other kernel-based learning methods
An introduction to support Vector Machines: and other kernel-based learning methods
A Tutorial on Support Vector Machines for Pattern Recognition
Data Mining and Knowledge Discovery
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
A tutorial on ν-support vector machines: Research Articles
Applied Stochastic Models in Business and Industry - Statistical Learning
The devil and packet trace anonymization
ACM SIGCOMM Computer Communication Review
Estimating the Support of a High-Dimensional Distribution
Neural Computation
Neural Computation
ACM SIGCOMM Computer Communication Review
Traffic classification through simple statistical fingerprinting
ACM SIGCOMM Computer Communication Review
A first look at modern enterprise traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Early application identification
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
A comparison of methods for multiclass support vector machines
IEEE Transactions on Neural Networks
Impact of asymmetric routing on statistical traffic classification
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
An experimental evaluation of the computational cost of a DPI traffic classifier
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Estimating routing symmetry on single links by passive flow measurements
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Optimizing Deep Packet Inspection for High-Speed Traffic Analysis
Journal of Network and Systems Management
Session-based classification of internet applications in 3G wireless networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Realtime classification for encrypted traffic
SEA'10 Proceedings of the 9th international conference on Experimental Algorithms
Statistical traffic classification by boosting support vector machines
Proceedings of the 7th Latin American Networking Conference
Unsupervised traffic classification using flow statistical properties and IP packet payload
Journal of Computer and System Sciences
Detection and classification of peer-to-peer traffic: A survey
ACM Computing Surveys (CSUR)
Robust network traffic identification with unknown applications
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Journal of Visual Communication and Image Representation
Hi-index | 0.00 |
Support Vector Machines (SVM) represent one of the most promising Machine Learning (ML) tools that can be applied to the problem of traffic classification in IP networks. In the case of SVMs, there are still open questions that need to be addressed before they can be generally applied to traffic classifiers. Having being designed essentially as techniques for binary classification, their generalization to multi-class problems is still under research. Furthermore, their performance is highly susceptible to the correct optimization of their working parameters. In this paper we describe an approach to traffic classification based on SVM. We apply one of the approaches to solving multi-class problems with SVMs to the task of statistical traffic classification, and describe a simple optimization algorithm that allows the classifier to perform correctly with as little training as a few hundred samples. The accuracy of the proposed classifier is then evaluated over three sets of traffic traces, coming from different topological points in the Internet. Although the results are relatively preliminary, they confirm that SVM-based classifiers can be very effective at discriminating traffic generated by different applications, even with reduced training set sizes.